You know how it goes. There is always someone that finds out how to break all the hard work you and your team have put in developing a kick-ass application. Nobody likes to receive security bug reports but they are a reality we have to deal with. Penetration testers, bug bounty programs, independent researchers, and security incidents all provide us with invaluable information to develop better code. The question then becomes what we do with what we learned and how we prevent similar vulnerabilities to appear again. This presentation is a tale of war stories from my experience as a penetration tester and the numerous years of work with development teams building secure development practices. I hope to help you in understanding the value of security bugs for you, your organisations and your clients.
if ignorance is bliss, then knock the smile from my face. #wimming. #dirtysec #0dO. opinions r my own and nobody elses!. Cowboys & Anthrax. bio from Twitter
Sign in to add slides, notes or videos to this session