SecAppDev 2023 Faculty
CEO, Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, and BitDiscovery. Jim is a frequent speaker on secure software practices, is a Java Champion, and is the author of 'Iron-Clad Java - Building Secure Web Applications' from Oracle Press. Jim also volunteers for OWASP as the project co-lead for the OWASP ASVS and the OWASP Proactive Controls.
Don't miss out on SecAppDev!Subscribe to the mailing list
Third-party library security management
Deep-dive lecture by Jim Manico in room West Wing
Wednesday June 14th, 14:00 - 15:30
Managing third party library dependence is one of the most difficult challenges in software development and requires significant process and technical discipline. This session offers actionable advice on getting this challenge under control.
Key takeaway: To handle third-party dependencies securely, you need to reduce the amount of libraries you use, vet the ones you use, and keep them up to date
The unabridged history of application security
Keynote lecture by Jim Manico in room Lemaire
Wednesday June 14th, 16:00 - 17:15
This talk traces Application Security from its '60s origins marked by poor practices to today's advancements. We aim to inspire security professionals by highlighting the accelerated pace of positive changes over time.
Key takeaway: Exploring Application Security's history reveals an encouraging trend: continuous, accelerating improvement over time.
Secure Coding with the OWASP Top Ten
One-day workshop by Jim Manico in room West Wing
Friday June 16th, 09:00 - 17:30
The OWASP Top 10 is a standard awareness document for web developers and web application security professionals. It represents a broad consensus about the most critical security risks to web applications. As software developers author code that makes up a web application, they need to embrace and practice various secure coding techniques. This training provides defensive instruction in relation to the OWASP Top Ten to aid developers in authoring secure software.
Learning goal: A thorough understanding of the risks listed in the OWASP top 10, along with best practice secure coding guidelines to mitigate these risks in web applications and APIs