Overview
Syllabus
Intro
Background
Security fundamentally shifts
What has changed
The existential shift
Security has to fundamentally change
What are the pieces of the SDLC
Agenda
Static Analysis
Static Analysis in the Past
Change the Core Static Analysis
Start with Command Execution
Use Static Analysis to Drive Conversations
Dynamic Scanning
Dynamic Scanning for Vulnerability Discovery
How to Adapt Scanning
How to Enforce Security Policies
Security Visibility
Security Visibility in the Past
How Do We Change This
What Does This Mean
Security Operationally Relevant Data
Feedback
Annual Pentest
Bug bounties
Thought leaders
Continuous feedback continuous visibility
Strategic benefits
Positive case
Taught by
Black Hat