Topic: The Why and How of Secure Code Reviews
Abstract: Writing secure code should be the goal of every development shop. Security can never be an add-on at the end of a project, but must be part of the design and development process throughout the software development lifecycle. As you develop the code, or have finished the development, how well do you know you if you followed the best practices for writingsecure code? This session will cover the common issues and mistakes to look for as you do a secure code review on your own development code. We will cover authentication, authorization, application configuration, cryptography, and many other categories that can be difficult to get right in writing secure code.
Although this will be a new topic for me to speak on, this has long been an interest of mine, and it is something I very much enjoy doing as part of my work.
As always, the meeting is open to everyone so bring your friends and co-workers. If you want free pizza, contact the group leader Ben Day by sending an RSVP using the contact form (http://blog.benday.com/contact.aspx) by 1pm on 9/7.
Update 9/13/2006: Slides for the talk are available.