What is Application Security?
I’m back from Boulder, Colorado, having presented on application security to the Ruby developers at the Rocky Mountain Ruby Conference! It was a fantastic group and security is one of those topics that are just not talked about enough within the developer community.
I started off with a definition of application security:
Application Security is the subset of Information Security focused on protecting data and privacy from abuse by adversaries who have access to the software system as a whole. Its purpose is to make software resilient to attack, especially when network defenses alone are insufficient.
Then proceeded to talk about the importance of writing User Stories with security constraints and Abuser Stories, which are user stories from the point of view of a malicious adversary. It’s all about clearly communicating among developers and the non-technical stakeholders about the threats so that these considerations can inform development decisions.
The Q&A was robust with more questions than there was time to get to them all. I was able to give out two blue Yubikey Fido U2F keys thanks to Yubico.
The slides are up at Speakerdeck as Defending Against Data Breaches, as a Practicing Ruby Developer - RMR 2015.
The feedback on Twitter was great
really great talk @frankrietta! Thinking security first @rockymtnruby #rmr2015— Ian Whitney (@iwhitney) September 25, 2015
Put away the tin foil hat, force SSL, and add two-factor now. @frankrietta just schooled @rockymtnruby on Application Security.— TJ Taylor (@dugancathal) September 25, 2015
@frankrietta Could you tweet out where to find the slides from your #rmr2015 talk? Would love to fwd to my team!— sarahdashdashp (@sarahdashdashp) September 25, 2015
My new security key is so cool. Thanks @frankrietta! pic.twitter.com/zIBEdQEkGJ— Gordon Diggs (@GordonDiggs) September 25, 2015
And then of course my favorite part of being in Boulder was getting to go on a hour hike on foot from the conference, into the mountains and back.
[@frankrietta](https://twitter.com/frankrietta) [pic.twitter.com/VqYl1TO1mW](http://t.co/VqYl1TO1mW)-- Ian Whitney (@iwhitney) [September 26, 2015](https://twitter.com/iwhitney/status/647807425769304065)
The talk was filmed by Confreaks and is available for viewing on YouTube at Rocky Mountain Ruby 2015 - Defending Against Data Breaches, as a Practicing Ruby Developer:
The next time to hear my data breaches talk is at the Information Systems Security Association’s 2015 International Conference, being held at the Chicago Marriott Downtown Magnificent Mile on October 12, 2015.