Building A Software Security Program by Kuai Hinojosa

https://bit.ly/2OH0FV3 Staffcop secret sale page.
The second of 2 presentations for the Dutch OWASP Chapter Meeting held on 7 November at Hoogeschool Rotterdam. Abstract The proliferation of applications of all types continues unabated. As organizations put more of their business functions in custom applications their risk profile increases tremendously. Application security is more difficult than any other area of security as it relies on the due diligence of people supported by limited processes whereas other aspects of security can be more easily automated and are supported by well-defined policies. The successful management of the development and release process through a comprehensive Software Security Program that incorporates appropriate processes and check points will allow organizations to reduce their risk profile while benefiting from a more efficient end-to-end development process. Please join me as I will provide an overview of how one organization built a Software Security Program that addressed People, Process and Technology challenges surrounding software development and security. I will highlight the approach we took and the benefits we are reaping in both lower costs and lower risk profiles of their applications. About the Speaker Kuai Hinojosa is a Managing Software Security Consultant at Intel Security, Foundstone Professional Services. He has been developing and securing enterprise applications for over a decade. At Foundstone Kuai is a member of the Software Application Security Services Team and serves as the Service Line Lead for Security Development Lifecycle Gap Assessments, Threat Modeling and the implementation of Software Security Programs. Kuai specializes in linking together technical risks and remediation advice, ensuring that development teams can correctly interpret and act upon software security risks. Kuai has been responsible for directly interfacing with C-level executives, Sr. Developers, Software Architects and Sr. Management to guide and verify remediation efforts as part of the implementation of Enterprise Software Security Programs. Before joining Foundstone, Kuai worked at Cigital where He delivered security code reviews, penetration tests, architecture risk analysis and contributed building training material for mobile security training. In his time off, Kuai volunteers leading OWASP Global education efforts and is a current co-leader of the Open Software Assurance Maturity Model project.