Security as part of Quality Assurance

Boy Baukema

Friday 27 June 2014 from 14:30 to 15:15

Talk in English - US at Dutch PHP Conference 2014
View Slides: https://www.slideshare.net/relaxnow/security-as-a-part-of-quality-assurance
Short URL: https://joind.in/talk/f854e (QR-Code (opens in new window))

Avg. Rating

Security as part of Quality Assurance

Comments

Comments are closed.

Anonymous at 14:58 on 27 Jun 2014

In my opinion the contents of the talk matches the description, but nut the title. I had hoped for more handles.

Sidenote: ten minutes of your worklife history at the start of the presentation kicks off is a little too long.

Marius Pesé at 19:25 on 27 Jun 2014

I had hoped for a bit more practical approach, we are programmers after all. Got a bit dry from time to time

Robin S at 21:17 on 27 Jun 2014

Being one of the 2 persons who raised their hands at the question if they were responsible for security of this firm, I liked the talk. We are definitely going to implement the ASVS at our company as well.

Although I understand that diving deeply into the ASVS within 45 minutes is quite impossible, I would have loved to see some more examples. Maybe you could show per category a few of the criteria that need to be met to give people a more practical idea about ASVS.

Michel Everts at 22:23 on 27 Jun 2014

Next time a bit more depth would be better. I did like the introduction to security as a whole, but (real life) examples and a hands on approach added would be gold. Loose the amjount of references to ibuildings, too much distracts from the overall story.

Terry Salteh at 22:32 on 27 Jun 2014

Would've liked a more practical approach and some more PHP (or javascript).

Ge Zuidema at 11:24 on 28 Jun 2014

Looks like an underestimated topic to me, also looking at the responses here. I for one found this very interesting and will definitely pick this up. Thanks

Rudi at 19:46 on 28 Jun 2014

Would have like to see some more hands on approach / examples. Also your way of talking seemed to lose energy after a few minutes, and that made it harder to keep listening.

Sander Bol at 09:32 on 30 Jun 2014

Found it to be an interesting talk. Just knowing about the existence of the WASP and ASVS, learning that ASVS 2013 is ready/acceptable for real-life use, and the lesson about automated tools always falling short made it worth going. I agree with some of the comments here that a few more practical examples would have been nice.

One sidenote: we trust in the conference organisation to put people on stage who know what they're talking about, no need to convince us further during the talk :)

Ben Kwint at 13:41 on 11 Jul 2014

I thought this talk was really good, it gave us a good starting point for better security auditing