Explore a conference talk from AppSecEU 2015 in Amsterdam where Aaron Weaver presents strategies for building an AppSec pipeline to streamline security programs and maintain sanity. Learn about instrumenting fast food-style AppSec processes, creating a minimal viable product, and implementing tools like Google Forms and Python for efficient security management. Discover how to organize metadata, tag engagements, and utilize APIs for improved workflow. Gain insights into automating scanning, scheduling assessments, and integrating with development tools like Jira. Understand the importance of open source solutions, response time optimization, and automatic retests in creating an effective AppSec pipeline that enhances developer experience and addresses security requirements.
Building an AppSec Pipeline - Keeping Your Program, and Your Life, Sane
Overview
Syllabus
Introduction
Fast Food
Instrumentation
AppSec Fast Food
AppSec Pipeline
What does your front door look like
Google Form
Minimal Viable Product
Team Choice
Python
Bag of Holding
What does BO do
The Goal
Metadata
Tag
Pending Engagement
Environment Details
Related People
Commenting
Search By Application
Length Of Activities
Stories
Social Feed
Tooling Vendors
API
UI API
Workflows
Generic API
Scanning
Automation
Assessment Schedule
AppSec Bot
ThreadFix Example
Checkmarks Example
Make AppSec Work
Open Source
Response Time
Developers
Security Requirements
Automatic Retests
Deployment Experience
Threat Fixjira Integration
Deduping
Taught by
OWASP Foundation
