Ken Johnson is a Senior Security Architect for LivingSocial.com responsible for securing mobile applications, web services and web applications. Prior to joining LivingSocial.com, Ken worked in other application security roles including consulting for FishNet Security, Inc. and contracting for the Pentagon. Ken is the primary developer of the Web Exploitation Framework (wXf) and contributes to other open source application security projects as often as time permits. He has spoken at AppSec DC 2010, OWASP NoVA and Phoenix chapters, Northern Virginia Hackers Association (NoVAH) and is a contributor to the Attack Research team.

Abstract:

Baking In Security, Sweet, Secure, Cupcakes

This talk demonstrates the lessons learned while implementing application security into an already highly successful and talented development process moving at the speed of light and with infinite energy. Matt and Ken will discuss everything from the psychology to the economics involved in bringing an application security program into a start-up-rich environment full of creativity and intelligence, all while finding the balance between security and culture, a time honored “AppSec-Crusade”.

This 45 minute presentation will share some of LivingSocial’s recipes for success in building an application security program. Matt and Ken will discuss what changes were successful and what changes resulted in confection sugar explosions as they worked to spice up LivingSocial’s incredibly talented engineering team and show them the way to security. Matt and Ken will disclose the ingredients, which comprise their secret recipes, and how you can bake application security into your development program. From the 3-person development shop to the 300-strong, we’re sure you’ll find the right flavor.