Software is eating the world. Code is law.
We are in a unique space where you (yes you the developer, builder, designer) now have the chance to impact billions with that git commit or new UX. A few lines of seemingly innocent code, maybe that tiny UI change that you think is ok, is now being looked at in more detail by a growing criminal underground who are hellbent on weaponising vulnerabilities to make money money money.
Sadly, the security industry hasn’t made it easy to solve this. We’ve not kept up with trends, and our tools are hard to use and frankly make life miserable for those building and designing. So where do we go?
Hopefully, this talk will usher in a new era of security cooperation — one that is less friction, less no, and more “hey, how can we help?”
Daniel is the Global Head of Security Research for a large bank. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from small groups of curious minds to organised criminal networks and nation states we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 and now the co-author of the OWASP Application Security Verification Standard (ASVS).