Stop Chasing Vulnerabilities - Introducing *Continuous* Application Security

Presented at AppSec USA 2014, Sept. 19, 2014, 1 p.m. (45 minutes)

For too long, application security has been "experts-only" and practiced one-app-at-a-time. But modern software development, both technology and process, is mostly incompatible with this old approach and legacy appsec tools. Software development has been transformed by practices like Continuous Integration and Continuous Integration, and the time has come to bring these efficiencies to security. In this talk, Jeff will show you how you can evolve into a "Continuous Application Security" organization that generates assurance automatically across an entire application security portfolio. Jeff will demonstrate how open-source tools (including OWASP ZAP, Mozilla's Minion, Gauntlt, and others) can be integrated to provide a comprehensive real time application security dashboard. With this approach, we can leverage the power of big data analytics to gain unprecedented insight into enterprise application security and finally focus on enterprise application security strategy rather than simply chasing the next XSS. Before you come to this talk, be sure to check out "Application Security at DevOps Speed and Portfolio Scale" for some background.


Presenters:

  • Jeff Williams - Co-founder and CTO - Contrast Security
    I've been in security since the late 1980's and have been blessed with the opportunity to help start three great organizations: Aspect Security (recently sold to EY), OWASP, and Contrast Security. I'm coming to AppSec EU to meet *you*. I'm easy to find :-) and love to talk about basketball, boomerang design, DevSecOps, security instrumentation, replacing SAST/DAST/WAF with IAST/RASP/SCA, cost-effective appsec programs, OWASP history, and Dad-life (four kids, two in college). I am convinced that appsec as we know it must change and that DevSecOps is the path forward. I'd love your help!

Links:

Similar Presentations: