Doing AppSec at Scale - DevOps + Agile + CI/CD == AppSec Pipelines

Explore strategies for scaling application security in large organizations through this conference talk from LASCON 2015. Learn how to leverage DevOps, Agile, and CI/CD principles to transform a small AppSec team into a virtual army capable of handling extensive application portfolios. Discover real-world experiences from Rackspace and Pearson, covering key principles for accelerating and scaling AppSec programs. Gain insights into practical implementations, including rapid static scanning provisioning, 24/7 remediation advice for developers, and efficient report generation. Delve into topics such as automation, orchestration, ChatOps, and AppSec Pipelines to address technical security debt proactively. Understand concepts like workflow optimization, defect management, and the importance of creating a culture of innovation in AppSec. Learn how to improve feedback loops, implement "Ask the Bot" systems, and explore open-source project opportunities to enhance your organization's application security capabilities.