Explore a revolutionary approach to application security in this 52-minute conference talk from OWASP Foundation. Learn how to bridge the gap between modern software development practices and outdated security techniques. Discover the concept of instrumenting IT organizations with passive sensors to collect real-time data for identifying vulnerabilities, enhancing security architecture, and generating value. Gain insights into achieving unprecedented visibility into application security across an entire organization's portfolio, enabling proactive collaboration among security stakeholders. Examine topics such as healthcare-inspired security approaches, sensor design for clickjacking detection, continuous AppSec dashboards, and various security sensors for access control, vulnerable libraries, CSRF defense, and injection prevention. Understand how to align security measures with business concerns and transform application security to keep pace with DevOps speed and portfolio scale.
Application Security at DevOps Speed and Portfolio Scale
Overview
Syllabus
Intro
Application Security Is Healthcare
Sensors Are Revolutionizing Healthcare Your phone will know you're sick before you
Modern Software Development...
Defining "Portfolio Scale"
Gathering Intelligence
Designing a Clickjacking Sensor
Instrumentation
CHECK YOUR HEADERS
Continuous AppSec Dashboard
Access Control Intelligence Sensor
Generated Access Control Matrix from Code
Known Vulnerable Libraries Sensor
CSRF Defense Sensor
Canonicalization Correctness Sensor
Injection Sensors
Aligning Sensors with Business Concerns
Continuous Application Security!
Transforming AppSec
Taught by
OWASP Foundation
