Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Practical Tips for Web Application Security in the Age of Agile and DevOps

OWASP Foundation via YouTube

Overview

Explore practical tips for web application security in the age of agile and DevOps in this 53-minute conference talk recorded at AppSecUSA 2016. Learn how to adapt traditional heavyweight security controls to lightweight efforts suitable for modern development practices. Discover techniques for obtaining visibility that enables rapid iteration, and gain insights on measuring security maturity in a non-theoretical way. Delve into topics such as static analysis, dynamic scanning, proactive alerting, and attack-driven defense. Benefit from real-world examples and experiences shared by Zane Lackey, Founder/Chief Security Officer at Signal Sciences and former Director of Security Engineering at Etsy.

Syllabus

Intro
Zanes background
What is this talk about
Clich alert
Changes in DevOps
Security is no longer outsourced
Waterfall security methodology
Core components
What pieces of this needs to change
Agenda
Static analysis
Traditional static analysis
How to adapt
Command execution
hashing encryption
proactive alerting
scanning
Dynamics gaming
Cheap use cases
Legacy visibility
Building effective visibility
Feedback legacy
Bounties
The hallmark of modern app tech
Attack driven defense
Work your way back
Data forensics
Etsy example
Closing thesis
Questions

Taught by

OWASP Foundation

Reviews

Start your review of Practical Tips for Web Application Security in the Age of Agile and DevOps

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.