Black Hat USA 2011: ToolsTube with David “SecurityNinja” Rook on Agnitio v2.0
Working with developers, security professionals and management to cultivate an environment where secure code is written and flaws found consistently requires both time and money. The same can be said for producing informative reports and metrics when all of your security code review data resides in notepad, Word and Excel files. With these problems in mind I developed Agnitio to be my security code review Swiss army knife and released it as a open source tool in late 2010.
In this demonstration filled presentation I will show how Agnitio can be used to addresses repeatability, integrity and audit trail concerns by requiring the creation of application profiles, the use of a security code review checklist consisting of over 60 application security questions and mandatory integrity checks for reviews and reports created using the tool. I will demonstrate how the inbuilt secure coding and security code review guidance modules allow developers and security professionals to access the information they need precisely when they need it. I will also show how Agnitio automatically creates metrics and reports bringing much needed visibility to the security code review process with no extra effort required from the reviewer, developers or management.
Agnitio v2.0 will be released during this presentation which will see Agnitio’s already powerful feature set expanded to include more secure coding and security code review guidance, additional report types, developer and reviewer focused metrics and an automated source code analysis module.
David works as a Security Analyst for Realex Payments in Dublin. He is a contributor to several OWASP projects including the code review guide and the Cryptographic Storage Cheat Sheet. He has presented at leading information security conferences including DEF CON, SecurityBSides Las Vegas and RSA Europe. In addition to his work with OWASP David created a security resource website and blog called Security Ninja (securityninja.co.uk)
In 2010 the Security Ninja blog was nominated for five awards including the best technology blog at the Irish Blog Awards, the Computer Weekly IT Security blog award and was a finalist for the Irish Web Awards Best Technology Site. The website has an international audience with visitors from over 140 countries. David has recently become one of the first mentors in the Information Security Mentors project helping young people progress their information security careers.
Behind The Scenes
@toolswatch interviewing David Rook (@securityninja) during the Black Hat Arsenal Tools
David Rook (@securityninja) Discussing the new Agnitio v2 features and roadmap.