Jeff Williams, CEO Aspect Security
Title: Interactive Application Security Testing (IAST) - The Future of Application Security?
As a pioneer in the software development and security field, Jeff Williams is one of the world's foremost experts on application security. Williams is the co-founder and CEO of Aspect Security, a consulting firm focused exclusively on application security that supports a worldwide clientele with critical applications in the government, defense, financial, healthcare, services and retail sectors. Williams and his team at Aspect Security are founding members of the Open Web Application Security Project (OWASP), through which Williams has made industry contributions including: the OWASP Top Ten, Enterprise Security API (ESAPI), Application Security Verification Standard (ASVS), Risk Rating Methodology and WebGoat. Williams holds advanced degrees in psychology, computer science and human factors, and graduated cum laude from Georgetown Law. firstname.lastname@example.org
Application security has never been more important, yet traditional approaches are starting to fall apart as applications get larger, faster, and more complex. Unless something changes, the world's entire pool of security experts will soon be completely absorbed seeking out Cross Site Scripting Vulnerabilities. We need a simple, automated, and cost-effective solution to analyze entire portfolios, and a new approach called IAST might help.
Finding vulnerabilities in applications seems like it should be easy enough for tools to do. But the reality is that takes a ton of context to detect vulnerabilities. Imagine the U.S. Tax Code for a minute. There are over 4.6 million lines of highly specialized "code" with lots of specialized "business logic." Sound familiar? Now, imagine finding loopholes in the tax code. Could you write a tool to do it for you? That's the complexity of the problem that automation is facing. Nevertheless, we desperately need automation to help us scale application security to the size it needs to be. There are roughly 16 million developers in the world, cranking out roughly 35 billion lines of code every year. That new code is scattered across millions of applications that must all be tested and there are new vulnerabilities each year making the job harder. There's just no way that we can possibly scale without automation.
In this talk, Jeff will discuss IAST and Aspect Security's revolutionary new approach to automating application security in running Java EE applications called Contrast.