With security "shifting left" into DevSecOps, it's more difficult than ever to keep up with a rapidly evolving landscape of web technologies and the threats that come with them. While familiar vulnerabilities like XSS and SQL injection attacks continue to plague our apps, many frameworks are adopting automatic defenses that protect against common abuse cases. At the same time, as the work of developers is abstracted away from these security decisions, remaining points of failure can more easily go overlooked.
Keeping applications secure in a world where developers deploy and commit production code many times a day requires software engineers to be well versed and up-to-date in secure coding techniques relevant to their particular language and framework. Education in application security is hard, and passive compliance-based training using outdated videos and slideshows can’t keep up.
We must find better ways to share appsec knowledge, both within teams and across the industry, beyond relying on slow-to-update measures like the OWASP Top 10 to guide us. To this end, Duo and Hunter2 have partnered to bring a set of free training resources that can be shared among development teams, including interactive training labs that allow engineers to practice exploiting and patching up modern web applications in their stack of choice.
Join Mark Stanislav, Duo Security’s Head of Application Security, as he walks you through the state of developer security education, how to enable better training for your engineers, and where to find tools to help you start today.
Mark Stanislav is the Head of Application Security for Duo Security. Stanislav has spoken internationally at over 100 events, including Black Hat, RSA, DEF CON, SOURCE Boston, Codegate, SecTor and THOTCON. His security research and initiatives have been featured by news outlets such as the Wall Street Journal, the Associated Press, CNET, Good Morning America and Forbes. Stanislav is the Author of the book Two-Factor Authentication. Stanislav holds a BS in networking and IT administration and an MS in technology studies focused on information assurance, both from Eastern Michigan University. During his time at EMU, Stanislav built the curriculum for two courses focused on Linux administration and taught as an adjunct lecturer for two years. Stanislav is currently pursuing his PhD in cybersecurity from Dakota State University. He holds CISSP, Security+, Linux+, and CCSK certifications.