Performing security audits

Arne Blankerts (01.Mar.2012 at 09:45)
Talk at ConFoo 2012 (English - UK)

Rating: 4 of 5

To ensure the high quality of your source code, you of course write (unit) tests and do regular code reviews. Judging the state of security though may seem a lot harder than it is - if you don't know what to look for and where to get started. This talk will introduce you to security audits, why and how tools can assist a manual review and why a mere scanner based approach doesn't work.

Who are you?

Claim talk

By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.

If the claim is approved you will be able to edit the information for this talk.

Are you sure?

 
Comments closed.

Comments

Rating: 2 of 5

01.Mar.2012 at 10:58 by Anonymous

Very dry. I'm aware that security often is, but this seemed just a recital of areas where security audits should be performed, with a sprinkling of examples.

Slides were often full-screen images, symbolic of what the presenter was saying but useless outside the presentation.

I didn't find this session useful.

Speaker comment:

01.Mar.2012 at 11:25 by Arne Blankerts (5 comments)

Hi Anonymous,

I'm sorry if the talk didn't meet your expectations. Within roughly one hour of a presentation though it's hardly possible to go into depth of all the areas shown and as you can see from the abstract it wasn't meant to be. Funny thing is, you even mention as a critical point that the content was as advertised.

Regarding the slides: I hope you do realize that the very point of using slides is to *support* the presentation - not replace it.

Rating: 2 of 5

01.Mar.2012 at 13:51 by Anonymous

I find it very useful to review presentations by looking at slides. If your slides are available to us (I'm not sure if you are planning to release them), a photo of beans on a desk doesn't help very much.

I wasn't expecting an in-depth discussion of security audits. I was, however, hoping for more examples and illustrations. I can go online and find a list of areas to cover in a security audit. I attended your presentation hoping to gain insight based on your professional experience.

Speaker comment:

01.Mar.2012 at 15:14 by Arne Blankerts (5 comments)

Slides for about all our talks are available for download at http://talks.thephp.cc - same goes for this one.

Since you referred to the bean counting image: It may look like it might not transport much meaning, but it actually does: It symbolizes the very fact that an audit is exactly that - counting the proverbial beans. And that's about all I said when showing that particular slide, using it to lead over to the following slide...

Thank you for your feedback - appreciated.

Rating: 4 of 5

02.Mar.2012 at 09:08 by Enzo Rizzo (27 comments)

It's very hard to compress such a HUGE topic in an hour. I think the presenter did a good job. I found it VERY interesting and helpful

Rating: 3 of 5

02.Mar.2012 at 21:26 by Eric Hogue (157 comments)

Nice introduction to security audit. Nothing really detailed, just a high level view.

Rating: 5 of 5

06.Mar.2012 at 07:40 by Jean-François Côté (14 comments)

Nice introduction, very interesting.

© Joind.in 2014