Secure Software in an Agile WorldJeffery Payne
schedule 2 years agoSold Out!
It's a falacy that software built using an agile process cannot be made secure but this statement is often heard. Reasons given by naysayers often include: Sprints are too short to integrate security analysis, agile doesn't value formalizing the architecture/design and security analysis needs this, and agile doesn't value the types of documentation necessary for security to be validated. In this presentation, Mr. Payne dispells these myths and discusses an approach for integrating security analysis into an agile development process. Participants will learn how to identify both bugs and flaws during agile software development and how disciplined continuous integration / continuous delivery significantly assists the security process. Topics discussed within an agile context will include: secure requirements, threat modeling, architectural risk analysis, secure code review, security testing, penetration testing. Examples of building and deliverying secure software for both commercial and government agencies will be given.