AppSec USA 2016 has ended
Back To Schedule
Friday, October 14 • 10:45am - 11:45am
Practical tips for web application security in the age of agile and DevOps

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The SDLC has been the standard model for web application security over the last decade and beyond, focussing heavily on gatekeeping controls like static analysis and dynamic scanning. However, the SDLC was originally designed in a world of Waterfall development and its heavy weight controls often cause more problems than they solve in todays world of agile, DevOps, and CI/CD. 

This talk will share practical lessons learned on the most effective application security techniques in todays increasingly rapid world of application creation and delivery. Specifically, it will cover how to: 
1) Adapt traditionally heavyweight controls like static analysis and dynamic scanning to lightweight efforts that work in modern development and deployment practices
2) Obtain visibility to enable, rather than hinder, development and DevOps teams ability to iterate quickly 
3) Measure maturity of your organizations security efforts in a non-theoretical way

avatar for Zane Lackey

Zane Lackey

Chief Security Officer, Signal Sciences
Zane Lackey is the Co-Founder / Chief Security Officer at Signal Sciences and the Author of Building a Modern Security Program (O’Reilly Media). He serves on multiple public and private advisory boards and is an investor in emerging cybersecurity companies. Prior to co-founding... Read More →

Friday October 14, 2016 10:45am - 11:45am EDT
Grand Central Renaissance Washington, DC Downtown Hotel 999 9th St NW, Washington, DC 20001