2021-09-03, 15:00–15:40, Main track
Have you ever seen a situation when the company hires highly skilled software developers, but the resulting product fails security review completely? In my talk, I raise the problem of shared responsibility, the importance of communication, and following the processes. The audience will learn the iterative process of building a secure architecture and how it's different from secure coding.
Have you ever seen a situation when the company hires highly skilled software developers, but the resulting product fails security review completely? In my talk, I raise the problem of shared responsibility, the importance of communication, and following the processes. The audience will learn the iterative process of building a secure architecture and how it's different from secure coding.
Building a secure application is "a tradeoff game" – the security level should be enough for the product and company's business goals. Luckily, the security industry has standards, best practices and guidelines. Making a secure product is a lot about the processes: it is not enough to build a system you consider safe; you need to maintain it and periodically reevaluate risks and threats.
Join my talk to learn how the business owners and stakeholders can cooperate with the development teams to create secure products.
Julia is a Security Software Engineer at Cossack Labs, building convenient and affordable data security and encryption solutions. With background experience in mobile application development, she helps customers to choose and implement security controls for their products. Julia is passionate about tech communities. She is a Security Lead at Women Who Code Kyiv, a Leader of the OWASP Zhytomyr Chapter, and a contributor to OWASP MASVS/MSTG.