SlideShare a Scribd company logo

Growing Up AppSec and ASVS

Download as PPTX, PDF
Vibhor Mahajan
Vibhor Mahajan
1 of 20
Growing up AppSec As an App Dev services provider
Vibhor Mahajan • Tech Arch @ Trantor – Member of the ACE, SEPG & PMO • I Contribute to – Null & OWASP Chd – Scrum Alliance Agile Chd • I Love – Traveling – Beauty in Code – Software Engineering
Mission Secure Chandigarh • Be Safe Online • Make Safe Online
We can keep talking about the problem
https://flic.kr/p/h1dxBm
AppSec @ Trantor
Coaching • Call to good will of developers • Interesting tech talks • Developed a group of mentors/trainers
Addition to Quality Manual • A push from top down to "do AppSec"
Good luck enforcing it
Rock Bottom is a Beautiful Start https://flic.kr/p/a2dQ2T
ACE Group Maturity Model
Challenges and Lessons • Each of your customers would have their own way and you cannot enforce a standard • What gets measured gets managed • You can call on the good-will but it is never a guarantee • People would follow the crowd
Introduction to OWASP ASVS • OWASP Flagship project • Started in 2009 • 3 levels of maturity – Basically a curated checklist of all the good practices that you have known all along • Collection of practical advise on implementation
Maturity Levels • ASVS Level 1 (opportunistic) is meant for all software • ASVS Level 2 (standard) is for applications that contain sensitive data, which requires protection • ASVS Level 3 (advanced) is for the most critical applications - applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust
Uses of OWASP ASVS • Use as a metric • Use as guidance • Use during procurement
Let’s take a look at the Checklist
Resources Application Security Verification Standard https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verificatio n_Standard_Project

Recommended

Managing Projects/Releases using Lean/Agile techniques
Managing Projects/Releases using Lean/Agile techniquesManaging Projects/Releases using Lean/Agile techniques
Managing Projects/Releases using Lean/Agile techniquesYuval Yeret
 
KMS Introduction
KMS IntroductionKMS Introduction
KMS IntroductionKMS Technology
 
Software Development Process Seminar at HUI
Software Development Process Seminar at HUISoftware Development Process Seminar at HUI
Software Development Process Seminar at HUIKMS Technology
 
Agile testing
Agile testingAgile testing
Agile testingArtem Bykovets
 
Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...
Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...
Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...Fwdays
 
Business agility: Role of the Manager
Business agility: Role of the ManagerBusiness agility: Role of the Manager
Business agility: Role of the ManagerSilvana Wasitova, Scrum & Agile Coach
 
Intro to Web Development with Microsoft Technologies
Intro to Web Development with Microsoft TechnologiesIntro to Web Development with Microsoft Technologies
Intro to Web Development with Microsoft TechnologiesBilal Amjad
 
BDD - Collaboration & Hands-on practices
BDD - Collaboration & Hands-on practicesBDD - Collaboration & Hands-on practices
BDD - Collaboration & Hands-on practicesMagenTys
 

Recommended

Managing Projects/Releases using Lean/Agile techniques
Managing Projects/Releases using Lean/Agile techniquesManaging Projects/Releases using Lean/Agile techniques
Managing Projects/Releases using Lean/Agile techniquesYuval Yeret
 
KMS Introduction
KMS IntroductionKMS Introduction
KMS IntroductionKMS Technology
 
Software Development Process Seminar at HUI
Software Development Process Seminar at HUISoftware Development Process Seminar at HUI
Software Development Process Seminar at HUIKMS Technology
 
Agile testing
Agile testingAgile testing
Agile testingArtem Bykovets
 
Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...
Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...
Артём Быковец "Bus Factor - или как контролировать и снижать процессные риски...Fwdays
 
Business agility: Role of the Manager
Business agility: Role of the ManagerBusiness agility: Role of the Manager
Business agility: Role of the ManagerSilvana Wasitova, Scrum & Agile Coach
 
Intro to Web Development with Microsoft Technologies
Intro to Web Development with Microsoft TechnologiesIntro to Web Development with Microsoft Technologies
Intro to Web Development with Microsoft TechnologiesBilal Amjad
 
