The Path of Secure Software Development - AppSec EU 2017

Explore the path to secure software development in this OWASP Foundation conference talk from AppSec EU 2017. Delve into proactive security controls and techniques that developers can incorporate throughout the software development lifecycle. Learn how to defend against cyber attacks at the application layer by implementing security measures during the coding process. Discover real-world examples of solving prevalent internet security problems, including SQL injection and cross-site scripting (XSS). Examine the OWASP Top 10 Risks, Application Security Verification Standard (ASVS), and best practices for identity authentication, access control, and logging. Gain insights on parameterizing queries, using contextual encoding libraries, implementing strong cryptographic algorithms, and secure password storage. Understand the importance of early and frequent security verification, managing third-party components, and preventing information leakage. Ideal for developers and security professionals seeking to enhance application security from the ground up.

Intro
OWASP Top 10 Risks - 2013
Cyber attacks
OWASP Application Security Verification Standard (ASVS)
OWASP ASVS
Verify for Security Early and Often
SOL injection example
Parameterize Queries
XSS Example
Contextual Encoding Libraries
Example of Validations
2nd Order SQL Injection Example
CS. Implement Identity and Authentication Controls
Strong cryptographic algorithms
Secure Password Storage
C5. Password Storage - How Not To Do It!
C5. Error Messages - How Not To Do It!
C5. Risks Addressed
Implement Appropriate Access Controls
Implement Logging and Intrusion Detection
Risks Addressed - All Top Ten!
Current state of software
Unmanaged 3 Party Components
Don't leak information
@OWASP Controls