Creatively Scaling Application Security Coverage and Depth

Logo
Presented by

Prithvi Bisht, Senior Manager of Secure Software Engineering at Adobe

About this talk

One of the biggest challenges and opportunities for an application security (AppSec) team in a cloud-centric world is to scale effectively. The general “shift-left” recommendation for security in the software development life cycle (SDLC) emphasizes early course correction to help bake in security controls and to reduce potential cost of changes introduced later in the SDLC. Shifting left then entails finding potential security concerns and the need for security controls by reviewing artifacts produced in requirements, architecture, design and coding phases. Unfortunately, outside of the coding phase, adding security in earlier phases can be mostly a manual activity. This limits security coverage and depth of exploration of products often manifesting as potential blind spots in product portfolios. As we move through the phases of the SDLC, the artifacts describe “intended” system functionality that may behave differently when implemented. The divergence in translating intentions (e.g. requirements/design) into reality (e.g. code) is, unfortunately, how bugs (including security) can get introduced. Join Prithvi Bisht, senior manager of secure software engineering at Adobe, as we discuss these challenges as well as potential solutions to help you better scale your own application security efforts.

Related topics:

More from this channel

Upcoming talks (12)
On-demand talks (797)
Subscribers (51557)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa