Building the AppSec Engine, Part 2

Presented by

Tom Smith, Sr Solution Architect, Veracode

About this talk

The most successful AppSec Engines don’t operate independently; they are integrated into the existing tools and processes of developers and security teams. AppSec tooling and automation is important but is not the complete picture – security assurance, mindset, and culture are also key to the success of an effective AppSec programme.  The various AppSec analysis types have different strengths in finding security issues, and they lend themselves to different stages of the SDLC. Therefore, understanding these strengths and limitations and blending the approach with people, processes, and technology is critical to build a holistic approach to application security.  Join Tom Smith, Solution Architect (Veracode), who will discuss:  * Where each analysis type best fits in the SDLC  * Why pipeline integrations are critical  * How tooling is not the complete picture  * Advice on where to start when first testing your applications for security vulnerabilities

Related topics:

More from this channel

Upcoming talks (12)
On-demand talks (319)
Subscribers (28650)
Veracode delivers the most widely used cloud-based platform for securing web, mobile, legacy and third-party enterprise applications. By identifying critical application-layer threats before cyber-attackers can find and exploit them, Veracode helps enterprises deliver innovation to market faster — without sacrificing security.