Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of...
Transcript of Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of...
![Page 1: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/1.jpg)
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Web Application Security Strategies --OWASP Taiwan 2008
Yen-Ming ChenDirector of Consulting, NorthwestFoundstone, A Division of McAfee
![Page 2: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/2.jpg)
OWASP
Agenda
Security Problems and StatisticsAnalysisStrategic PlanningConclusion
2
![Page 3: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/3.jpg)
OWASP
Yen-Ming Chen
Director of Consulting, Northwest.Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition, HE of Web App, Win XP professional Security and HackNote Web securityDozens of articles in SecurityFocus, DevX, SysAdmin, PCWeek, CNET Taiwan, ITHome and other mediasInvited speaker for world wide security conferencesMSIN from C.M.U. Information Networking Institute (1999)
![Page 4: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/4.jpg)
OWASP
SECURITY PROBLEMS
Thus do many calculations lead to victory, and few calculations to defeat
4
![Page 5: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/5.jpg)
OWASP
Current Status
Security MaturityAttack Target ShiftSecurity EcosystemSQL InjectionWhy You Still Can’t Rely on Automated Tools
5
![Page 6: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/6.jpg)
OWASP
Information Security Maturity: 1996
![Page 7: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/7.jpg)
OWASP
Information Security Maturity: 2000
![Page 8: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/8.jpg)
OWASP
Information Security Maturity: 2004
![Page 9: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/9.jpg)
OWASP
Information Security Maturity: 2008
![Page 10: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/10.jpg)
OWASP
Attack Target Shift
From server to application; from corporate network to every user.
10
![Page 11: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/11.jpg)
OWASP
Google Search Trend
11
![Page 12: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/12.jpg)
OWASP
Hacking Evolved
![Page 13: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/13.jpg)
OWASP
Security EcoSystem
Government
Corporate/Organization The Bad Guys
General Public
Attack
Attack
AttackReg
ulate
Monitor/Catch
Reg
ulat
e Monitor
Monitor/Sell
Monitor
Monito
r/Sell
![Page 14: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/14.jpg)
OWASP
SQL Injection
RFP (Rain Forest Puppy) identified the problem in Phrack 54 (December 1998)
http://www.phrack.org/issues.html?issue=54&id=8#articleIn 2005, Cardsystem lost 40 million credit card infoIn 2008, an automated mass attack of 500,000 (estimated) web servers
Yes, using SQL Injection! Exploits of a mom (http://xkcd.com/327/):
14
![Page 15: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/15.jpg)
OWASP
Why You Still Can’t Rely on Automated Tools?
North Carolina News 13Web-based “closings” ticker for schools/businesses
Submit info Human approval Stack messages
http://tinyurl.com/pwpec
![Page 16: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/16.jpg)
OWASP
This is What You See…
![Page 17: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/17.jpg)
OWASP
UAL vs. Google
An old article about UAL's 2002 bankruptcy-court filing resurfaced Sep 8, 2008 as an apparently fresh report on Google's news service. Stock in the parent company of United Airlines quickly dropped to $3 a share from nearly $12.50 before the Nasdaq Stock Market halted trading and UAL issued a statement denying any fresh Chapter 11 filing.UAL's stock price ended Tuesday's session at $10.60, ...
![Page 18: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/18.jpg)
OWASP
UAL vs. Google
18
$1.1 Billion market value disappeared in a few hours!!!
![Page 19: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/19.jpg)
OWASP
Some Survey Data
![Page 20: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/20.jpg)
OWASP
McGraw Touchpoint Secure SDLC
![Page 21: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/21.jpg)
OWASP
Microsoft SDL
21
![Page 22: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/22.jpg)
OWASP
Where are things going?
Penetration testing is still how a lot of companies are going to assess their security
Frameworks/libraries/etc are going to make shooting yourself in the foot harder (xss, SQLi, etc)
“Silver Bullet” devices/technologies are always going to be around
SDL is starting to show proven results
![Page 23: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/23.jpg)
OWASP 23
![Page 24: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/24.jpg)
OWASP
What’s Next?
