Here is a link to the mini-presentation I gave last night at the Cincinnati Agile Roundtable.
Friday, April 23, 2010
Sunday, April 4, 2010
We'll discuss common web application security vulnerabilities, like cross-site and injection bugs, and how to avoid introducing them in your code by addressing security from the beginning of your development process. We'll use a variant of planning poker called protection poker to assess the security risks presented by each user story. Protection poker is played during each iteration planning meeting to give developers an idea of where they need to focus security effort in development. We'll play protection poker on planningpoker.com using the freely downloadable Badstore application for our exercise.