OWASP Cleveland - Event Registration

Recent Presentation (April 29th, 2013)

Threat Modeling - The First Step in Secure Application Development

Application security issues continue to be a growing concern for businesses large and small. In fact, many people would be surprised to find that some of the most popular mobile apps downloaded are vulnerable to issues found in the OWASP Mobile Top 10 list of common vulnerabilities.

To address these issues security needs to be integrated into the software development lifecycle (SDLC) used by the developers.  When developing an application in a secure manner threat modeling is an important but often forgotten first step.

This talk will start out an overview of where to integrate security into the SDLC process.  The remainder of the talk will focus on the threat modeling portion of the SecSDLC.  During this stage the OWASP Mobile Threat Model will be introduced. To provide real world examples vulnerabilities found in many of the top 25 downloaded apps found in the Apple App Store and Google Play will be covered.


Part 1 (Link)


 Part 2 (Link)

About the Presenters:
Matt Neely is the Director of Research, Innovation and Strategic Initiatives at SecureState, a security management consulting firm.  At SecureState Matt leads the Research and Innovation team which focuses on imagining, researching and developing methodologies and tools that will solve industry related issues. In addition to Matt’s technical background, his strong understanding of business processes and organizational structure allow him to meet the security needs of the business world.  Matt is a regular speaker at various business and security user groups and conferences including Black Hat, Defcon, THOTCON and ShmooCon. Matt recently published the book Radio Reconnaissance in Penetration Testing.
Tom Eston is the manager of the Profiling and Penetration Team at SecureState. Tom leads a team of highly skilled penetration testers that provide attack and penetration testing services for SecureState's clients. Tom focuses much of his research on new technologies such as social media and mobile applications. He is the founder of SocialMediaSecurity.com which is an open source community dedicated to exposing the insecurities of social media. Tom is a security blogger, SANS Mentor, co-host of the Social Media Security podcast, and is a frequent speaker at security user groups and worldwide conferences including Black Hat, DEFCON, DerbyCon, Notacon, SANS, OWASP AppSec, and ShmooCon.