First ever ACM Conference on Data Application Security and Privacy
Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, announced that John Dickson, CISSP will be delivering a keynote address to the first-ever Association for Computing Machinery, Special Interest Group on Security, Audit and Control (SIGSAC) conference on Data and Application Security and Privacy. The conference, organized by the Institute for Cyber Security (ICS) at the University of Texas at San Antonio (UTSA), will include many leading worldwide scholars in the field of privacy and security.
The keynote, titled “Software Security: Is OK good enough?” will address the existing state of application security and the struggles for business justification when securing software applications. “I want to convey to this gathering of top academic talent the genuine state of software security in enterprise clients,” said John Dickson, Principal, Denim Group and keynote speaker. “The reality is that most buyers do not demand their software to be secure, and many suppliers are focused purely on features and functionality – we need to look at different justification models to enhance the perceived need of security in software.”
The conference will include top researchers in security and privacy in academia today. “We are excited to host this group of world-wide leaders who are advancing the state of security for applications and privacy,” said Jeff Reich, CISSP, the Director of Operations at UTSA’s ICS. “San Antonio is the perfect backdrop for this ACM Conference given the heightened level of security activity in the region associated with the Air Force and San Antonio’s emerging recognition as a cyber security center of excellence.
A Cross Site Request Forgery vulnerability, en.wikipedia.org/wiki/Cross-site_request_forgery, is a complex software design and coding flaw. Software security managers struggle to explain these vulnerabilities and their impact to development teams. Creating secure development strategies that consistently mitigate the risk associated with CSRF vulnerabilities is even more difficult. By providing public access to the ThreadStrong CSRF course, Denim Group hopes to increase the understanding of this prevalent vulnerability and support development teams in creating secure systems.
The recent SANS/Internet Storm Center 2010 Top Cyber Security Risks Report noted that Cross Site Request Forgery vulnerabilities are increasing, even as other web application vulnerabilities such as cross site scripting and SQL injections are decreasing. Given the widespread nature of this vulnerability and high visibility software breaches, development teams need to adapt to this evolving risk.
“Software development teams are constantly asking their security colleagues for guidance on how to create secure applications,” said Dan Cornell, Chief Technology Officer of Denim Group. “By donating this ThreadStrong module for community use, we hope to raise awareness about CSRF vulnerabilities and helps the teams trying to build more secure code.”
About Denim Group
Denim Group develops secure software, helps organizations assess and mitigate risk with existing software, and provides training on best practices in software security. Denim Group has worked with a range of Fortune 500 companies and public sector organizations, bringing a focused software development approach to the world of software security. Denim Group is a strong contributor to the larger application security community, and has been involved with the Open Web Application Security Project (OWASP) since shortly after its inception. Additionally, Denim Group was ranked 1,925 in Inc. Magazine’s 5000 Fastest-Growing Private Companies in America in 2010. For more information about Denim Group, visit www.denimgroup.com.
ACM is an educational and scientific society uniting the world’s computing educators, researchers and professionals to inspire dialogue, share resources and address the field’s challenges. ACM strengthens the profession’s collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking. ACM carries out its mission through conferences, publications, educational programs, public awareness activities, and special interest groups. It sponsors over 150 conferences annually, including conferences on computer graphics (SIGGRAPH); data communications (SIGCOMM); mobile computing (SIGMOBILE); knowledge discovery and data mining (KDD);software engineering (SIGSOFT); high performance computing (SC); human computer interaction (SIGCHI); object-oriented programming (OOPSLA); and freedom and privacy (CFP).