Overview
Explore the evolution of application security in this 59-minute conference talk from OWASP AppSec California 2015. Discover how to transform your organization into a "Continuous Application Security" model that generates automatic assurance across an entire application security portfolio. Learn about the "sensor-model-dashboard" feedback loop that enables real-time, continuous application security. Gain insights into instrumentation-based application security testing with a demonstration of the free Contrast for Eclipse tool. Examine topics such as DevOps integration, security spending, traditional vs. modern security solutions, and the importance of continuous security practices. Delve into practical examples, including the Apple Pay security story, defense strategies, and the benefits of security dashboards. Understand how to move beyond expert-based waterfall models and embrace a more efficient, scalable approach to application security.
Syllabus
Intro
Sensor Basketball
Application Security
Security Spending
Security Solutions
Traditional Application Security
How it works
Instrumentation
Vulnerability
Coral Reef analogy
Contrast for Eclipse
Demo
Trace
Eclipse
Practical
AppSec API
Continuous Security
Instrumentation Approach
Security is a Thing
Apple Pay Security Story
Defense Strategies
Sensor Network
Analytics
Yelp
Security dashboards
Penetration testing
Assurance
Continuous AppSec
Taught by
OWASP Foundation