Рет қаралды 1,660
This presentation was recorded at YOW! Australia 2023. #GOTOcon #YOW
yowcon.com
Laura Main - Co-Founder & CEO of SafeStack @laurabellmain
ORIGINAL TALK TITLE
So Long, Secure Coding - Shifting from Syntax to Secure Software Development Processes
RESOURCES
/ lady_nerd
/ lauradbell
github.com/ladynerd
www.laurabellmain.com
safestack.io/blog
ABSTRACT
If you still need to start to shift left, you're late. I mean, the whole world has been shifting application security left for about five years... especially in the wake of DevSecOps.
But have we? Have we really?
Let's look at the data from the language we use, the practices we recommend, the posts we make, and the frameworks we share. We are still stuck in a world focused on ""secure code"" when the code itself is only part of the picture when protecting our data, systems, and people.
This talk will examine why we focus on secure code and how to move towards secure development. Laura will provide practical actions you can take throughout your SDLC, from initial ideas to ongoing systems maintenance and support that you can apply today, whether as an individual team member or across a more complex project.
Let's say goodbye to our dreams of secure code and embrace the idea of secure systems development. [...]
TIMECODES
00:00 Intro
03:51 AppSec
06:23 World is not as mature as we think
07:46 SDLC
11:12 Design
19:25 Code
24:14 Test
31:15 Deploy
35:30 Support
42:50 Summary
43:39 Outro
Download slides and read the full abstract here:
yowcon.com/sydney-2023/sessio...
RECOMMENDED BOOKS
Laura Bell, Michael Brunton-Spall, Rich Smith & Jim Bird • Agile Application Security • amzn.to/3uxUIUI
Laura Bell & Erica Anderson • Security for Everyone • www.holloway.com/b/security-f...
Izar Tarandach & Matthew J. Coles • Threat Modeling • amzn.to/40PCKbU
Liz Rice • Container Security • amzn.to/3oU4iJe
Aaron Parecki • OAuth 2.0 Simplified • amzn.to/2A3IMOf
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • amzn.to/2T6OIj3
/ gotocon
/ goto-
/ goto_con
/ gotoconferences
#ShiftLeft #DevSecOps #Security #Cybersecurity #SDLC #AppSec #SecureSoftwareDevelopment #SafeStack #OWASP #ThreatModeling #SecurityArchitect #Dependabot #LauraBellMain #YOWcon
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
kzbin.info...