Explore proactive application security strategies in this 39-minute conference talk from DerbyCon 4. Learn how to move beyond simply testing and filing bugs to actively improving security within your organization. Discover techniques for fixing minor bugs, identifying security-savvy developers, and building trust with development teams. Gain insights into effective code review practices, including rules for spotting interesting changes. Examine the benefits of implementing centralized logging mechanisms using tools like Logstash, Elastic Search, and Kibana. Investigate the concept of automated access control through the Doorman system. Enhance your ability to foster a security-conscious development culture and drive meaningful improvements in application security.
Overview
Syllabus
Intro
What's this talk about?
"Testing and Filing Bugs" is a Good Thing!
Start Fixing Your Own (Minor) Bugs
Identify Security Savvy Developers
Develop Trust and Rapport
Confucius Says...
See your work through
You're saying these words...
Here's a Cat Riding a Skateboard!
Code Review
Rules to look for interesting changes.
Centralized Logging Mechanism
Logstash, Elastic Search, Kibana
Doorman - Automated Access Control
Let's Conclude
Questions? Curses? Criticisms?