BDD - Collaboration & Hands-on practices
BDD - Collaboration & Hands-on practicesBDD - Collaboration & Hands-on practices
BDD - Collaboration & Hands-on practicesMagenTys
 
Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil Wasserman
Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil WassermanFiverr - delivering fast w/ no QA - Agile Israel 2016 Gil Wasserman
Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil WassermanAgileSparks
 
Automation is hard and we are doing it wrong
Automation is hard and we are doing it wrongAutomation is hard and we are doing it wrong
Automation is hard and we are doing it wrongJohan Abildskov
 
Extreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data AnalyticsExtreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data AnalyticsNaresh Jain
 
What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?Anand Bagmar
 
Kanban on different flight levels - with an implementation example
Kanban on different flight levels - with an implementation exampleKanban on different flight levels - with an implementation example
Kanban on different flight levels - with an implementation exampleMichael Rumpler
 
AutoVIN 2012-11-27-00
AutoVIN 2012-11-27-00AutoVIN 2012-11-27-00
AutoVIN 2012-11-27-00Si Alhir (Sinan Si Alhir)
 
Value Streams and the Scaled Agile Framework
Value Streams and the Scaled Agile FrameworkValue Streams and the Scaled Agile Framework
Value Streams and the Scaled Agile FrameworkCprime
 
What is Scrum? Edureka
What is Scrum? EdurekaWhat is Scrum? Edureka
What is Scrum? EdurekaEdureka!
 
AddWeb Solution Pvt. Ltd.
AddWeb Solution Pvt. Ltd.AddWeb Solution Pvt. Ltd.
AddWeb Solution Pvt. Ltd.AddWeb Solution Pvt. Ltd.
 
Patterns of agility, how to recognize and agile project when you see one
Patterns of agility, how to recognize and agile project when you see onePatterns of agility, how to recognize and agile project when you see one
Patterns of agility, how to recognize and agile project when you see oneVasco Duarte
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Anand Bagmar
 
Adopting SAFe with JIRA
Adopting SAFe with JIRAAdopting SAFe with JIRA
Adopting SAFe with JIRACprime
 
#nostaging - Software Circus - Amsterdam, 2-9-2016
#nostaging - Software Circus - Amsterdam, 2-9-2016#nostaging - Software Circus - Amsterdam, 2-9-2016
#nostaging - Software Circus - Amsterdam, 2-9-2016Pavel Chunyayev
 
The Future of Testing and Testers
The Future of Testing and TestersThe Future of Testing and Testers
The Future of Testing and TestersXPDays
 
Stop Testing (Only) The Functionality of Your Mobile Apps!
Stop Testing (Only) The Functionality of Your Mobile Apps!Stop Testing (Only) The Functionality of Your Mobile Apps!
Stop Testing (Only) The Functionality of Your Mobile Apps!Applitools
 
Scrum levels danny_kovatch_agile_sparks
Scrum levels danny_kovatch_agile_sparksScrum levels danny_kovatch_agile_sparks
Scrum levels danny_kovatch_agile_sparksAgileSparks
 
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]InfoSeption
 
Using CALI QuizWright in the Law School Classroom
Using CALI QuizWright in the Law School ClassroomUsing CALI QuizWright in the Law School Classroom
Using CALI QuizWright in the Law School ClassroomJohn Mayer
 
SAf
SAfSAf
SAfCprime
 
SAFe® - scaled agile framework in practice
SAFe® - scaled agile framework in practiceSAFe® - scaled agile framework in practice
SAFe® - scaled agile framework in practiceIntland Software GmbH
 
Презентація:Буквені вирази
Презентація:Буквені вирази Презентація:Буквені вирази
Презентація:Буквені вирази sveta7940
 
Production
ProductionProduction
ProductionVinod Giradkar
 

More Related Content

What's hot

Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil Wasserman
Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil WassermanFiverr - delivering fast w/ no QA - Agile Israel 2016 Gil Wasserman
Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil WassermanAgileSparks
 
Automation is hard and we are doing it wrong
Automation is hard and we are doing it wrongAutomation is hard and we are doing it wrong
Automation is hard and we are doing it wrongJohan Abildskov
 
Extreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data AnalyticsExtreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data AnalyticsNaresh Jain
 
What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?Anand Bagmar
 
Kanban on different flight levels - with an implementation example
Kanban on different flight levels - with an implementation exampleKanban on different flight levels - with an implementation example
Kanban on different flight levels - with an implementation exampleMichael Rumpler
 
Value Streams and the Scaled Agile Framework
Value Streams and the Scaled Agile FrameworkValue Streams and the Scaled Agile Framework
Value Streams and the Scaled Agile FrameworkCprime
 
What is Scrum? Edureka
What is Scrum? EdurekaWhat is Scrum? Edureka
What is Scrum? EdurekaEdureka!
 
