Matt Goodwin,
Solution Architect, Parasoft

As a Solution Architect with Parasoft, Mr. Goodwin’s commitment is helping customers create high quality software. He has spent the majority of his career focusing on web security and how static analysis tools can be integrated into the development workflow to address web application vulnerabilities.

Jason Taylor,
CTO, Security Innovation

Jason Taylor, CTO
Mr. Taylor leads the strategic direction for all technology and security initiatives at Security Innovation. He is an external reviewer, contributor and primary author for Microsoft patterns & practices security guidance and has written several articles for CIO Update.

Get Defensive about Application Security: Eliminate Weaknesses

Date: Thursday, November 7

Time: 1:00-2:00PM (EST)

Vulnerabilities are preventable - they propagate as the result of poor design and coding decisions. Secure design libraries and defensive coding techniques help mitigate this risk. Further, automated static analysis can be used to help validate that you’ve implemented your code and countermeasures securely.

This webcast will help developers understand how security (and vulnerabilities) are often built-in during design and what countermeasures they can implement to harden applications. The presenters will take an “in-practice” approach, and demonstrate how to leverage threat modeling and static analysis to pinpoint and remove common and damaging weaknesses in software code - specifically, SQL Injection, Cross-Site Scripting (XSS) and Information/Data Leakage.

Topics Covered:

  • Vulnerabilities and Weaknesses
    • The cascading effect of poor design choices
    • How they are introduced into code
    • Identifying and analyzing root cause
  • High-value static analysis
    • Finding and validate security defects
    • The power of data flow analysis
    • Verification of defect removal
    • Fine-tuning to reduce false-positives
  • Leveraging Threat Modeling to focus on hot spots
    • Identifying attack points
    • Considering countermeasures
    • Optimizing static analysis rules
  • Shields up: Getting Defensive
    • Choosing secure design components
    • Defensive coding techniques
    • The need for “eyes-on” security code analysis