Security research is chasing after new technologiesNew vulns on different products will happen dailyBetter accuracies from security productsSlower to see new paradigm shift
Integrate security into your daily lifeCorporate M&ANeed better management on executionNew technologies to make it harder to make unsecure web applications
Learn from other fieldsKnowledge Discovery, Data Mining & Information RetrievalBiology, Physics, Social Science and others
24
![Page 25: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/25.jpg)
OWASP
WEB APPLICATION SECURITY
Whoever is first in the field and awaits the coming of the enemy, will be fresh for the fight
25
![Page 26: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/26.jpg)
OWASP
2007-2008 Analysis
Collected 77 Applications in 5 industriesPicked 27 out of them and did further studyArranged findings based on
Foundstone Security Framework, Overall risk level and Root cause in SDLC phases
26
![Page 27: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/27.jpg)
OWASP
Foundstone Security Framework
27
![Page 28: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/28.jpg)
OWASP
Financial Services – 15 Apps
28
![Page 29: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/29.jpg)
OWASP
Healthcare – 12 Apps
29
![Page 30: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/30.jpg)
OWASP
Insurance – 27 Apps
30
![Page 31: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/31.jpg)
OWASP
Retail – 17 Apps
31
![Page 32: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/32.jpg)
OWASP
Utility – 6 Apps
32
![Page 33: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/33.jpg)
OWASP
27 Applications
13 on Unix; 13 on Windows; 1 on NovellTotal 421 findings
33
![Page 34: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/34.jpg)
OWASP
Findings by Framework and Risk Level
34
![Page 35: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/35.jpg)
OWASP
High and Medium Risk Findings
35
![Page 36: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/36.jpg)
OWASP
Findings by Percentage
36
![Page 37: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/37.jpg)
OWASP
Findings by SDLC Phases
37
![Page 38: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/38.jpg)
OWASP
White Box vs. Black Box
![Page 39: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/39.jpg)
OWASP
10 Things To Secure Your Web App
AuthenticationPassword policy
Reset password function, history, complexity and account lockout
AuthorizationRole/privilege mapping and enforcementWorkflow/business logic authorization enforcement
Data ValidationDo your validation on the server-side both on output and input!
Session ManagementUse random session ID and maintain the state on server-side. Do not depend on any state information on the client
Data ProtectionProtect your important data in storage and transitChoose your data protection solution wisely
Configuration ManagementSecure server configuration and patch it well!
Exception ManagementHandle all exception and return generic error messages
Logging and AuditingWhat to log and how/when to audit?
39
![Page 40: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/40.jpg)
OWASP
STRATEGIC PLANNING
If you know the enemy and know yourself, you need not fear the result of a hundred battles
40
![Page 41: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/41.jpg)
OWASP
Six Sigma Tactical Steps
Define MeasureAnalyzeImproveControl
![Page 42: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/42.jpg)
OWASP
What is Process Sigma?
Defects per Unit and Opportunities
3.4 defects per 1 million opportunities is Six Sigma
Number of Defects
Number of units × Number of opps.
× 1,000,000
![Page 43: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/43.jpg)
OWASP
Balanced Scorecard
43
![Page 44: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/44.jpg)
OWASP
Methodology
44
Root Cause
Analysis
Root Cause
Analysis
Solution Mappin
g
Solution Mappin
g
Strategic
Planning
Strategic
Planning
![Page 45: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/45.jpg)
OWASP
Solution
45
![Page 46: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/46.jpg)
OWASP
Capability
46
![Page 47: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/47.jpg)
OWASP
Action Items
47
![Page 48: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/48.jpg)
OWASP
CONCLUSIONIn order to carry out an attack, we must have means available
48
![Page 49: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/49.jpg)
OWASP
Summary
We reviewed:Current security statusWeb application security statisticsStrategic planning to keep your web application secure
Security is an on-going process that also requires people and technology to play important roles.
49
![Page 50: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/50.jpg)
OWASP
No Silver Bullets or Easy Button!
![Page 51: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/51.jpg)
OWASP
If Toyota Builds Your Web Applications…
Modularization, Automation and Just-In-TimeReduce cost, maintain highest customer satisfactionImplementation phase will be automated and modularizedDevelopers won’t be able to use any insecure implementation techniquesWeb applications will be stick to the known best practice with high quality in security. When there is a serious flaw there will be a recall.
51
![Page 52: Yen-Ming Chen Director of Consulting, Northwest Foundstone ... · Yen-Ming Chen Director of Consulting, Northwest. Joined Foundstone in 2000 4 Contributing authorships: HE 3rd edition,](https://reader034.fdocuments.net/reader034/viewer/2022050114/5f4bd2024a93754908382bae/html5/thumbnails/52.jpg)
Copyright © The OWASP FoundationPermission is granted to copy, distribute and/or modify this document under the terms of the OWASP License.
The OWASP Foundation
OWASP
http://www.owasp.org
Thank You
Yen-Ming ChenDirector of Consulting,Foundstone, A Division of [email protected]
52