Overview
Explore the challenges developers face with application security and learn effective strategies to improve DevSecOps practices in this 27-minute OWASP Foundation conference talk. Delve into Scott Gerlach's experiences building DevSecOps practices and tools at major companies like GoDaddy, SendGrid, and Twilio. Gain insights into specific obstacles hindering developers in AppSec and discover practical solutions to overcome them. Examine topics such as the role of security teams, breaking down silos, prioritizing security measures, and integrating security tools into the development process. Understand the importance of addressing security terminology, production bias, and the impact of bugs in production. Learn how to initiate security testing and foster a culture of continuous improvement in application security. Whether you're a seasoned professional or new to DevSecOps, acquire valuable knowledge to enhance your organization's approach to application security.
Syllabus
Introduction
Application Security Problem Overview
Problem 1 Benevolent Security Team
Problem 2 Silos
The GL
Chase to Perfection
Prioritize
Security team
Security tools
Security terminology
Appstack tools
Production bias
Not awesome
Bugs in production
Getting started
Security tests
Mobius
Engineers
Taught by
OWASP Foundation