Software security isn't a tool or a library, everyone knows that you should check your parameters, and watch out for SQL injection, but is that really enough? If you have never had the opportunity to spend time hacking your own applications, you are really doing yourself a disservice. More than ever, the web is becoming an increasingly hostile environment, and because of it developers really need to step up their game. In this session we will go over some of the methodologies that we use internally to test applications, helping developers to think more strategically about designing applications for general security. As part of this conversation I will go over active attacks that we have seen against production sites using sterilized examples.
James is a developer and security advocate whose biggest responsibility is leading developer security practices. He sets the standards and procedures for how the practice operates, and leads all client engagement efforts with regard to security. He also takes the lead in making sure that company staff are properly trained and following best practices with regard to security.
James also acts as a system and application architect, and oftentimes he evaluates application design as part of the security audits he performs. In a past life James was responsible for Architecture and developing solutions on multi-million implementation efforts. Key clients included the Eight Fortune 500 companies (Seven in the Fortune 100), as well as several well known non-profits and leaders in their industries. Vertices served included healthcare, transportation, financial services, retail, insurance, and energy.
In his free time James is involved with running BSidesBoulder and DC720 (Local DEFCON Group).