Confs Space
Security Feb 22, 2018

6 Common AppSec Anti-Patterns Preventing your Success

DevSecCon Singapore 2018
DevSecCon Singapore 2018 Conference Collection

Speaker: Pete Chestna, Director of Developer Engagement, CA / Veracode

Is your AppSec program stalled or is it failing to meet your expectations? You may be victim of some common anti-patterns or set of plans or strategies that are keeping you from reaching your goals. Are you achieving your goals/meeting your metrics but have a sinking suspicion that your ultimate goal of reducing your company’s risk isn’t being met? As the French learned in WWII, a partial defense is no defense at all.

During my time working with clients to build their application security programs there are # behaviors that I’ve seen repeated by a number of businesses. For some companies they have created strategies that were logical, but did not work in practice, others were unable to see the forest for the trees and created plans that were too myopic.

In this talk I will review the most common anti-patterns and suggest ways to make corrections for a more effective AppSec program.

What you will learn:

  • Common AppSec anti-patterns
  • Strategies to get it right

Patterns:

  • I’ll just protect the critical apps
  • What open source?
  • Security Mandate
  • AppSec team has to do it

BIOGRAPHY

Pete Chestna has more than 25 years of experience developing software and leading development teams, and has been granted three patents. Pete has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. He led his company from Waterfall to Agile, and finally to DevOps in addition to taking the company from a monolithic architecture to one based on microservices. Since 2006, Pete has been a leader in the Application Security (AppSec) space and has consulted with some of the world’s largest companies on their AppSec programs. In addition to his role as a contributing editor at DevOps.com and SecurityBoulevard.com, he now shares his experience by speaking internationally at both security and developer conferences on the topics of AppSec, Agile and DevSecOps. Buy him a whisk(e)y and he’ll tell you all about it.

#DevSecOps #DevOp #SecOps #Security #Hacking