Explore the evolution of application security over the past 25 years and gain insights into its future in this keynote address by Adam Shostack, President of Shostack + Associates. Delve into Shostack's personal journey from conducting source code security reviews at a bank to joining Microsoft's SDL team. Discover key highlights and challenges faced in the AppSec field, and contemplate the potential developments and new frontiers in security over the next quarter-century. Examine the progress made in technical security and government regulations, and consider persistent issues like insecure design. Investigate the impact of AI as both a problem solver and creator in the security landscape, and ponder the ethical implications of emerging technologies. Gain valuable perspective on demonstrating trustworthiness, composition in security systems, and the importance of notification and learning in the ever-evolving world of application security.
25 Years in AppSec: Looking Back and Forward
Overview
Syllabus
Intro
Dr My start in firewall code review
Rough architecture
The guidelines: perspective on 199
Perspective from 1996
25 Years Go By Fast: AppSec
Technical progress - security
Government progress
Insecure Design makes the Top 10
The more things change...
Appsec will change in many ways
Al as problem solver (2)
Al as problem area
Al as problem creator
Khashoggi as abuse victim
What problem are we solving?
Demonstrating Trustworthiness
Composition
Learning systems
Dr Notification & Learning
Going forward
Taught by
OWASP Foundation
