Dailydave mailing list archives
Re: Things to watch: AppSec Keynote by Alex Stamos.
From: Andreas Lindh <andreas.lindh () isecure se>
Date: Mon, 9 Feb 2015 19:31:45 +0000
This is quite possibly the best keynote that i have ever seen. My colleague Tero asked “how many CISOs do you know who could give a talk like this?” and my response was “how many security pros do you know who could?”. The truth is, there isn't a lot of people in security (or otherwise) with insights like this. One thing that especially caught my attention: at one point, Alex talks about that some companies writing a web app, then buying a WAF to secure the web app, and then hiring a consultant to come in and install and configure the WAF, and after that the web app is "reasonably secure". Here’s the thing; this might be true in the US but in large parts of the rest of the world, that consultant will be a sales engineer-type who is actually a *nix sysadmin and who may be great at Linux but doesn’t now shit about web apps. The reason for this, as most people know, is that security shelf products are often marketed and sold as self-playing pianos, so someone who has “BigIP” or “Imperva” as a LinkedIn skill most likely knows a lot about installing and operating the product, but not a lot about what the product actually does. Bottom line; that web app is not even reasonably secure. (shameless self-promotion: I wrote a post related to that subject a while back: http://3vildata.tumblr.com/post/109188919632/about-the-infosec-skills-short age) Andreas On 2015-02-09 16:15, "Dave Aitel" <dave () immunityinc com> wrote:
https://www.youtube.com/watch?v=-1kZMn1RueI Just an unexpectedly GREAT keynote by Alex Stamos. I mean, not that I thought he would give as crappy keynote, but in fact, good keynotes are few and far between even when people have it in them. Even the Q&A section is great. So go watch it now. He comments a bit on FireEye, Incident Response, Application Security. -dave
Attachment:
smime.p7s
Description:
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Things to watch: AppSec Keynote by Alex Stamos. Dave Aitel (Feb 09)
- Re: Things to watch: AppSec Keynote by Alex Stamos. Andreas Lindh (Feb 10)