Shifting Security Everywhere


Authors:   Tanya Janca


The presentation discusses resources and strategies for maintaining secure legacy applications in DevOps.
  • Encourages joining the Open Web Application Security Project and local chapters
  • Provides a PDF summary of the presentation
  • Offers free online community called We Hack Purple with training courses and podcasts
  • Suggests regular communication with software developers and security champions through lunch and learns and presentations
  • Emphasizes the importance of feedback and addressing issues promptly
The speaker shares a story about a tool implementation that disabled an entire team's ability to run their app on localhost, causing significant delays and frustration. This highlights the importance of addressing issues promptly and communicating effectively with developers.


As AppSec pro, you may feel that marketing has ruined the meaning of ‘shift left’. It was supposed to mean ‘starting security as early as possible in the SDLC’, but was transformed into “buy our product, put it in your CI/CD, then your apps will be secure”. But we can't just throw a bunch of tools into a CI/CD and call it a day. With this in mind, let’s focus on comprehensive programs, developer buy-in, and making security work for the entire business, by shifting security everywhere.



This is one of the best appsec preso I've ever seen

Posted: 2023-04-22 17:10

Post a comment