It's tempting to think as software developers we've done everything possible to secure our product once we've eliminated (or tried to eliminate) buffer overflows, implemented encryption and a dozen other secure-development practices. But is that all there is to developing secure software? In this talk Aaron discusses software development in context of red-team/blue-team exercises. He contends that developers are with few exceptions always members of the blue team and that that role brings with it obligations and opportunities to improve software security.
Aaron Poffenberger, CISSP, has more than 18 years experience developing commercial software. Aaron has developed security and auditing software for PentaSafe Security Technologies, NetIQ and now BRS Labs, Inc. Aaron has also worked in the field of web services and streaming media, most recently for The Anime Network where he designed and implemented public-facing APIs for mobile-app access, payment processing and delegated authentication. At BRS Labs Aaron leads development of the AISight API and SDK, server and web UI.