ABSTRACT: The Internet is full of insecure applications that cost organizations money and time, while damaging their reputations when their systems are compromised. We need to build secure applications as never before, but most developers are not now—and never will be—security specialists. By building Application Security tools into your Continuous Delivery (CD) process you can streamline the process of finding application security vulnerabilities which is the first step in making your application more secure. Learn the common ways organization use application security tools as part of the CD build pipelines, including a discussion of the tradeoffs between open source tools and commercial application security tools. We will also discuss what to do after you gather the data and how to security audit data back into an iterative development process.
SPEAKER: Thomas Stiehm has been developing applications and managing software development teams for eighteen years. As CTO of Coveros, he is responsible for the oversight of all technical projects and integrating application security practices into software development projects. Most recently, Thomas has been focusing on how to incorporate security best practices into agile development and how to achieve a balance between business risk and cost while mitigating security vulnerabilities. Previously, as a managing architect at Digital Focus, Thomas was involved in agile development and found that agile is the only development methodology that makes the business reality of constant change central to the development process.