Does your security team think finding a bunch of defects and giving a report to devs is a job well done? Do your in-house developers have the expertise to successfully identify software security defects on their own and know how to resolve security defects once identified? Do you have plenty of secure coding experts so that every development team has access to advice or mentoring on how to improve the security of their code? Do development teams test early and often in the SDLC instead of waiting until just before production to ask for a scan of their application? Is your current AppSec process transparent to developers? Do you think testing your software for security defects once or twice a year is enough, even though changes to your software happen perhaps as often as several times a day?
Application security is tough. But while the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when they’re created instead of during production when it’s already too late.
Jet Anderson is the Community Leader for DevSecOps-Community.org and host of the #DevSecOpsLIFE internet TV show. A veteran software engineer turned AppSec evangelist and pentester, Jet holds a CSSLP and GWAPT, with experience developing software solutions for numerous fortune 500 companies for over 20 years. He has bootstrapped AppSec programs at huge companies creating true DevSecOps delivery pipelines that actually work without hiccups. He’s passionate about not just finding security defects, but training ninjas to destroy them with lightning speed.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com