This resource is no longer available
Application Security for Infrastructure Security Management
For many of those responsible for enterprise information security practices, there is often a traditional yet amorphous boundary preventing full engagement in application security. It’s a disconnect that not only inhibits security pros from influencing the application development process, but it also makes it difficult for application security vulnerabilities to be identified and addressed promptly.
One of the interesting conundrums presented by this disconnect is that the infosec team is often responsible for assessing and triaging all vulnerabilities, regardless of origin. Yet without the authority or means to correct application-layer vulnerabilities, root cause remediation is near impossible.
Key points of emphasis include how to overcome the “Application Security Divide,” how infrastructure security teams can prevent exploitation of application-layer vulnerabilities and dependencies owned by infrastructure and “disconnected” infosec teams that can strengthen application security.
SpeakerCory Scott Director, Matasano Security
Cory Scott is a director at Matasano Security, an independent security research and development firm that works with vendors and enterprises to pinpoint and eradicate security flaws, using penetration testing, reverse engineering, and source code review. Prior to joining Matasano, he was the Vice President of Technical Security Assessment at ABN AMRO / Royal Bank of Scotland. He also has held technical management positions at @stake and Symantec. He has presented at Blackhat Briefings, USENIX, and SANS, and leads the local Chicago OWASP chapter.