Making Open Work
May 8–9, 2017: Training & Tutorials
May 10–11, 2017: Conference
Austin, TX

Application security: From zero to hero

Jet Anderson (DevSecOps Community)
11:00am11:40am Wednesday, May 10, 2017
Security
Location: Meeting Room 10 A/B
Level: Beginner
Average rating: ***..
(3.14, 7 ratings)

Who is this presentation for?

  • Developers, security architects, security engineers, and managers

Prerequisite knowledge

  • Basic software development process terms, such as waterfall, Agile, and DevOps

What you'll learn

  • Understand where to start, how to scale, and how to maintain good application security in a fast-paced DevOps environment

Description

Does your security team think finding a bunch of defects and giving a report to devs is a job well done? Do your in-house developers have the expertise to successfully identify software security defects on their own and know how to resolve security defects once identified? Do you have plenty of secure coding experts so that every development team has access to advice or mentoring on how to improve the security of their code? Do development teams test early and often in the SDLC instead of waiting until just before production to ask for a scan of their application? Is your current AppSec process transparent to developers? Do you think testing your software for security defects once or twice a year is enough, even though changes to your software happen perhaps as often as several times a day?

Application security is tough. But while the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when they’re created instead of during production when it’s already too late.

Topics include:

  • How to transition from “test it the week before production” to “test it every day during development”
  • How to get teams to adopt the testing platform and scan their code on a regular basis
  • How to get security programs funded and implement the technology quickly
  • How to scale the program in a short time without adding tons of staff
Photo of Jet Anderson

Jet Anderson

DevSecOps Community

Jet Anderson is the Community Leader for DevSecOps-Community.org and host of the #DevSecOpsLIFE internet TV show. A veteran software engineer turned AppSec evangelist and pentester, Jet holds a CSSLP and GWAPT, with experience developing software solutions for numerous fortune 500 companies for over 20 years. He has bootstrapped AppSec programs at huge companies creating true DevSecOps delivery pipelines that actually work without hiccups. He’s passionate about not just finding security defects, but training ninjas to destroy them with lightning speed.