Please give us a detailed overview of your session and why attendees will be excited to hear about it.
Everyone are hiding behind big words, and in my talk I am trying to put things in the right perspective by calling the actions and events by their real name.
I would like to come to a conclusion why developers and programmers are simply that bad at security, and why there is such a big discrepancy between business and IT?
The software out there isn't getting better - just worse. We are talking about clear text APIs, hard-coded passwords in websites, poorly configured internet-facing infrastructure like FTPs, usage of end-of-life VPNs, etc.
Would you feel safe if the plane's pilot did not have valid flying training or a valid license to fly? You don't even question that when you are boarding a plane, and you assume he knows how to fly the thing, right? Now, how come developers only need to know how to code, without any kind of license or official training or even basic code-of-ethics training. I have seen how the whole SDLC goes to sh*t because someone just went for the functionality without considering what could go wrong.
One of the things I will talk about is how did I manage to hack my customer with a little help from his Lead Developer (without him knowing he helped me).
Anyone who is human-coder, or a manager, should attend to a topic like this.
About me:
Tino Šokić is a security professional, CEO of DobarDan.net, and working with the biggest companies in the world to help them make antidotes to cybercrime. He loves playing guitar and singing (he's got an amazing voice!), reading books (even though he could never put them down), learning new things for himself and teaching others what he knows best - information security. Tino believes that helping other people is his ultimate goal in life, so you'll see him at conferences giving talks, going on TV, or just hanging out with friends talking about all sorts of cybertopics.
