It appears JavaScript is currently disabled in your browser. JavaScript needs to be enabled to view this recording.

John StevenJohn Steven

John Steven is Senior Director of Advanced Technology Consulting at Cigital.

John brings to this newly-created division of the company both depth and breadth in software security. His experience includes research in static code analysis and hands-on architecture and implementation of high-performance, scalable Java EE systems. John has provided security consulting services to a broad variety of commercial clients including  two of the largest trading platforms in the world and has advised America's largest internet provider in the Midwest on security and forensics. John led the development of Cigital's architectural analysis methodology and its approach to deploying enterprise software security frameworks. He has demonstrated success in building Cigital's intellectual property for providing cutting-edge security. He brings this experience and a track record of effective strategic innovation to clients seeking to change, whether to adopt more cutting-edge approaches, or to solidify ROI. John currently chairs the SD Best  Practices security track and co-edits the building security in department of IEEE's Security and Privacy magazine. John has served on numerous conference panels regarding software security, wireless security and Java EE system development. He holds a B.S. in Computer Engineering and an M.S. in Computer Science from Case Western Reserve University.


 description

conducting code reviews

When doing code review either as a developer or a security professional there's often too much work to do in the amount of time available. Moreover, other tools/techniques are probably in play: such as penetration testing and code review tools. As a reviewer, how do you ferret out the interesting security problems without repeating the work of those other tools/techniques? This presentation will show how to take a targeted view of the code and prevent the tedium of line-by-line review while increasing depth. Techniques will be discussed for both an agile and more waterfall methods of development and examples will use common Java EE open source controller frameworks and DAO/persistence packages.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.