Overview
Explore the challenges and solutions for integrating security practices into Agile Scrum development in this 54-minute conference talk from OWASP AppSec California 2015. Learn how to scale security efforts across multiple Scrum teams working on large-scale projects with monthly releases. Discover practical strategies for optimizing security research team interactions with engineering teams, accommodating their processes, and organically growing security expertise within an organization. Gain insights from real-world experiences, including successful approaches and lessons learned from less effective methods. Understand how to adapt security practices for organizations with limited resources, and find ways to balance security requirements with the fast-paced nature of Agile development. Benefit from the speaker's extensive application security experience and apply these insights to enhance collaboration between security practitioners and Agile Scrum teams in your own organization.
Syllabus
Intro
Agile Development
Why Scrum
What should we do
Evaluation
Product Backlog
Scrum Master
Team Split
Scrum Roles
Security Roles
Security Architect
What was good
Face Forwards
Automated Spirit Test
Challenges
Kanban
Deployment
Questions
Taught by
OWASP Foundation