If you don't own the 3 OWASP books, you've failed.
We're still facing the same vulnerabilities we already have, because we are doing something wrong. Maybe it's security professionals that are doing something wrong, by not educating developers properly.
Big security companies still having problems with their websites.
Most vulnerabilities are well known.
Security people don't write code. developers do. They don't "get" security:
Sitting down with developers and stepping them through a vulnerability helps show them the light and they understand and think about vulnerabilities.
Talk today designed to show developers exploits in action.
The opinions expressed herein are my own personal opinions and do not represent
my employer's view in any way.
Page rendered at Thursday, May 23, 2013 8:21:27 AM (New Zealand Standard Time, UTC+12:00)