Scaling Security through Context-Based Security Assessments

Discover how to scale security assessments and provide timely feedback in hyper-growth organizations through context-based security assessment workflows. Learn from Splunk's Senior Tooling and Automation Engineer Andrew Lien, Product Security Tooling Engineer Sanjeev Reddy, and Teja Myneedu as they demonstrate their innovative approach to streamlining processes and automating workflows for product security teams. Explore the concept of a "magical funnel" that captures product context to determine appropriate security assessment workflows, eliminating repetitive information gathering and improving efficiency for both security and engineering teams. Gain insights into Splunk's method of scaling security assurance by creating custom assessment workflows based on security impact and retaining context for future assessments. This 43-minute OWASP Foundation talk covers challenges faced by product security teams, engagement models, product context considerations, and includes a demo of their solution, making it valuable for professionals seeking to enhance their organization's security assessment processes.