SAINTCON 2016 - Chad Butler - Big Shop AppSec for Everyone Else

Testing

Make app sec accessible to everyone with big shop approaches from Boeing, test-driven development, and more, for accelerated adoption and effective security testing.

Key takeaways
  • Test-driven development applies to security testing, focusing on writing tests before code.
  • Boeing’s approach to app sec involves transparency and collaboration.
  • Conflict between security teams and developers arises when the former focus too much on security, rather than sharing knowledge.
  • Guiding developers with high-level requirements and principles accelerates adoption.
  • Penetration testing with a cadence promotes regular security testing.
  • Threat modeling can be applied to software development lifecycle by analyzing potential threats.
  • Reducing complexity and using familiar tools (e.g., JIRA) promotes adoption.
  • Focusing on high-impact areas ensures effective security testing.
  • ASVS (Application Security Verification Standard) is a valuable resource for security requirements.
  • Bitfang OWASP provides guidelines and best practices for software security.
  • Dynamic scanning is a cost-effective way to ensure security.
  • Vulnerability remediation involves developing processes and tools for identifying and fixing issues.

More talks

Talks - Irit Katriel: CPython's Compilation Pipeline

Turning Uncertainty into Success: How a Modern Approach can Thrive in a Conservative Environment

DPC2019: Hello my name is "if" - Sebastian Feldmann

Nurturing a "Legacy" Codebase with Karen Tracey - DjangoCon US 2022

The Dawn of Web3: RYO's Global Vision from Japan | Blockchain Futurist Conference 2024

ISO C++ Standards Committee Panel Discussion - Hosted by Herb Sutter - CppCon 2023

N. Alagoz, A. Mahfoudhi-Maximizing marketplace experimentation: switchback design for small samples

LeadDev Berlin 2022 Lusia Emme