Network intrusion. Information theft. Outside reprogramming of systems. These examples are just a few of the several reasons why software security is becoming increasingly more important to all industries. No system is immune, so it’s more important than ever to understand why secure code matters and how to create safer applications.
With this presentation you'll learn how to:
-Protect your systems from risk
-Comply with security standards
-Ensure the entire codebase is bulletproof
4. Agenda
• We’re all saying the same thing
• Wrangling order from chaos
• A holistic approach to cybersecurity
• Take action!
• Conclusions: Managing your Supply Chain
• Q&A
16. Do you agree that
security testing adds 25%
of time to your release
schedule?
17. Accept
Sprint 1
Sprint 2
Sprint n Release
Change
Adjust and Track
Feedback
Review
Next Iteration
No!
Yes!
Release
to
Market
Integrate
and Test
Integrate
and Test
Integrate
and Test
Agile Development – Integrated Security
Characteristics
• Multiple testing
points
• Rapid feedback
required
• “Outside” testing
does not meet
agile needs
18. Idea
proposed
Understand
Needs & Invent
Solutions
Develop,
Commit &
Build
Functional
Testing
Deploy
Solution
Customer
Value
Load,
Performance,
Security, …
Testing
UAT/
Exploratory
Testing
Release
Decision
• Too Much
WIP
• Inability to
quickly try
out ideas
Lack of access to dev
& test environments
• Lack of effective
build/integration
automation
• Manual testing
• Design complexity
Lack of effective
API-driven test
automation
Lack of effective release
candidate quality
information
Manual
environment
management
and
deployment
Lack of
effective
customer
insight
Ever-present bottlenecks: hand-offs and wait time
Typical bottlenecks
19. Smaller batches/
payload (Agile)
Infrastructure As
Code, Environments
On Demand, Cloned/
Templated
Environments
• Continuous
Integration
• Continuous Testing
• Loose architectural
coupling
Continuous
Testing
Sufficient test data to
make decisions
• Infrastructure
as Code
• Release
Automation
Application
analytics, CX
data
Everywhere: Cross-functional
teams, simplified roles
Idea
proposed
Understand
Needs & Invent
Solutions
Develop,
Commit &
Build
Functional
Testing
Deploy
Solution
Customer
Value
Load,
Performance,
Security, …
Testing
UAT/
Exploratory
Testing
Release
Decision
Enablers
28. Accept
Sprint 1
Sprint 2
Sprint n Release
Change
Adjust and Track
Feedback
Review
Next Iteration
No!
Yes!
Release
to
Market
Integrate
and Test
Integrate
and Test
Integrate
and Test
Agile Development – Integrated Security
Characteristics
• Multiple testing
points
• Rapid feedback
required
• “Outside” testing
does not meet
agile needs