The Abridged History of Application Security: Lessons and Progress over Six Decades
In the realm of Application Security, the journey from the 1960s to the present day is a story of remarkable evolution and progress. This keynote presentation aims to embark on an enlightening historical exploration, tracing the trajectory of the field from its nascent stages to its current sophistication. The talk begins by setting the scene in the early 1960s, a time when application security was in its infancy. This era was marked by practices that would be deemed alarming today: plaintext password storage, lax password policies, inadequate access control measures, rudimentary or non-existent cryptography, and a host of other glaring security oversights. These practices, while standard for their time, laid the groundwork for the fundamental principles of application security. As we journey through the decades, the presentation will highlight key milestones and turning points in the evolution of application security. This includes the emergence of more robust cryptographic techniques, the development of comprehensive password policies, and the implementation of advanced access control systems. Each of these developments represented a significant leap forward in securing applications and protecting sensitive data. A pivotal aspect of this narrative is the role of the Open Web Application Security Project (OWASP). The talk will delve into how OWASP has been instrumental in shaping the field, offering insights into its contributions and the impact of its guidelines and resources on the global application security landscape. Beyond the historical recount, this keynote also serves to inspire and energize those in the security industry. It's a field often mired in the relentless pursuit of addressing failures and vulnerabilities, a pursuit that can be intellectually and emotionally taxing. By offering a macroscopic view of the industry's evolution, the presentation aims to highlight the significant progress made and the positive trajectory we are on. It's a reminder that, despite the challenges, the field of application security has made tremendous strides and continues to advance in protecting the digital world. This retrospective is not just an academic exercise; it's a beacon of hope and motivation for security professionals. It's a testament to the industry's resilience, adaptability, and relentless pursuit of a more secure digital environment. Attendees will leave not only with a richer understanding of the field's history but also with renewed vigor to continue pushing the boundaries of what is possible in application security.
Keynote at Security Fest 2024.
Speaker: Jim ManicoAbout Jim Manico
Jim Manico is the Founder of Manicode Security, a company dedicated to providing expert training in secure coding and security engineering to software developers. His work at Manicode Security reflects his deep commitment to elevating software security standards in the industry. In addition to leading Manicode, Jim is actively involved in the tech startup ecosystem as an investor and advisor. His portfolio includes notable companies such as SemGrep, EdgeScan, Nucleus Security, Defect Dojo, KSOC, Akto, MergeBase, Inspectiv, Levo.ai, Pheonix, and Bearer. Furthermore, he is a fund limited investor with Aviso Ventures, bringing his extensive knowledge of software security to the venture capital domain. Jim is a recognized figure in the software development community, particularly known for his contributions to secure software practices. He holds the esteemed title of a Java Champion, acknowledging his significant contributions to the Java community. His expertise in this field is further solidified by his authorship of "Iron-Clad Java: Building Secure Web Applications", published by Oracle Press. Beyond his professional endeavors, Jim is committed to giving back to the community through his volunteer work with the OWASP foundation. He co-leads crucial projects such as the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series, contributing significantly to the field of web application security. For more detailed insights into Jim Manico's professional journey and contributions, please visit his LinkedIn profile ( https://www.linkedin.com/in/jmanico ) or visit him on X/Twitter: @manicode ( https://twitter.com/manicode ).
