This is a security awareness presentation on impact of developing and using insecure applications in organisations. Number of case studies of data leaks, defacements and regulatory fines are presented as example.
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
Why care about app security risks and costs
1. Why care about application security? Paweł Krawczyk (IPSec.pl) pawel.krawczyk@hush.com Presentation licensed under CC BY-NC http://creativecommons.org/licenses/by-nc/3.0/
2. Sony PSN April 2011 PSN & Qriosity outage 80m records lost May 3 Another 25m records Sony Online Entertainment outage
6. $$$ Settlements Visa = $60.0m AmEx = $ 3.5m Consumer = $ 4.8m Ponemon Institute estimate At $60 cost per record = $7.8b Now $140 (2010) Indirect costs (e.g. lost business) Source: datalossdb.org
25. Data protection laws Poland - up to 50’000 PLN fines May issue order to stop processing data Audit reports are public Would you trust them in future?
30. Eliminate bugs early Early code audit Applied Software Measurement, Capers Jones, 1996 Building Security Into The Software Life Cycle, Marco M. Morana, 2006
31. It’s cheaper than... Pentest Late code audit Applied Software Measurement, Capers Jones, 1996 Building Security Into The Software Life Cycle, Marco M. Morana, 2006
32. And way cheaper than... Hack! Applied Software Measurement, Capers Jones, 1996 Building Security Into The Software Life Cycle, Marco M. Morana, 2006
33. How? Dough Hubbard „The Failure of Risk Management” Security Assurance Maturity Model (OpenSAMM) Security Development Lifecycle (SDL)
34. Outsourcing? Tell them what you need (precisely) UML, BPMN Specify assurance level OWASP ASVS Trust but verify Supplier due dilligence, audit, pentest
35. Ask peers OWASP Open Web Application Security Project www.owasp.org ISSA Information Systems Security Association www.issa.org.pl