Главная
Study mode:
on
1
Intro
2
Who am I? How my experience is relevant to this talk?
3
Overview
4
Top OS and OS-Native Apps Vulnerat That has be around for over one to two decades
5
History of Few Common Bug Classes
6
The Big Question
7
The Two Most Prominent Reasons
8
2 Typical Response For A Bug Report of the applications and software you support
9
Disadvantage of Such Mitigation Str
10
2 The Way "The Industry" Respond To Any Publicly Reported Security Bug
11
Understanding Bug Class and Bug Na
12
Translating A Bug Class To It's Corresponding Root Cause and Bug Nature
13
The Way "The Industry" Must Respd To Any Publicly Reported Bugs
14
Decoding The Nature of a Bug MSO
15
Decoding The Nature of a Bug More Examples
16
Recommendations Based on learnings from the historical bug reports
17
Typical Exploit and Defense In Depth
18
Targeted Exploit Mitigation
19
Web-based Application Mitigation
20
Introducing Behavioral Based Check
21
Integrating Machine Learning
22
Recommendations Based on learnings from the OS and Browser mitigation
23
The Paradigm Shift in Software Security Engineering
24
The Paradigm Shift and The Rise In Misconception
25
Applying Common-Sense Security In Each Engineering Lifecycle
26
Migrating to DevOps / DevSecOps?
27
The Herd Mentality (Going with the flow without rational thinking)
28
Building Security into the SDL is always explicit, not implicit
29
Final Words
Description:
Explore software security engineering insights and strategies in this 39-minute OWASP Foundation talk. Learn from past events to address recurring security issues, achieve maximum resilience against known and unknown threats, and understand why DevSecOps may not be the ultimate solution. Discover crucial aspects often overlooked by organizations, analyze historical bug patterns, and gain practical recommendations for integrating security throughout the software development lifecycle. Examine the paradigm shift in software security engineering, debunk common misconceptions, and understand the importance of explicit security measures in each engineering phase.

Software Security Engineering: Lessons from the Past to Fix the Future

OWASP Foundation
Add to list
#Programming #Software Development #Computer Science #Machine Learning #Information Security (InfoSec) #DevSecOps #Cybersecurity #Computer Security #Operating System Security #Defense in Depth
0:00 / 0:00
1 of 29

Intro