Putting Application Security into Agile
Application security is a critical part of software development that isn’t well-represented in many agile projects. This talk will explain how to factor application security into short feedback cycles so that teams don't become overwhelmed by application security issues or practices.
One of the challenges we have in using application security practices is where to start and how to get value. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious.
What should you do if you aren’t involved with AppSec and still want to get started using AppSec practices? By adding steps to your daily practices and build pipeline, you can iteratively add AppSec practices to your process and increase the security of your software.
Join Jonathan as he lays out a plan for AppSec: where to start, how to achieve success, and how to build on it. We will also talk about what to do next, how you should introduce AppSec in your development process, and where AppSec should go in your build pipeline. Finally, we will discuss what can be accomplished with tools and what still needs to be done by a person.
Outline/Structure of the Talk
Introduction to AppSec
Why you should care about security
Using Agile Fast Feedback cycles with AppSec
AppSec Practices and where they fit into an Iterative process
How to get started with AppSec and how build on initial success
Learn how to apply Application Security practices within an iterative software development process.
Show how an agile development team can use what they learn about the security posture of their application in order to reduce the security risk of their application in production.
Learn how to leverage build pipelines to gather needed application security data in order to reduce the number of security defects in your software.
Learn where to start putting AppSec practices into your software development.
Learn what AppSec practices you should automate and what that automation will get you.
Learn that there is a set of AppSec practices you can introduce to your process over time.
Learn the pros and cons of each AppSec practice and how to decide if you want to invest in it.
Anyone that wants to know more about AppSec and how to build secure applications using Agile.
Prerequisites for Attendees
Understanding of agile software development practices.
No knowledge of Application Security is required.
This is a Webinar I did with Jeff Payne the CEO of Coveros, Inc. about DevSecOps:
“Leveraging Open Source Tools for DevSecOps”https://youtu.be/BcWp2mfVnBU