SecAppDev 2023 lecture details
How to avoid the top ten software security flaws
Only 50% of software security defects are bugs. The other half are flaws in the design. This session builds on work from IEEE, Google, Twitter, Harvard, & others to present the top 10 security flaws along with guidelines to avoid them.
Tuesday June 13th, 11:00 - 12:30
Room Lemaire
Download handoutsAbstract
Software security defects come in two categories: bugs in the implementation and flaws in the design. Most commercial solutions focus on finding and fixing bugs, which is a much easier problem than finding and fixing flaws. But did you know that flaws account for half of commonly encountered security defects?
In this session, we introduce the top ten of software security flaws, along with guidelines and best practices on avoiding them. This session is based on work from the IEEE Center for Secure Design, in concert with Google, Twitter, Harvard University, and others.
Key takeaway
A security top 10, but not as you know it. In this session, we explore the top 10 design flaws, along with guidelines on avoiding them in your applications.
Content level
Introductory
Target audience
Software developers, architects, and AppSec professionals
Prerequisites
None
Gary McGraw
CEO, Berryville Institute of Machine Learning
Expertise: Software security, machine learning security, security engineering
Related lectures
Demystifying Zero Trust
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 14th, 09:00 - 10:30
We discuss the principles of zero trust and explain how it can be implemented. We also discuss how we can build up trust in devices, software and hardware components.
Key takeaway: Understand whether zero trust is useful for your organization or system. Reflect on which products and services you trust and why
Security architecture in a distributed world
Deep-dive lecture by Isabelle Mauny in room Lemaire
Tuesday June 13th, 14:00 - 15:30
This session highlights challenges in securing distributed applications and suggests field-tested solutions to tackle this emerging issue.
Key takeaway: Understand and address the challenges of securing a distributed application composed of hundreds of micro-services.
Fantastic software supply-chain vulnerabilities
Introductory lecture by Abhay Bhargav in room Lemaire
Tuesday June 13th, 09:00 - 10:30
This session dives into software supply-chain vulnerabilities, defense strategies, and risk mitigation. Attendees will gain insights and tools to build resilient supply chains and protect organizations from evolving threats.
Key takeaway: A comprehensive understanding of the current state of software supply-chain vulnerabilities and comprehensive defensive strategies