Overview
Explore a comprehensive keynote address on applying security engineering principles to complex composite systems in modern web applications. Delve into the challenges of securing increasingly intricate systems composed of diverse components, frameworks, and hosting models. Learn high-level principles illustrated through a Smart City transit system example. Gain insights from Neal Ziring, Technical Director at NSA's Capabilities Directorate, as he discusses mission-critical aspects, safety considerations, data protection, and maintaining security throughout a system's lifecycle. Understand the importance of planning for failure, addressing various user types, and managing security from development to decommissioning in today's complex technological landscape.
Syllabus
Introduction
Purpose
Neals Background
Why are Composite Systems Hard to Secure
Modern Development Environments
Types of Users
Smart City Example
Inputs and outputs
Principles
Principle 1 Mission
Safety
Security
Data
Smart City
Understanding Security
Secrets
Integrity
Secret
End user passwords
Malicious insiders
Transit insiders
Cloud providers
Example
Plan for Failure
Maintaining Security
Decommissioning
Conclusion
Taught by
OWASP Foundation