Application security: From zero to hero
While the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when theyre created instead of during production when its already too late.
Talk Title | Application security: From zero to hero |
Speakers | Jet Anderson (DevSecOps Community) |
Conference | O’Reilly Open Source Convention |
Conf Tag | Making Open Work |
Location | Austin, Texas |
Date | May 8-11, 2017 |
URL | Talk Page |
Slides | Talk Slides |
Video | |
Does your security team think finding a bunch of defects and giving a report to devs is a job well done? Do your in-house developers have the expertise to successfully identify software security defects on their own and know how to resolve security defects once identified? Do you have plenty of secure coding experts so that every development team has access to advice or mentoring on how to improve the security of their code? Do development teams test early and often in the SDLC instead of waiting until just before production to ask for a scan of their application? Is your current AppSec process transparent to developers? Do you think testing your software for security defects once or twice a year is enough, even though changes to your software happen perhaps as often as several times a day? Application security is tough. But while the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when they’re created instead of during production when it’s already too late. Topics include: