Overview
Explore a conference talk from APPSEC Cali 2018 that delves into innovative approaches for addressing application security challenges. Learn how security practitioners can effectively influence development processes, bridge gaps between training and coding, and implement timely interventions to prevent security flaws. Discover strategies for working collaboratively with developers, testers, and architects to reduce security debt and prevent the recurrence of well-known vulnerabilities. Gain insights from Izar Tarandach, Lead Product Security Architect at Autodesk Inc., as he shares observations from multiple development teams, feedback from peers, and results from pilot tests. Examine topics such as threat modeling, secure development practices, just-in-time learning, and the use of checklists to improve security outcomes. Understand the importance of adapting security practices to match the pace of modern development and the challenges faced by security professionals in today's rapidly evolving technology landscape.
Syllabus
Intro
Welcome
The Development Process
Security Tools
CV Counts
Threat Modeling
Bob Alice
Bob Tizen Board
SQL Injection
Buffer Overflow
Change of Culture
The Problem with Problem
Security Objectives
Notable Security Events
Expanded Documentation Changes
Developer Time
Training Module
Key of Competence
Learning to Apply
Training Material
JustInTime Learning
We Not This Way
Checklist Manifesto
The Checklist Manifesto
Checklist Criteria
Security Events
The Experiment
The Overload
Why Not Code Reviews
Effects
Collab
Justintime training
Taught by
OWASP Foundation