Overview
Syllabus
Intro
Zanes background
What is this talk about
Clich alert
Changes in DevOps
Security is no longer outsourced
Waterfall security methodology
Core components
What pieces of this needs to change
Agenda
Static analysis
Traditional static analysis
How to adapt
Command execution
hashing encryption
proactive alerting
scanning
Dynamics gaming
Cheap use cases
Legacy visibility
Building effective visibility
Feedback legacy
Bounties
The hallmark of modern app tech
Attack driven defense
Work your way back
Data forensics
Etsy example
Closing thesis
Questions
Taught by
OWASP Foundation