Talk: Security Vulnerabilities Decomposition: Another way to look at Vulnerabilities
In most companies security is driven by compliance regulations. The policies are designed to contain the CWEs each company is interested to comply with. The result of this approach is a high number of insecure applications are still produced and injection is still King. Is there another way to secure the software in a more developer friendly manner?
This presentation will look at security vulnerabilities from a different angle. We will decompose the vulnerabilities into the security controls that prevent them and developers are familiar with. We will flip the security from focusing on vulnerabilities (measured at the end) to focus on the security controls which can be used by developers from beginning in software development cycle.
Recommended to all developers looking to integrate security in their software applications.