Putting Application Security into Agile

improving-your-game Accepted Talk 45 Mins Beginner devsecops appsec application-security agile-practices devops
Jonathan Kauffman
Jonathan Kauffman
Consultant
Coveros, Inc.
location_city Washington schedule Oct 3rd 02:15 - 03:00 PM EDT place Ballroom D people 3 Interested

Application security is a critical part of software development that isn’t well-represented in many agile projects. This talk will explain how to factor application security into short feedback cycles so that teams don't become overwhelmed by application security issues or practices.

One of the challenges we have in using application security practices is where to start and how to get value. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious. 

What should you do if you aren’t involved with AppSec and still want to get started using AppSec practices? By adding steps to your daily practices and build pipeline, you can iteratively add AppSec practices to your process and increase the security of your software.

Join Jonathan as he lays out a plan for AppSec: where to start, how to achieve success, and how to build on it. We will also talk about what to do next, how you should introduce AppSec in your development process, and where AppSec should go in your build pipeline. Finally, we will discuss what can be accomplished with tools and what still needs to be done by a person.

 
0 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/Structure of the Talk

Introduction to AppSec

Why you should care about security

Using Agile Fast Feedback cycles with AppSec

AppSec Practices and where they fit into an Iterative process

How to get started with AppSec and how build on initial success

 

Learning Outcome

Learn how to apply Application Security practices within an iterative software development process. 

Show how an agile development team can use what they learn about the security posture of their application in order to reduce the security risk of their application in production. 

Learn how to leverage build pipelines to gather needed application security data in order to reduce the number of security defects in your software. 

Learn where to start putting AppSec practices into your software development.

Learn what AppSec practices you should automate and what that automation will get you.

Learn that there is a set of AppSec practices you can introduce to your process over time.

Learn the pros and cons of each AppSec practice and how to decide if you want to invest in it.

Target Audience

Anyone that wants to know more about AppSec and how to build secure applications using Agile.

Prerequisites for Attendees

Understanding of agile software development practices.

No knowledge of Application Security is required.

Slides

View Slides image

Video

Watch Video ondemand_video

Links

This is a Webinar I did with Jeff Payne the CEO of Coveros, Inc. about DevSecOps: 

“Leveraging Open Source Tools for DevSecOps”https://youtu.be/BcWp2mfVnBU

schedule Submitted 7 months ago
AgileDC 2022

Washington, United States

Washington Venue launch

Mon, 3rd Oct 2022

email Contact Us
Recent Activities
Call for Proposals CLOSED
Ended on Aug 31 '22 11:59 PM EDT

Hello Community members,

You have probably missed the AgileDC conference over the last two years as much as we did. Today, we are excited to announce that we are inviting members from across our local and national Agile Community to submit a potential presentation for this year’s conference… a conference that will be somewhat different than in years’ past.

First and foremost, the physical conference will have a smaller footprint and we will only be accepting 36 presentations (roughly half of prior years). 

Additionally, this year’s selection process is based on the work of Adam Cronkite, of Democracy Research,  and Mike Lauer, of the National Institutes of Health (NIH), explored in the Revisionist History Podcast: The Powerball Revolution. Rather than rely exclusively on the organizing committee to determine who should be part of the program, this method randomizes the selection of submissions, which removes the potential for bias in the selection decision. 

The process works as follows:

  • First, the organizing committee will review submissions against the following criteria:
    • Is the proposal related to Agile Software Development or the use of Agile principles in other fields?
    • Does the proposal abstract and title sell the audience on attending your session?
    • Is the proposal outline/structure clear and detailed enough including a description of the content, concrete examples, good time management, and balance theory and experience?
  • Then, all submissions that meet the minimum proposal criteria will be added to a lottery for random selection;
  • The randomly selected speakers will be asked to interview with one or more organizing committee members before the final schedule is determined.

The podcast is available here: Revisionist History Podcast: The Powerball Revolution.

All proposals submitted after July 26th and before August 24th will be considered for the final schedule. Each presentation timebox is a 45-minute session of which at least 10 minutes should be set aside for Q&A with session participants.

Speakers will be notified whether their presentation has been selected on or about September 2, 2022.

Good luck! 

Details play_arrow
Speaker Compensation
flightTravel covered info_outline
hotelAccommodation covered info_outline
confirmation_numberFree conference pass info_outline
Please refer to our Speaker Compensation Policy
Active Members
help