Application Security from Start to Finish

Explore a comprehensive conference talk on integrating security throughout the entire software development lifecycle. Learn from real-world incidents like the Kik dispute and SolarWinds attack to understand the critical importance of application security beyond pre-deployment testing. Discover practical strategies for securing development environments, implementing secret scanning and rotation, managing dependencies, and utilizing software composition analysis. Gain insights into leveraging Dependabot for supply chain management, identifying common vulnerabilities like XSS and SQL injection, and employing static and dynamic security testing techniques. Delve into advanced topics such as writing custom CodeQL queries for vulnerability hunting. Suitable for developers and DevOps engineers alike, this talk equips you with the knowledge to bake security into every stage of your development process, from start to finish.