SEM SIG: Building Application Security into the Software Develop. Lifecycle



  • The Monthly Meeting of the SEM SIG


    Presentation Overview

    In today’s environment of open and interconnected systems, an onslaught of security problems have plagued applications and as such, security has become a top concern for developers, architects and business analysts who are creating and managing high-quality applications and initiatives such as service-oriented architectures (SOAs). According to Gartner’s Theresa Lanowitz, 75 percent of security hacks happen at the application level and, as a result, companies that don't take responsibility for security issues during the development process are significantly more likely to experience a catastrophic event.

    In this presentation, Matt Hargett, director of development at LogicLibrary’s BugScan Division, will describe best practices for coupling security with the development process, and will discuss how software developers and vendors can incorporate organizational security standards and policies throughout the entire development lifecycle. Additionally, Hargett will demonstrate how this will ensure that components (such as software assets that are used repeatedly in different projects or as Web services) can have their relative security posture measured, enabling them to be used as trusted building blocks in applications – all without source code.


    About the Presenter

    Matt Hargett Director of Development, LogicLibrary BugScan Division

    Hargett has worked in security quality assurance doing source code, runtime and binary-analysis as well as architecting processes for testing, development, requirements-gathering and support at various companies. His experience includes the software engineering of award-winning security products, the publication of several advisories on novel vulnerabilities, and the presentation of various talks at Blackhat, Defcon and elsewhere. His professional interest in making novel vulnerability discovery more accessible and repeatable to the mass market resulted in the creation of BugScan, which was acquired by LogicLibrary in September 2004.




    111 West Saint John, Suite 200

    San Jose, CA 95113

    Phone: 408.494.8378

    Note: the building doors lock at 7:00pm. If you arrive after 7:00pm,
    please call 408.494.8378.


    6:00pm - 6:30pm - Registration
    6:30pm - 8:30pm - Discussion



    $15 at the door for non-SDForum members
    No charge for SDForum members
    Please call 408.494.8378 for student memberships

    More on the Software Engineering Managment SIG...