The Realex Payments Application Security story, narrated by Security Ninja.

No ratings

Presented at BSidesUK 2013 by

David Rook

The Security Ninja blog has been nominated for five awards including the best technology blog at the Irish Blog Awards, the Computer Weekly IT Security blog award and was a finalist for the Irish Web Awards Best Technology Site. David received a Developer Security MVP award from Microsoft in 2011 and 2012 as well as the SC Magazine Europe 2012 Rising Star award. David strives to practice what he preaches and has backed up his work experience by developing two open source security code review tools called Agnitio and the Windows Phone App Analyser. Abstract: "As the old British Telecom adverts used to say, it\'s good to talk, so I thought now was a good time to talk about how we do application security at Realex Payments. Rather than just talk about where we are today this talk will focus on the lessons learned over the past five years and what I\'d do differently if I could it all again. I will tell the story of how application security has worked and evolved in a fast growing technology company from the day we created our first application security role in the business to our current application security approach. The story will include how we scaled application security to keep up with the changes in a fast growing business, how playing card games with developers was one of the best things we\'ve ever done and how following the KISS principle in the early days of an application security program is vital. You will see how we have progressed from having no dedicated application security resources to our current staffing levels and how our goals have evolved from simply security reviewing our applications to more grand goals such as wanting to provide free application security training for anyone in Ireland. This isn\'t an application security talk focusing on the theory and approaches that seem good on paper. You will have the opportunity to learn the lessons from five years of real world application security from the person who was at the centre of application security in Realex Payments. Following on from the success of Agnitio I will be releasing three new open source application security tools I have developed in this talk. These tools have helped improve application security reviews, reporting and visibility in Realex and I hope they will do the same for you! The Ninja News Daily said "5 stars! The Realex Payments Application Security story is a gripping story of one ninjas journey through five years of application security. Do not miss!" The presenter says... The level of difficulty of this talk is 3 and I consider it is suitable for Techies, Business, Any Geek. This is a new talk and it can be filmed and released.