Alexius DIAKOGIANNIS
European Investment Bank
Senior Java Architect @ European Investment BankIn short Alexius is the author of http://jee.gr , Software Architect, Tech Leader, Volunteer by Principal, Passionate Archer and a JAVA Geek!Alexius is a technology leader with over 20 years of experience in the field of Java/JEE and enterprise architecture design. He is an expert in the Spring framework and has managed several teams in critical projects. Additionally, he is a certified Scrum Master with PMP training and has contributed to open-source projects.As a speaker in several conferences, Alexius has demonstrated his ability to communicate technical concepts effectively and engage with a broader community of professionals. He is also a founding member and administrator of the largest developers and designers group in Greece, which has around 18,000 members.In this conference, Alexius will share his extensive knowledge and experience in software development, security and enterprise architecture.
Companies that have web applications necessarily have many resources to defend them from malicious users and hackers.
In order for a company to be able to cope with this, it must have a development cycle that allows code control before the software is made publicly available and continuous penetration testing
In this talk I will present a complete process for secure production and testing of an application. I will be based on the Rational Unified Process (RUP) analysis and production process.
I will first introduce some of the most common vulnerabilities found in web applications, through an introduction to them and presenting the OWASP TOP 10. Then I will describe the methods of secure code authoring and penetration testing in an application. I will assess the results, analyze the risk and suggest ways to mitigate where necessary.
This process outlined in this talk, which is not some of the well-known standards such as NIST 800-64, MS Security Development Lifecycle (MS SDL), OWASP CLASP is differentiated in that it does not require the developer to be skilled and highly skilled and competent to implement it and produce secure software but teaches him how to write secure software and pushes him to evangelize these practices in his environment.
More In order for a company to be able to cope with this, it must have a development cycle that allows code control before the software is made publicly available and continuous penetration testing
In this talk I will present a complete process for secure production and testing of an application. I will be based on the Rational Unified Process (RUP) analysis and production process.
I will first introduce some of the most common vulnerabilities found in web applications, through an introduction to them and presenting the OWASP TOP 10. Then I will describe the methods of secure code authoring and penetration testing in an application. I will assess the results, analyze the risk and suggest ways to mitigate where necessary.
This process outlined in this talk, which is not some of the well-known standards such as NIST 800-64, MS Security Development Lifecycle (MS SDL), OWASP CLASP is differentiated in that it does not require the developer to be skilled and highly skilled and competent to implement it and produce secure software but teaches him how to write secure software and pushes him to evangelize these practices in his environment.