How can you deliver a secure product?

My presentation on the Application Security Meetup. You will learn what is Security Development Lifecycle (SDL) You will understand why SDL is important You will dive in details of SDL and you will see tips for each SDL phase You will realize how to roll out an SDL in your organization Finally, you will have all skills to deliver a secure product Do not forget to The video recording:

Preventing OWASP A4 XML External Entities (XXE) in a better way

XML External Entities (XXE) is a dangerous vulnerability, currently ranked fourth (A4) in the OWASP Top Ten. Resolving this vulnerability should be a high priority for all Java developers. In this presentation, presented by Anat Mazar ( and Michael Furman ( on the OWASP meetup we will Demonstrate why XXE is so dangerous Show you how this vulnerability is typically resolved – in each and every place in the code that you parse an XML file Show you the better resolution – set a couple of system Java system properties once, and never worry about XXE again.