location_city Singapore schedule Oct 6th 10:35 - 11:20 AM place Legends I

More and more companies are switching to Agile and DevOps methodologies to enable continuous delivery.

And while development is becoming faster and faster and new features are released on a daily basis, application security is struggling to keep up.

For the most part application security seems to be stuck in the dark ages of waterfall.

In this talk Stefan will discuss a new approach to application security that enables Agile development teams to ship software at DevOps speed. 


Outline/Structure of the Experience Report

  • The importance of Agile and DevOps
  • A Brief History of Application Security
  • Making Application Security work in an Agile World
    • Shifting Responsibility (Rugged Software/Security Champions)
    • Manual vs automation
    • Annual PT vs continuous security
    • PDF reporting vs in-workflow reporting
  • Call to action
  • Conclusion 

Learning Outcome

  • Understanding Development from an AppSec point of view
  • Understanding of how Dev Sec and Ops can work together
  • Motivation to integrate AppSec into Agile

Target Audience

All audiences are welcome

schedule Submitted 3 years ago

Public Feedback

comment Suggest improvements to the Speaker
  • Stanly Lau
    By Stanly Lau  ~  3 years ago
    reply Reply

    Hi Stefan,

    I'd like to understand more about this talk. Is this going to be the same/similar as what you presented in the DevSecOpsSG video? What is the call to action at the end?

    Thank you,


    • Stefan Streichsbier
      By Stefan Streichsbier  ~  3 years ago
      reply Reply

      Hello Stanly, 

      It's going to be very different to what I presented in the DevSecOpsSG video. Where in the DevSecOpsSG video I gave a very generic big picture overview of what Agile and DevOps is and how security should be integrated on a high level, in this talk I will be more specific and bring some examples related to embedding security into the agile development lifecycle (e.g for SCRUM) and how security has to transform in order to be useful and as frictionless as possible.

      The call to action is around how security, like quality and performance, is the responsibility of every developer and how the security folks can become enablers to help the businesses achieve their goals.

      After giving it another thought, I will likely merge the Call to Action with the Conclusion section to end the talk with it.