Explore strategies for integrating application security into modern development processes in this 52-minute LASCON conference talk. Learn how to adapt security practices to fast-paced, agile environments without hindering progress. Discover various approaches to incorporating security activities, including tooling, assessments, stories, scrums, iterative reviews, and integrations with repositories and bug tracking systems. Examine the pros and cons of different solutions and gain insights from real-world experiences. Cover topics such as the changing state of development, security standards, secure design principles, software integrity examples, agile threat modeling, and security implementation. Understand the risks of gating processes and take away valuable lessons for effectively building security into your development lifecycle.
Overview
Syllabus
Intro
The Changing State of Development
Security Standards
Secure Design Principles
Software Integrity Examples
What has changed
Agile Threat Modeling
Security Tooling
Security Implementation
Process Integration - Risks of Gating
What did we learn?
Taught by
LASCON
Related Courses
-
Myths of Threat Modeling - AppSec California
-
Building an AppSec Pipeline - Keeping Your Program, and Your Life, Sane
-
Threat Model Every Story - Practical Continuous Threat Modeling Work for Your Team
-
Iterative Threat Modelling - Security in Agile Development
-
SDL That Won't Break the Bank
-
Threat Modeling for Secure Software Design
