logo
securityArticlesConferencesPresentations

AppSec: from Outsiders to Allies

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Chris Wysopal

Summary

The presentation discusses the importance of team collaboration and continuous improvement in achieving secure code and reducing remediation time. It also highlights the impact of using multiple testing techniques and APIs in reducing remediation time. The future of application security is also discussed, with a focus on managing supply chain risk.
  • Team collaboration and continuous improvement are crucial in achieving secure code and reducing remediation time
  • Using multiple testing techniques and APIs can significantly reduce remediation time
  • Managing supply chain risk is the future of application security
The speaker shared that building relationships and understanding each other's goals and struggles at the peer level, such as between security practitioners and developers, is essential in becoming one team with shared accountability. This can lead to less work to achieve the same secure outcome and enable the development team to not slow down. The speaker also presented data showing that using multiple testing techniques and APIs can cut remediation time in half, while doing scans in a steady way instead of bursting can reduce remediation time by 15.5 days on average.

Abstract

AppSec roots began with late 90’s vulnerability research and the ultimate technology outsiders, hackers. Microsoft didn’t even want to touch application security until customers threatened to stop buying over the monthly worms of the early 2000’s. Then the threat space changed and attacks weren’t for just done for fun, but done by criminal gangs and nation states. Critical bugs were monetized in the millions of dollars and led to national level security events. In 2021 there is a realization that the security of the software the government purchases has a lot to do with how secure the government is. Now almost every development team needs some AppSec and they want it tightly embedded in their development process. This talk will discuss how we got here and how we need to work as allies with the software development team.
Materials:
Tags:
Application Security
AppSec
software development
government

Post a comment

Related work

Trusting Software - Runtime Protection Is the Third Alternative

Conference:  Global AppSec Dublin 2023
Authors: Jeff Williams
2023-02-15

Perimeter Breached! Hacking an Access Control System

Conference:  Black Hat USA 2022
Authors:
2022-08-11

“Mobile Wanderlust”! Our journey to Version 2.0!

Conference:  Global AppSec San Francisco 2022
Authors: Sven Schleier
2022-11-18

Stakeholders and Allies: Amplifying Your Application Security Program

Conference:  Global AppSec San Francisco 2022
Authors: Warren Kopp
2022-11-18