{"id":5286,"date":"2018-08-31T05:16:12","date_gmt":"2018-08-31T05:16:12","guid":{"rendered":"https:\/\/www.eccu.edu\/?p=5286"},"modified":"2023-06-05T07:33:02","modified_gmt":"2023-06-05T07:33:02","slug":"making-the-web-secure-by-design","status":"publish","type":"post","link":"https:\/\/www.eccouncil.org\/cybersecurity-exchange\/cyber-talks\/making-the-web-secure-by-design\/","title":{"rendered":"Making the Web Secure, by Design!"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\"Glenn<\/p>\n

Name:<\/strong> Glenn Ten Cate, ING Security Chapter Leader, ING Belgium
\nTopic:<\/strong> Making the Web Secure, by Design!
\nDate of Webinar:<\/strong> 9th October 2018
\nTime and Location:<\/strong> 11am Brussels Time\/ 2:30pm IST\/ 5:00pm SGT<\/p>\n

Watch Now<\/a><\/p>\n

 <\/p>\n

Speaker Bio:<\/strong> As a coder, hacker, speaker, trainer and security researcher employed at ING Belgium, Glenn has over 10 years of experience in the field of security. He is one of the founders of defensive development [defdev], a security training series dedicated to helping you build and maintain secure software, and has also spoken at multiple security conferences around the world.<\/p>\n

Glenn is also an expert on implementing security test automation in CI\/CD pipelines. This helps create short feedback loops back to the developer and prevents bugs from getting into production at an early phase in the development lifecycle.<\/p>\n

Topic Abstract:<\/strong> While working as a penetration tester, you are bound to come across numeral vulnerabilities that are introduced through applications. Most of these vulnerabilities could have been prevented while developing the application.
\nThe latest trend in the industry is integrating security tooling into CI\/CD pipelines, however, security tools integrated into your security pipe-lines is not sufficient to protect the whole attack surface. This is because the tool can never comprehend the full context of the functions and logic of the application. On the other hand, resources in the form of manual verification can often be scarce and expensive.<\/p>\n

Where do we find the right balance between security test automation and manual verification?
\nMore importantly, how do we train the developers to understand the metrics and make security part of their process and culture?
\nThis could have been achieved by setting up an (S)SDLC, but what does a good (S)SDLC consists of?
\nThis talk will guide you on how to take the maturity of your security in software development to the next level.<\/p>\n

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)<\/p>\n