1. Software Security Engineering and Risk Management Processes to Build Secure Web Applications Marco Morana OWASP Chapter Lead Rochester Security Summit 29-30 October 2008 Cincinnati Chapter Meetings
4. Initial Business Cases For Software Security Avoid Mis-Information: Fear Uncertainty Doubt (FUD) Use Business Cases: Costs, Threat Reports, Root Causes
13. Holistic View: Software vs. Application Security Security applied by catch and patches Security built into each phase of the SDLC Look at root problem causes Look at external symptoms Reactive, Incident Response, Compliance Proactive, Threat Modeling, Secure Code Reviews