Conference:  OWASP 20th Anniversary Event

Authors: BHUSHAN B GUPTA

2021-09-24

The main thesis of the conference presentation is to bring security elements into the agile development life cycle to catch problems earlier and mitigate risks. The speaker emphasizes the importance of including security stories in the backlog, conducting security risk assessments, and testing throughout the life cycle using both SASD and DST tools. The anecdote provided highlights the consequences of not addressing vulnerabilities early, such as breaches that can take up to 266 days to contain and cost a significant amount of money. The speaker also quotes technology evangelist Liz Rice and participant Gemanico to emphasize the importance of involving software engineers in security engineering early on.

• Constant threat of hacking in all areas of life
• Multiple areas of vulnerabilities being exploited
• Penetration testing is not effective enough
• Bring security elements into the agile development life cycle
• Include security stories in the backlog
• Conduct security risk assessments
• Test throughout the life cycle using both SASD and DST tools
• Prioritize high-risk stories
• Chaos engineering can help prepare for release
• Involving software engineers in security engineering early on