Introduction 1997 2006 2014 Consultant Engineer Software Architect Director of Engineering Rabble Rouser: Perl Java Applet C++ J2EE J2EE Spring Analytics Certificate Authority Vulnerability Scanner Penetration Test Manager Pricing Retail Banking Manufacturing Pharma Healthcare Research Ruby Rails Chicago BSides 2011, 2012 Defcon Skytalk OWASP Chicago, MSP 2013 AppSec USA 2012, 2013 ChicagoRuby 2013 Secure 360 Lone Star Ruby 2013 WindyCityRails 2013 Chicago JUG 2014 RailsConf 2014 Converge 2014 ChicagoCoderConference 2015 MS in CS Founder Consultant Agile Clojure Graph Database Big Data Trying to hack a business model that succeeds while helping developers. Domains: Projects: DevOps / Automation Training Coaching Code Review Plugged in to SDLC Consulting Assessments @mkonda [email protected] Secure DevOps Growing OWASP Board Agile Security
See • Botnets • Widespread use of harvested credentials • Account takeover • Credit card fraud • Dumps of passwords and sensitive data with SQLi • User pwnage with XSS
90% of security investments focus on network security. 75% of attacks focus on vulnerable applications. From industry advertisement. Original source not cited.
Organizational Health • 2184 members, 45 corporate. • Financially sound. • Excellent conference results including for AppSecUSA, AppSecEU and LATAM tour. • ED is full time employee (started summer 2014, full time Spring 2015) • Recently hired community manager - Noreen Whysel (November 2014) • Recently hired project co-ordinator - Claudia Casanovas (May) • Kate Hartmann and Kelly Santalucia continue to handle operational and membership awesomeness.
Active Work • Funded OWASP summer of code. • Increased activity in project summits. • Conference planning • All the background work of sponsors, elections, membership, project support…
Tiers • 0
–
Cursory
–
You
have
done
something.
You
define.
• 1
–
Opportunistic
–
Adequately
defends
against
easily
discoverable
items.
• 2
–
Standard
–
Adequately
defends
against
items
of
moderate
to
serious
risk.
• 3
–
Advanced
–
Defends
against
even
advanced
attacks
and
demonstrates
good
security
design.
mkonda
parttimenerd
eihigh
yuhta28
okashoi
jrsaruo
lhespanha
terhechte
ogiwarat
k9i
rabbitmagician1
sr2mg4
destraynor
colly
rmw
holman
wjessup
jasonvnalue
chriscoyier
orderedlist
eileencodes
tenderlove
samanthasiow
edds