Explore strategies for scaling up application security programs in large organizations with limited resources. Learn how to leverage DevOps, Agile, and CI/CD principles to create an AppSec Pipeline that iteratively improves security over time. Gain insights from real-world experiences at Rackspace and Pearson, covering key principles for speeding up and scaling AppSec programs. Discover practical examples of implementing these practices, including early integration, technical debt reduction, and customized workflows. Understand how to optimize AppSec efforts based on application types, risk systems, and automated tools. Explore concepts like the Knapsack Pipeline, reusable paths, and AppSec QA to enhance efficiency. Learn about integrating assessments, team dashboards, and defect management into your AppSec pipeline. Gain valuable knowledge on experimentation, manual assessments, and tool integrations to create a comprehensive AppSec strategy for your organization.
Taking AppSec to 11: Pipelines, DevOps and Making Things Better
Overview
Syllabus
Intro
Silver Lining
Handcrafting
Spinal Tap
Work Hallelujah
Workflow
Flow
Workflows
Custom but fast
AppSec Pipeline
Knapsack Pipeline
Reusable Path
AppSec QA
Optimizing AppSec
App Types
Risk System
Automated Tools
Threadfixes
Work in progress
Assessments
Team Dashboard
Application Repository
Application Status
Defect Dojo
Upstream and downstream information
Python Bob
Checkmarks
Experimentation
The Curve
Manual Assessment
Oh Snap Sec Pipeline
Tool Integrations
Absolute Pipeline Toolbox
Taught by
OWASP Foundation
