Thank you for joining us at our 20th Anniversary Event! All sessions were recorded and will be posted in the coming weeks on the OWASP YouTube channel.

We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, to gain access to the session links.

Saturday, September 25 • 12:30am - 1:00am
Software Security Engineering (Learnings from the past to fix the future)

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Over the last 20 years, exponential growth in technology and technological advancement has led to a significant increase in an application or software attack surface. If these applications become part of an organisation's internal or external facing infrastructure, it inherently increases an organisation overall attack surface.
Interestingly a vast majority of security bugs the industry have been dealing with these days have been around for at least two decades.

Suppose you are responsible for ensuring application security for your organisation or a vital member of the software engineering team and dealing with known security issues affecting these applications year after year. In that case, there are few critical questions to ask yourself.

Is it challenging to entirely eradicate any known application security bugs in a single application and across all the applications in your organisation? Does your product team observe the nature of security bugs identified and mitigated in a particular application/software release, continues to surface back in future releases? Have you made a move to DevSecOps, or considering migrating away from Waterfall and Agile with the hope that it would take care of all the security bugs in your applications/software.

If the answer to either or all of the above questions is "Yes", then this talk is for you.

This talk will have no fancy demos; instead, this talk will cover some of the crucial aspects of software security engineering and strategy that most organisations have overlooked or ignored.
The key to ensuring maximum possible security resilience in an application/software against known and unknown threats is hidden in past events. Therefore, there will be past examples covered during the talk to learn from and retrospect to fix future security problems in an application/software.

It is quite possible to eliminate known security bugs entirely across all the applications in an organisation and prevent them from reoccurring. While achieving 100% resilience against zero-day threats for your software is less likely, it is quite possible to achieve at least 99.99% security resilience in application/software to defend against variants of know security bugs.

This talk will provide some food for thoughts on how to steer software security engineering in an organisation to achieve such results. Among all the solutions I'd cover, none of those will lead to DevSecOps. You'll find out why during the talk.

avatar for Debasis Mohanty

Debasis Mohanty

Head Of Technical Services, SEQA
Debasis has over 20+ years of insightful experience in Offensive and Defensive security. He got into security as early as 1998 when there were limited online resources, and one had to self-learn and rely more on textbooks, MSDN resources (Windows), or man pages (Linux/Unix) than on... Read More →

Saturday September 25, 2021 12:30am - 1:00am EDT