SAINTCON 2016 - Chad Butler - Big Shop AppSec for Everyone Else

Testing

Make app sec accessible to everyone with big shop approaches from Boeing, test-driven development, and more, for accelerated adoption and effective security testing.

Key takeaways
  • Test-driven development applies to security testing, focusing on writing tests before code.
  • Boeing’s approach to app sec involves transparency and collaboration.
  • Conflict between security teams and developers arises when the former focus too much on security, rather than sharing knowledge.
  • Guiding developers with high-level requirements and principles accelerates adoption.
  • Penetration testing with a cadence promotes regular security testing.
  • Threat modeling can be applied to software development lifecycle by analyzing potential threats.
  • Reducing complexity and using familiar tools (e.g., JIRA) promotes adoption.
  • Focusing on high-impact areas ensures effective security testing.
  • ASVS (Application Security Verification Standard) is a valuable resource for security requirements.
  • Bitfang OWASP provides guidelines and best practices for software security.
  • Dynamic scanning is a cost-effective way to ensure security.
  • Vulnerability remediation involves developing processes and tools for identifying and fixing issues.

More talks

Expert Talk: Web Development & Its Failures • Kevlin Henney, Stefan Judis & Lars Jensen

How to track progress and collaborate in data science and machine learning projects?

Clean Code: Eternal Practices – Jakub Pilimon

GTAC 2016: How Flaky Tests in Continuous Integration

Elena Romashkova - Climate Model Evaluation Workflow Built on Jupyter Notebooks | SciPy 2023

The Roadmap to Successful Product-led Growth: Experimentation, Iteration & Speed to Value

Testing Web Applications with Playwright - Debbie O'Brien, TestJS Summit 2022

Why Your Platform Monolith Is Probably a Bad Idea - David Leitner - NDC Porto 2023