Steve Kosten is a security consultant at Cypress Data Defense and an instructor for the SANS DEV541 Secure Coding in Java/JEE: Developing Defensible Applications course. He’s previously performed security work in the defense and financial sectors and headed up the security department for a financial services firm. He is currently the Open Web Application Security Project (OWASP) Denver chapter leader and is on the board for the OWASP AppSec USA conference. He has presented security talks before numerous conferences. He is experienced in secure code review, vulnerability assessment, penetration testing, risk management. He holds a bachelor of science in Aerospace Engineering from the Pennsylvania State University and a Master of Science in Information Security from James Madison University. He currently maintains GSSP-JAVA, GWAPT, CISSP, and CISM certifications. Steve resides in Golden, Colorado. In his spare time, Steve enjoys attending his childrens’ sporting events with his wife, road and mountain biking, snowboarding, golfing, volleyball, and flying.
Why You Need a Secure SDLC and How to do it
The security team is not just those security professionals who yell at us to not click on links, we are part of the security team. In this talk, we will discuss and demonstrate why security is important by demonstrating some exploits and then talk about how we can integrate some security into our SDLC.