Explore how to optimize your AppSec program by incorporating the best practices from Agile, DevOps, and CI/CD methodologies in this informative conference talk from AppSecUSA 2016. Learn from real-world examples and concrete strategies implemented across multiple companies, ranging from 4,000 to 40,000+ employees, to scale up your AppSec efforts and tackle technical security debt. Discover how to transform your small team of AppSec professionals into a virtual army, leveraging iterative improvements and innovative approaches. Gain insights into new OWASP projects, including the AppSec Pipeline project, Defect Dojo, and the AppSec Pipeline toolbox, which can aid in your journey towards more effective application security. Delve into topics such as custom AppSec workflows, testing automation, optimizing people's time, and fostering a culture of innovation within your organization.
AppSec++ - Taking the Best of Agile, DevOps, and CI/CD into Your AppSec Program
Overview
Syllabus
Intro
Matts background
Custom AppSec
Henry Ford
Phoenix Project
Workflow
Testing
Burrito Your Way
AppSec Pipeline
Key Features
Pipeline
Build Pipelines
Deming Quote
Optimizing People Time
Pearson
Call to Action
Please bug all vendors
Chat integration
Automation
Culture of Innovation
Whats Next
Weaponizing Jenkins
Demo
Scale
Jenkins Pipeline
Open Source
Pipeline is Code
Open Projects
Defect Dojo
Aaron Weaver
Taught by
OWASP Foundation
