Hacker Thursdays: Handson-event, OWASP Security Knowledge Framework

Welcome to OWASP Bay Area's YouTube!

Enjoy these amazing talks from August meetups by OWASP Bay Area. For more details about past and upcoming meetups, visit the Meetup page: https://www.meetup.com/Bay-Area-OWASP

To contribute to Hacker Thursday as a speaker or would like to host us, email us at owaspht[at]gmail[dot].com
------------------------------

During our work as penetration testers we found that there where a lot of vulnerabilities that could have been easily prevented whenever the developers where given proper guidance and security requirements. This session will be proceeded by Web application hacking hands-on.

In the current state of software development with the whole (S)SDLC in= place, the security tooling integrated in your security pipe-lines will not cover the whole attack surface. This is because the tooling can never understand the full context of the applications functions and logic, but the developers can!

We believe that the developers are the real champions and with proper guidance, awareness and toolsets they can lift the maturity of the projects security to a whole new level!

This is why we developed the OWASP Security Knowledge Framework!

What is the OWASP Security Knowledge Framework?

Over 10 years of experience in web application security bundled into a single application. The Security Knowledge Framework is a vital asset to the coding toolkit of you and your development team. Use SKF to learn and integrate security by design in your web application.

SKF is an open source security knowledgebase including manageable projects with checklists and best practice code examples in multiple programming languages showing you how to prevent hackers gaining access and running exploits on your application.

In a nutshell:

It Trains your developers in writing secure code
It utilizes ASVS for setting up the right security requirements
For each ASVS item there is a knowledge base item that guides the developer with implementation
Developers and security specialist can keep audit trails of the requirements to do verification in implementation
It contains code examples that teach the secure coding principles!

About the trainers:

Glenn ten Cate:
As a coder, hacker, speaker, trainer and security researcher employed at ING Belgium as the security chapter leader.

Glenn has over 10 years experience in the field of security. One of the founders of defensive development [defdev] a security training and conference series dedicated to helping you build and maintain secure software and also speaking at multiple other security conferences in the world. His goals is to create an open-source software development life cycle with the tools and knowledge gathered over the years.

Riccardo ten Cate:
As a penetration tester from the Netherlands Riccardo specializes in application security and has extensive knowledge in securing applications in multiple coding languages. Riccardo has many years of experience in training and guiding development teams.

Riccardo also has expertise on implementing security test automation in CI/CD pipelines. This helps create short feedback loops back to the developer and prevents bugs from getting into
production into an early phase of the development lifecycle. By combining these skillsets into the SKF Riccardo helps development teams becoming more mature and making their applications secure by design.