Breach Prevention for Developers

As an information security professional, it’s critical to know something about how custom web applications are developed and the impact that has on application security. Frank Rietta, a developer and founder of a web app security consultancy, talks about what if we want to  build security into a web application hosted in the cloud. Since security cannot be bolted on at the end, Frank talks about tools available to include security as part of the development process, including user stories, abuser stories, and test driven development that includes security tests. Infosec professionals play an important role in this by working with developers as ambassadors for security and knowing the practices to encourage and recommend so that application security is part of the entire software process.

If you’re interested in more videos on this topic, Frank publishes application security learning videos free to the public at https://rietta.com/learning/appsec/. The slides for this talk are available at https://speakerdeck.com/rietta/breach-prevention-for-developers-at-ksu.

You can find Frank Rietta on Twitter at https://twitter.com/frankrietta