At Pearson, the AppSec program was faced with a highly geographically-dispersed company with a wide range of different development styles and business practices. Add in a geographically-dispersed AppSec team, and something had to be done. To address the needs of the development groups, the AppSec team, and the business, Pearson created an AppSec Pipeline to handle the work flowing through AppSec.
The pipeline starts with “Bag of Holding,” BOH, an open source Django web application that helps automate and streamline the activities of the AppSec team and keeps the vital information available to any team member, anywhere at any time. At the end of the pipeline is ThreadFix, to combine, de-dupe, and manage all the findings from all the sources. This talk will cover the motivation behind the AppSec pipeline, its implementation at Pearson, and how it can help you get the most out of your AppSec program.
Aaron Weaver is the application security manager at Cengage. Over his career, Aaron has played various roles, including software developer, system engineer, and embedded developer with IT security. Previously, Aaron was the application security manager at Pearson, a learning and publishing company. He has worked on developer and QA awareness to increase security in the software development life-cycle and leads OWASP Philadelphia. When he has time, Aaron likes to make sawdust in his workshop.
Matt Tesauro is the application security lead engineer at Pearson and an adjunct professor for the University of Texas Computer Science Department, where he teaches the next generation of CS students about appsec. Matt has 15 years’ experience as a information security professional specializing in applications and cloud security. He was previously the senior product security engineer at Rackspace, and his work has included security consulting, penetration testing, threat modeling, code reviews, training, and university teaching. Matt has presented and provided trainings at various international industry events. He is a former board member of the OWASP Foundation and project lead for OWASP WTE project. Matt holds two degrees from Texas A&M University and several security and Linux certifications.
©2015, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org