Matt Fisher — SPI Dynamics

As more and more organizations begin adopting web application security into their overall development lifecycle, it becomes critical that they have a framework for addressing the technical and business risk of web application defects and understand the implications of a web hack if the defects are not appropriately addressed. The talk will discuss prioritizing web application threats throughout the lifecycle and educating non-traditional security groups such as QA and development on why security defects should be treated like any other functional and performance defects that could have an impact on an organization's bottom line. In addition, the talk will demonstrate how higher priority web application defects such as SQL Injection can be exploited by a hacker if not corrected.

---