David Rook, Security Analyst of Realex Payments and blogger on security  site Security Ninja (http://www.securityninja.co.uk)  is presenting at BSides, Las Vegas on July 28th.

The presentation will be based on the Principles of Secure Development approach to secure development. The principles were produced after David analysed the root cause of common web application vulnerabilities. The talk will discuss how David feels the information security community should look to apply practices such as Failure or Systems Based Root Cause Analysis used in engineering to information security vulnerability research and subsequently developer education. The general principles and approach to documenting corrective actions in root cause analysis should be applied to information security vulnerabilities, allowing to identify the root cause of vulnerabilities which should prevent the vulnerability occurring/re-occurring in future.

The talk will include demonstrations of how hackers exploit vulnerabilities in insecure applications as well showing how you can prevent them in your own code by demonstrating how David has fixed the vulnerabilities in the insecure applications.

David Rook is a contributor to several OWASP projects including the code review guide and regularly presents at IT security conferences on the topic of secure application development.