Application Security in an Agile World
More and more companies are switching to Agile and DevOps methodologies to enable continuous delivery.
And while development is becoming faster and faster and new features are released on a daily basis, application security is struggling to keep up.
For the most part application security seems to be stuck in the dark ages of waterfall.
In this talk Stefan will discuss a new approach to application security that enables Agile development teams to ship software at DevOps speed.
Outline/structure of the Session
- The importance of Agile and DevOps
- A Brief History of Application Security
- Making Application Security work in an Agile World
- Shifting Responsibility (Rugged Software/Security Champions)
- Manual vs automation
- Annual PT vs continuous security
- PDF reporting vs in-workflow reporting
- Call to action
- Conclusion
Learning Outcome
- Understanding Development from an AppSec point of view
- Understanding of how Dev Sec and Ops can work together
- Motivation to integrate AppSec into Agile
Target Audience
All audiences are welcome
Links
https://engineers.sg/video/devsecops-the-big-picture-culture-processes-and-technologies-on-a-high-level-devsecopssg--556
Comments
Hi Stefan,
I'd like to understand more about this talk. Is this going to be the same/similar as what you presented in the DevSecOpsSG video? What is the call to action at the end?
Thank you,
Stanly
Hello Stanly,
It's going to be very different to what I presented in the DevSecOpsSG video. Where in the DevSecOpsSG video I gave a very generic big picture overview of what Agile and DevOps is and how security should be integrated on a high level, in this talk I will be more specific and bring some examples related to embedding security into the agile development lifecycle (e.g for SCRUM) and how security has to transform in order to be useful and as frictionless as possible.
The call to action is around how security, like quality and performance, is the responsibility of every developer and how the security folks can become enablers to help the businesses achieve their goals.
After giving it another thought, I will likely merge the Call to Action with the Conclusion section to end the talk with it.