2020/05/13 - Security Turnstiles for Agile Engineering

Rahul Raghavan
Co-Founder and Chief Evangelist
we45

Description

This talk would focus on translating a plan of action into sustainable activities as part of the secure software development life cycle that can be adopted by engineering teams. I will delve deep into aspects like identifying and designing security checkpoints in the SDLC and talk about the various activities that product teams can start performing to improve their software security. The talk would also involve a proposed Plan -Do -Check -Act (PDCA) mechanism through which product engineering teams can ideate these checkpoints from ideation to deployment and all the way back.

My talk would be fairly inspired from established HOW-TO guides such as the OWASP ASVS, OpenSAMM and BSIMM. In addition, the talk would also take examples and case studies from real life conversations and case studies from some of our recent experiences.

Key Takeaways

  1. Seamless integration possibilities for Out of Band and In Band security activities
  2. Ideating security activities and checkpoints for every stage of the SDLC
  3. Designing Hard and Soft Checkpoints
  4. Establishing feedback circuits between the proverbial Shift Right and Shift Left

Youtube link :  https://youtu.be/mRpexGGKHlU