Explore application security integration within an Agile Software Development Life Cycle (SDLC) in this 44-minute conference talk from HouSecCon 6 (2015). Learn about the central tenets of Agile methodologies, including Scrum, and how they differ from traditional Waterfall development. Discover practical tools and techniques for incorporating security throughout the development process, from user stories to program creation, static analysis, logging, and architecture. Examine real-world examples and mind maps to understand the implementation of security measures in QA testing, dynamic analysis, and operational security. Gain insights into creating a secure SDLC program, balancing team dynamics, training developers, and fostering security champions. Delve into the integration of security practices with DevOps and QA processes to enhance overall application security in an Agile environment.
Overview
Syllabus
Introduction
Overview
Application Security in Development
Waterfall Development
Central tenets of Agile
Agile example
Scrum
Agile Process
User Stories
Tools
RealWorld Example
Mind Map
Program Creation
Static Analysis
Logging
Architecture
QA Testing
Dynamic Analysis
Operational Security
Secure SDLC Program Manager
Balance Team Member with Big Stick
Draft Developers
Training
Security Champions
Integration
DevOps
QA
