Integrating Security Tools in the SDL

Track:DevSecOps
When:Thu AM-1,PM-1
Where:Maulden
Organizers(one of participants)
ParticipantsAdrian Winckles Adrian Winckles , Chris Allen Chris Allen , Daniel Kefer Daniel Kefer , Didar Gelici Didar Gelici , Emma Fang Emma Fang , Felipe Zipitria Felipe Zipitria , Foteini Karantoni Foteini Karantoni , Francisco Novo Francisco Novo , Jay Mbolda Yamdjeu Jay Mbolda Yamdjeu , John DiLeo John DiLeo , Lauren Chiesa Lauren Chiesa , Rafael Jimenez Rafael Jimenez , Sebastian Arriada Sebastian Arriada , Simon Pavillon Simon Pavillon , Yan Kravchenko Yan Kravchenko
Remote ParticipantsAndré Rainho André Rainho , Michael Hidalgo Michael Hidalgo , Vinod Anandan Vinod Anandan

Most of today´s application security problems can be traced to flaws in the code. It does not matter whether security issues affect operating system components, client applications, web applications, or other systems, most well-known vulnerabilities are caused by coding errors and implementation issues.

The question here is why so many bugs and coding errors continue to cause major security issues when we have had years to deal with these and other common vulnerabilities that are still found in applications today.

Why

The best way to make security ‘just happen’ is to integrate it within the normal SDL (Software Development Lifecycle) practices. Security teams can focus on confidentiality and integrity of data which often requires development teams to slow down and assess code differently. Similarly, businesses want developers to write and revise code faster than ever, which often results in the developers focusing on what works best instead of on what is secure.

What

  • How Microsoft adapted its SDLC after a large number of vulnerabilities was found between 1999 and 2003?
  • SDLC in Agile?
  • Policies and Procedures (SANSA by SANS)
  • Bringing it all together

Outcomes

The goal of this Working Session is to

  • Identify common areas where security and development can work together to make improvements.
  • Document identified areas like culture, automation, measurement and sharing in OWASP wiki page.

Who

The target audience for this Working Session is:

  • Developers
  • Security professionals
  • DevSecOps
  • Security champions

Working materials

Here are the current ‘work in progress’ materials for this session (please add as much information as possible before the sessions):

Previous Summit Working Session

https://owaspsummit.org/Working-Sessions/DevSecOps/Integrating-Security-Tools-in-SDL.html

Register as participant

To register as participant add Integrating Security Tools in the SDL to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page


Back to list of all Working Sessions