How to Avoid Flaws in the First Place: The OWASP Enterprise Security API (ESAPI) Project

Application security is arguably the most difficult IT challenge facing organizations today. Chasing the 700 types of common weaknesses with scanners and static analysis is a losing proposition. Rather than chasing after these vulnerabilities, developers can address almost all of these problems with a set of 10 to 12 strong centralized security controls. To make it easier for developers to establish these controls, the Open Web Application Security Project (OWASP) has created a clean, intuitive, and open-source toolbox of the core security building blocks that every web developer needs. In this talk, Dave will show you how to create an ESAPI for your organization that will solve the OWASP Top Ten vulnerabilities, increase assurance, and dramatically cut costs all at the same time.