It’s that time again – tomorrow at 11am PT we’ll be hosting another Twitter chat on the @IntelSec_Biz feed. Our topic of discussion: application security. Normally, our topics are guided by security trends and issues top of mind for McAfee folks, but this time we decided to do things a little differently. For this chat, we chose our topic based on feedback from a regular and enthusiastic #SecChat participant, 451 Analyst Josh Corman.
Whether it’s web applications, mission critical apps, or application database security, most experts agree that application security is a decade behind. At this year’s RSA Conference, in Corman’s now infamous “Why Zombies Love PCI” Pecha Kucha speed talk, he suggested that “defensible infratructure” is the foundation (and most often skipped) element of securing our environments and surviving a zombie apocalypse. This speaks directly to our topic this week.
Data centric security issues continue to be appeased with network controls. Basic injection attacks like SQL are analogous to network attacks over a decade ago. Our industry is using the wrong paradigm for data centric issues like application security.
Verizon’s DBIR shows 89% of last years breached records involved SQLi attacks. Why is it that our industry uses the least amount of resources on the most attacked surface? While we have plenty of technical supply, where is the informed and pervasive demand? How do the tools fit together? How do organizations and frameworks ranging from OWASP to BSIMM to OSAMM fit into the puzzle?
Join us tomorrow during #SecChat to discuss this and other related issues. We’ll continue to pick topics based on participant feedback for upcoming chats, so please, tweet us your suggestions!
For new folks joining us, here are the logistics to participate:
– Simply follow the #SecChat hashtag (via search.twitter.com or a Twitter client) and watch the real-time stream.
– At 11am PT @IntelSec_Biz will pose a few questions to participants around application security using the #SecChat hashtag to get the conversation rolling.
– Tweet your questions, comments, thoughts using the #SecChat hashtag. @reply other participants and react to their comments via #SecChat. Engage!
– #SecChat should last about an hour.