logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Jakub Kaluzny
2023-02-16

tldr - powered by Generative AI

The presentation discusses a scalable and autonomous AppSec program that allows engineers to own security in a high-growth environment. The program includes establishing principles and metrics, managing and motivating security champions, and using structured Threat Modeling as Code for AppSec innovations.
  • Engineers should own security in a high-growth environment
  • Each pull request should have an associated security review
  • Threat modeling should be done by engineers using a custom tool with automation
  • All deliverables or output should be stored in a database
  • Risk assessment should be used to determine which features need a security review
  • Security champions should be introduced to help with reviews
  • Autonomy levels should be introduced for teams and partners
  • Structured Threat Modeling as Code should be used for AppSec innovations
Authors: Grant Ongers
2021-09-24

tldr - powered by Generative AI

The presentation discusses the importance of scaling application security through education and defines application security as product security. It also highlights the ISO IEC 25010 system and software quality model and the impact of technical debt on quality.
  • Application security is a crucial aspect of cybersecurity that involves building secure software systems.
  • ISO IEC 25010 system and software quality model prioritizes security as an intrinsic quality system.
  • Technical debt can lead to a drop in non-functional qualities, including security.
  • Scaling application security through education is essential to ensure developers are equipped with the necessary skills to identify and address security issues during code review.
Authors: Vickie Li
2021-09-24

tldr - powered by Generative AI

The presentation discusses the basics of conducting a security code review to find vulnerabilities in an application's source code.
  • Manual code reviews are valuable for finding security issues caused by insecure coding practices
  • Prioritizing analysis and using automated tools can speed up the process
  • Combining automated tools with manual code analysis can ensure fewer bugs make it to production