Top Ten Proactive Controls for Secure Software Development

Explore the OWASP Top Ten Proactive Controls in this 50-minute conference talk by Jim Manico, VP of Security Architecture at WhiteHat Security. Discover essential software control categories that architects and developers should incorporate into every project, including Authentication, Access Control, Validation, Encoding, Query Parameterization, and Data Protection. Learn how to build secure applications proactively, covering topics such as secure requirements, architecture, and design. Gain insights into password defenses, multi-factor authentication, access control anti-patterns, content security policy, SQL injection prevention, XSS defense, encryption in transit, and application layer intrusion detection. Understand the importance of leveraging tools like the OWASP Java Encoder Project, Apache Shiro, and Google KeyCzar to solve real-world security challenges.

Intro
WARNING
Security Architecture and Design
Security Requirements (SDLC) Functional requirements
OWASP Java Encoder Project orgindex.php OWASP Java Encoder Project
Password Defenses
Leverage Keyed Functions
Multi Factor Authentication
Forgot Password Secure Design
Access Control Anti-Patterns
Most Coders Hard-Code Roles in Code
Solving Real World Access Control Problems with the Apache Shiro
Content Security Policy
Anatomy of a SQL Injection Attack
Query Parameterization (PHP PDO)
Query Parameterization (PERL DBI)
Anatomy of a XSS Attack
Contextual Output Encoding (XSS Defense)
Other Encoding Libraries
Solving Real World Problems with the OWASP HTML Sanitizer Project
Encryption in Transit (HTTPS/TLS)
Fixing the TLS and the Certificate Authority System
Solving Real World Crypto Storage Problems With Google KeyCzar
App Layer Intrusion Detection
OWASP AppSensor (Java)