OWASP AppSec Latam 2013

WordPress is the most popular Content Management System (CMS), powering more than 60 million websites. In June 2013, we ran an automated code scanning tool against the top 50 most downloaded plugins. The results were more than concerning. We found that more than 20% of these plugins were vulnerable to common Web attacks, potentially leading to 8 million vulnerable Websites. How do other CMS platforms and marketplaces fare?
In this talk we discuss how different application marketplaces encourage and enforce developers to write and submit secure apps. We look at their security measures and discuss their certification process to verify that the apps stand up to their set of standards. We examine the technological challenges associated with performing some of these security measures, such as source code analysis, when the developer has no visibility into the code of the underlying platform.
For this presentation we draw up examples of common marketplaces such as WordPress, Joomla and Force.com.
In particular, this talk will address:
- Different security requirements that marketplaces seek in order to certify an application
- Best practices to using a source code analsyis tool to pass the marketplace’s certification bar
- How to use the security certification as an added-value to your application