Explore a comprehensive guide to development tools from a security professional's perspective in this 52-minute conference talk from HouSecCon 6. Gain insights into understanding developers' mindsets, fostering empathy, and effectively integrating security practices into the development process. Learn about ThreadFix and its applications, defect tracking, IDE plug-ins, and incorporating security testing into builds. Discover how to leverage Selenium tests, implement SecDevOps practices, and utilize SonarQube for metrics tracking. Enhance your ability to bridge the gap between security and development teams while improving overall software security.
Overview
Syllabus
Intro
An InfoSec Perspective on Developers
The Curmudgeon
Don't Be a Jerk; Perhaps Try Some Empathy
Get Your Mind Right
Empathy and Compassion
If His Holiness the Dalai Lama Isn't Tough Enough
Understand Developer Tools
What Can We Do With ThreadFix?
How Do Developers Manage their workload?
Mapping Vulnerabilities to Defects
Demo: Defect Tracker Integration
Where Do Developers Actually Spend Their Time?
IDE Plug Ins
How Do Developers Know Their Software Works?
Get Security Testing Included In Builds
ThreadFix Jenkins Plugin
Taking Advantage of Selenium Tests
SecDevOps with ThreadFix
What Metrics Do Developers Track?
SonarQube Integration
Questions / Contact Information
