Security as part of Quality Assurance


Comments are closed.

Anonymous at 14:58 on 27 Jun 2014

In my opinion the contents of the talk matches the description, but nut the title. I had hoped for more handles.

Sidenote: ten minutes of your worklife history at the start of the presentation kicks off is a little too long.

I had hoped for a bit more practical approach, we are programmers after all. Got a bit dry from time to time

Being one of the 2 persons who raised their hands at the question if they were responsible for security of this firm, I liked the talk. We are definitely going to implement the ASVS at our company as well.

Although I understand that diving deeply into the ASVS within 45 minutes is quite impossible, I would have loved to see some more examples. Maybe you could show per category a few of the criteria that need to be met to give people a more practical idea about ASVS.

Next time a bit more depth would be better. I did like the introduction to security as a whole, but (real life) examples and a hands on approach added would be gold. Loose the amjount of references to ibuildings, too much distracts from the overall story.

Would've liked a more practical approach and some more PHP (or javascript).

Looks like an underestimated topic to me, also looking at the responses here. I for one found this very interesting and will definitely pick this up. Thanks

Would have like to see some more hands on approach / examples. Also your way of talking seemed to lose energy after a few minutes, and that made it harder to keep listening.

Found it to be an interesting talk. Just knowing about the existence of the WASP and ASVS, learning that ASVS 2013 is ready/acceptable for real-life use, and the lesson about automated tools always falling short made it worth going. I agree with some of the comments here that a few more practical examples would have been nice.

One sidenote: we trust in the conference organisation to put people on stage who know what they're talking about, no need to convince us further during the talk :)

I thought this talk was really good, it gave us a good starting point for better security auditing