Track: | DevSecOps |
---|---|
When: | Thu AM-1, PM-1 |
Where: | Maulden |
Organizers | Imran Mohammed A Imran Mohammed A |
Participants | Francois Raynaud Francois Raynaud , Avi Douglen Avi Douglen , Clara Anel Mansilla Clara Anel Mansilla , Claudio Camerino Claudio Camerino , Felipe Zipitria Felipe Zipitria , Gabor Pek Gabor Pek , Imran Chaudhari Imran Chaudhari , John DiLeo John DiLeo , Luis Saiz Luis Saiz , Mario Platt Mario Platt , Pedro Laguna Pedro Laguna , Simon Pavillon Simon Pavillon , Sotiraki Sima Sotiraki Sima , Stu Hirst Stu Hirst , Sven Schleier Sven Schleier |
Remote Participants | Abhi Raj Abhi Raj , Andrew Martin Andrew Martin , Barbara Schachner Barbara Schachner , Cao Wei Cao Wei , Clyde Vassallo Clyde Vassallo , Domenico Malorni Domenico Malorni , Ernesto Bethencourt Ernesto Bethencourt , Guy Jarvis Guy Jarvis , Harmeet Singh Harmeet Singh , James Osborn James Osborn , Joset Zamora Joset Zamora , Lubo Vikev Lubo Vikev , Mustaqiim Muhar Mustaqiim Muhar , Nicholas Tait Nicholas Tait , Prakash Sharma Prakash Sharma , Sophie Tonnoir Sophie Tonnoir , Sugumaran Uppili Sugumaran Uppili , Vinod Anandan Vinod Anandan |
Most of today´s application security problems can be traced to flaws in the code. It does not matter whether security issues affect operating system components, client applications, web applications, or other systems, most well-known vulnerabilities are caused by coding errors and implementation issues.
The question here is why so many bugs and coding errors continue to cause major security issues when we have had years to deal with these and other common vulnerabilities that are still found in applications today.
Why
The best way to make security ‘just happen’ is to integrate it within the normal SDL (Software Development Lifecycle) practices. Security teams can focus on confidentiality and integrity of data which often requires development teams to slow down and assess code differently. Similarly, businesses want developers to write and revise code faster than ever, which often results in the developers focusing on what works best instead of on what is secure.
What
- How Microsoft adapted its SDLC after a large number of vulnerabilities was found between 1999 and 2003?
- SDLC in Agile?
- Policies and Procedures (SANSA by SANS)
- Bringing it all together
Outcomes
The goal of this Working Session is to
- Identify common areas where security and development can work together to make improvements.
- Document identified areas like culture, automation, measurement and sharing in OWASP wiki page.
Who
The target audience for this Working Session is:
- Developers
- Security professionals
- DevSecOps
- Security champions
Working materials
Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):
Previous Summit Working Session
https://owaspsummit.org/Working-Sessions/DevSecOps/Integrating-Security-Tools-in-SDL.html
Register as participant
To register as participant add Integrating Security Tools in the SDL
to either:
- the
sessions
metadata field from your participant's page (find your participant page and look for the edit link). - or the
participants
metadata field from this git session page
Back to list of all Working Sessions