Building the AppSec Engine, Part 2

Presented by

Tom Smith, Sr Solution Architect, Veracode

About this talk

The most successful AppSec Engines don’t operate independently; they are integrated into the existing tools and processes of developers and security teams. AppSec tooling and automation is important but is not the complete picture – security assurance, mindset, and culture are also key to the success of an effective AppSec programme.  The various AppSec analysis types have different strengths in finding security issues, and they lend themselves to different stages of the SDLC. Therefore, understanding these strengths and limitations and blending the approach with people, processes, and technology is critical to build a holistic approach to application security.  Join Tom Smith, Solution Architect (Veracode), who will discuss:  * Where each analysis type best fits in the SDLC  * Why pipeline integrations are critical  * How tooling is not the complete picture  * Advice on where to start when first testing your applications for security vulnerabilities

Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (389)
Subscribers (31001)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at