Explore design approaches for security automation in this 40-minute conference talk from AppSec California 2016. Learn how to decide between building, buying, or borrowing security automation frameworks for your organization. Discover criteria beyond technology stack compatibility, qualities of good design for your environment, deployment considerations, effective open-source tools, and strategies to enable teams without creating noise. Gain insights from Peleus Uhley, Lead Security Strategist at Adobe Systems, as he discusses evaluating and implementing security automation tools. Cover topics including data management, web application security assessment, integration, compliance, code review, behavior-driven tools, incremental design, and automation frameworks. Understand key design principles, REST API considerations, and platform choices to enhance your organization's security automation efforts.
Overview
Syllabus
Introduction
Why
Rock Stars
Data Management
Web Application Security Assessment
Integration
Compliance
Library Component Tracker
Code Review Checker
Build vs Buy
Source Code
Behavior Driven Tools
Security Assertion Model
Incremental Design
Separate Reporting
Dynamic Variables
Tools
Rest API
Platform Choice
Web Web
Safety Support
Technologies Used
Design Principles
Automation Framework
Small Steps
Summary
Wrap up
Taught by
OWASP Foundation
