Explore the challenges developers face with application security and learn effective strategies to improve DevSecOps practices in this 27-minute OWASP Foundation conference talk. Delve into Scott Gerlach's experiences building DevSecOps practices and tools at major companies like GoDaddy, SendGrid, and Twilio. Gain insights into specific obstacles hindering developers in AppSec and discover practical solutions to overcome them. Examine topics such as the role of security teams, breaking down silos, prioritizing security measures, and integrating security tools into the development process. Understand the importance of addressing security terminology, production bias, and the impact of bugs in production. Learn how to initiate security testing and foster a culture of continuous improvement in application security. Whether you're a seasoned professional or new to DevSecOps, acquire valuable knowledge to enhance your organization's approach to application security.
Topics of Interest: Developers Struggle with Application Security and How to Make It Better
Overview
Syllabus
Introduction
Application Security Problem Overview
Problem 1 Benevolent Security Team
Problem 2 Silos
The GL
Chase to Perfection
Prioritize
Security team
Security tools
Security terminology
Appstack tools
Production bias
Not awesome
Bugs in production
Getting started
Security tests
Mobius
Engineers
Taught by
OWASP Foundation
Related Courses
-
Application Security for Developers and DevOps Professionals
-
Why Developers Struggle with AppSec
-
Building an AppSec Program from Scratch
-
SDLC for the DevSecOps Era - Adapting Application Security Techniques
-
Shifting Application Security Left: Practical Steps to Get There
-
Looking Towards the Future of Open Source Vulnerability Management
