Practical Tips for Defending Web Applications in the Age of DevOps

Discover practical tips for defending web applications in the DevOps era in this 36-minute Black Hat conference talk by Zane Lackey. Learn how to adapt traditional security controls like static analysis and dynamic scanning to modern development practices. Gain insights on obtaining visibility to empower development and DevOps teams, and measure your organization's security maturity effectively. Explore the fundamental shifts in security, changes in the software development lifecycle, and strategies for implementing lightweight security efforts. Delve into topics such as command execution analysis, driving security conversations, adapting scanning techniques, enforcing security policies, and achieving continuous feedback and visibility. Understand the strategic benefits of these approaches and how they can enhance your web application security in today's fast-paced development environment.