Abstract: Top Ten Web Defenses - Jim Manico
We cannot hack or firewall our way secure. Application programmers need to learn to code in a secure fashion if we have any chance of providing organizations with proper defenses in the current threatscape. This talk will discuss the 10 most important security-centric computer programming techniques necessary to build low-risk web-based applications. This talk is best suited for technical web application development professionals at any stage of the software development lifecycle.
Abstract: iOS Application Security Assessment and Automation: Introducing SIRA - Justin Engler
Apple's AppStore continues to grow in popularity, and iOS devices continue to have a high perception of security from both users and experts. However, applications on the AppStore often have security or privacy flaws that are not apparent, even to sophisticated users. Security experts can find these flaws via manual tests, but the enormity of the AppStore ensures that only a small minority of apps could ever be manually tested.
This presentation will demonstrate a new tool and methodology to perform automated or semi-automated assessment of iOS applications and assist with manual testing. In addition, our findings about the prevalence of different types of security issues in iOS applications will be discussed, giving a window into the risks of trusting your data to products on the AppStore.