Traditionally application security has involved upfront design and a big bang penetration test after development. This leads to the phenomenon of “bolt-on” security that translates into increased cost and complexity.

Drawing on our experience on real-world projects we show how security can be baked-in on an agile project. Using case studies we demonstrate how security concerns are captured during project inceptions, how developers write secure code, security testing is automated and how configuration management can help achieve secure deployments. This talk introduces several new concepts like secure by design, secure design patterns and lightweight code reviews.

 
1 favorite thumb_down thumb_up 2 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist
 

Outline/structure of the Session

We will cover following topics in the talk:

- Current state of Security on Agile projects
- Why is security in agile is different than other projects
- Integrating security in agile projects
- Continuous security testing
- Learning resources

Learning Outcome

Project managers would learn what kind of people they need to be on project to deliver a secure application to client. Developers would learn what things they need to keep in mind to write secure code, what practices to follow, etc. Quality Analysts would learn why security testing is different than any other testing and why and how to automate this testing.

Target Audience

Quality Analysts, Testers, Developers, Project Manager

schedule Submitted 1 year ago

Comments Subscribe to Comments

comment Comment on this Proposal
  • Aditya Garg
    By Aditya Garg  ~  1 year ago
    reply Reply

    Hi Shirish,

    Are you going to present some tool / demo some framework.

     

     

    • Shirish Padalkar
      By Shirish Padalkar  ~  1 year ago
      reply Reply

      No. This is going to be a best-practices session.