[Dailydave] Things to watch: AppSec Keynote by Alex Stamos.
Andreas Lindh
andreas.lindh at isecure.se
Mon Feb 9 14:31:45 EST 2015
This is quite possibly the best keynote that i have ever seen. My
colleague Tero asked “how many CISOs do you know who could give a talk
like this?” and my response was “how many security pros do you know who
could?”. The truth is, there isn't a lot of people in security (or
otherwise) with insights like this.
One thing that especially caught my attention: at one point, Alex talks
about that some companies writing a web app, then buying a WAF to secure
the web app, and then hiring a consultant to come in and install and
configure the WAF, and after that the web app is "reasonably secure".
Here’s the thing; this might be true in the US but in large parts of the
rest of the world, that consultant will be a sales engineer-type who is
actually a *nix sysadmin and who may be great at Linux but doesn’t now
shit about web apps. The reason for this, as most people know, is that
security shelf products are often marketed and sold as self-playing
pianos, so someone who has “BigIP” or “Imperva” as a LinkedIn skill most
likely knows a lot about installing and operating the product, but not a
lot about what the product actually does. Bottom line; that web app is not
even reasonably secure.
(shameless self-promotion: I wrote a post related to that subject a while
back:
http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-short
age)
Andreas
On 2015-02-09 16:15, "Dave Aitel" <dave at immunityinc.com> wrote:
>https://www.youtube.com/watch?v=-1kZMn1RueI
>
>Just an unexpectedly GREAT keynote by Alex Stamos. I mean, not that I
>thought he would give as crappy keynote, but in fact, good keynotes are
>few and far between even when people have it in them.
>
>Even the Q&A section is great. So go watch it now. He comments a bit on
>FireEye, Incident Response, Application Security.
>
>-dave
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2814 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150209/16688875/attachment.p7s>
More information about the Dailydave
mailing list