Leveling up an application security program - David Rook - OWASP AppSec California 2015
AppSec California 2015 - Day 1, Track 2, Slot 3
Title
Leveling up an application security program
Abstract
In this talk, David will relay lessons learned from his first year working in the application security program at Riot Games.
David will explain how he assessed the level of the program when he joined, and what gaps he identified. He will give an overview of how Riot approaches application security in a fast paced, agile environment. This will include how Riot implements controls which do not negatively impact product development or player experience. David will explain how Riot provides secure coding guidance to software engineers, works with QA, and maintains an application security community of practice.
There are many options when it comes to understanding and improving an application security program. This talk will address Riot’s efforts in this regard.
Bio
David Rook is a Security Engineer focusing on Application Security at Riot Games in Dublin. He has held various application security roles in the financial services industry since 2006 before moving into the computer games industry in early 2014. He is a contributor to several OWASP projects including the code review guide and the Cryptographic Storage Cheat Sheet. He has presented at leading information security conferences including DEF CON, BlackHat USA and RSA Europe. In addition to his work with OWASP David created a security resource website and blog called Security Ninja.
The Security Ninja blog was been nominated for five awards including the best technology blog at the Irish Blog Awards, the Computer Weekly IT Security blog award and was a finalist for the Irish Web Awards Best Technology Site. David received a Developer Security MVP award from Microsoft in 2011, 2012 and 2013 as well as the SC Magazine Europe 2012 Rising Star award. David strives to practice what he preaches and has backed up his work experience by developing two open source security code review tools called Agnitio and the Windows Phone App Analyser.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...
