since 1999

 

2 minutes estimated reading time.

What is Application Security?

I’m back from Boulder, Colorado, having presented on application security to the Ruby developers at the Rocky Mountain Ruby Conference! It was a fantastic group and security is one of those topics that are just not talked about enough within the developer community.

I started off with a definition of application security:

Application Security is the subset of Information Security focused on protecting data and privacy from abuse by adversaries who have access to the software system as a whole. Its purpose is to make software resilient to attack, especially when network defenses alone are insufficient.

Then proceeded to talk about the importance of writing User Stories with security constraints and Abuser Stories, which are user stories from the point of view of a malicious adversary. It’s all about clearly communicating among developers and the non-technical stakeholders about the threats so that these considerations can inform development decisions.

The Q&A was robust with more questions than there was time to get to them all. I was able to give out two blue Yubikey Fido U2F keys thanks to Yubico.

The slides

The slides are up at Speakerdeck as Defending Against Data Breaches, as a Practicing Ruby Developer - RMR 2015.

The feedback on Twitter was great

And then of course my favorite part of being in Boulder was getting to go on a hour hike on foot from the conference, into the mountains and back.

The talk was filmed by Confreaks and is available for viewing on YouTube at Rocky Mountain Ruby 2015 - Defending Against Data Breaches, as a Practicing Ruby Developer:

The next time to hear my data breaches talk is at the Information Systems Security Association’s 2015 International Conference, being held at the Chicago Marriott Downtown Magnificent Mile on October 12, 2015.