Explore innovative approaches to application security in this 40-minute LASCON conference talk. Learn how to adapt traditional security testing methods to keep pace with rapid software development cycles. Discover strategies for implementing AppSec pipelines and event-based security across organizations of varying sizes. Gain insights into leveraging automation, continuous health checks, and Docker for horizontal scaling of security work. Examine real-world case studies and statistics demonstrating successful implementation of these techniques in companies with 4,000 to 40,000+ employees. Understand how to align your AppSec program with DevOps, Agile, and Continuous Delivery methodologies to enhance security efficiency and effectiveness.
AppSec Pipelines and Event-based Security - Moving Beyond a Traditional Security Test
Overview
Syllabus
Intro
AppSec and Trains
AppSec Pipelines
What is your pipeline
Whats next
Dev Pipelines
Using Jenkins for OS projects
Defect Dojo
Continental Railroad
Telegraph
Automation
REST API
Signal Sciences
Pearson
Checkmarks
Scaling with Docker
Custom Dockers
Docker Swarm
Jenkins Pipeline
Build your own pipeline
Pick a language
Case studies
Company 1 AppSec Pipeline
Company 2 AppSec Pipeline
Company 2 FDs
Finding Nemo
The Bruce Mantra
Taught by
LASCON