Patterns of agility, how to recognize and agile project when you see one
Patterns of agility, how to recognize and agile project when you see onePatterns of agility, how to recognize and agile project when you see one
Patterns of agility, how to recognize and agile project when you see oneVasco Duarte
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Anand Bagmar
 
Adopting SAFe with JIRA
Adopting SAFe with JIRAAdopting SAFe with JIRA
Adopting SAFe with JIRACprime
 
#nostaging - Software Circus - Amsterdam, 2-9-2016
#nostaging - Software Circus - Amsterdam, 2-9-2016#nostaging - Software Circus - Amsterdam, 2-9-2016
#nostaging - Software Circus - Amsterdam, 2-9-2016Pavel Chunyayev
 
The Future of Testing and Testers
The Future of Testing and TestersThe Future of Testing and Testers
The Future of Testing and TestersXPDays
 
Stop Testing (Only) The Functionality of Your Mobile Apps!
Stop Testing (Only) The Functionality of Your Mobile Apps!Stop Testing (Only) The Functionality of Your Mobile Apps!
Stop Testing (Only) The Functionality of Your Mobile Apps!Applitools
 
Scrum levels danny_kovatch_agile_sparks
Scrum levels danny_kovatch_agile_sparksScrum levels danny_kovatch_agile_sparks
Scrum levels danny_kovatch_agile_sparksAgileSparks
 
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]InfoSeption
 
Using CALI QuizWright in the Law School Classroom
Using CALI QuizWright in the Law School ClassroomUsing CALI QuizWright in the Law School Classroom
Using CALI QuizWright in the Law School ClassroomJohn Mayer
 
SAFe® - scaled agile framework in practice
SAFe® - scaled agile framework in practiceSAFe® - scaled agile framework in practice
SAFe® - scaled agile framework in practiceIntland Software GmbH
 

What's hot (20)

Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil Wasserman
Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil WassermanFiverr - delivering fast w/ no QA - Agile Israel 2016 Gil Wasserman
Fiverr - delivering fast w/ no QA - Agile Israel 2016 Gil Wasserman
 
Automation is hard and we are doing it wrong
Automation is hard and we are doing it wrongAutomation is hard and we are doing it wrong
Automation is hard and we are doing it wrong
 
Extreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data AnalyticsExtreme Programming for ETL and Data Analytics
Extreme Programming for ETL and Data Analytics
 
What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?What is Agile Testing? How does Automation help?
What is Agile Testing? How does Automation help?
 
Kanban on different flight levels - with an implementation example
Kanban on different flight levels - with an implementation exampleKanban on different flight levels - with an implementation example
Kanban on different flight levels - with an implementation example
 
AutoVIN 2012-11-27-00
AutoVIN 2012-11-27-00AutoVIN 2012-11-27-00
AutoVIN 2012-11-27-00
 
Value Streams and the Scaled Agile Framework
Value Streams and the Scaled Agile FrameworkValue Streams and the Scaled Agile Framework
Value Streams and the Scaled Agile Framework
 
What is Scrum? Edureka
What is Scrum? EdurekaWhat is Scrum? Edureka
What is Scrum? Edureka
 
AddWeb Solution Pvt. Ltd.
AddWeb Solution Pvt. Ltd.AddWeb Solution Pvt. Ltd.
AddWeb Solution Pvt. Ltd.
 
Patterns of agility, how to recognize and agile project when you see one
Patterns of agility, how to recognize and agile project when you see onePatterns of agility, how to recognize and agile project when you see one
Patterns of agility, how to recognize and agile project when you see one
 
Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)Build the "right" regression suite using Behavior Driven Testing (BDT)
Build the "right" regression suite using Behavior Driven Testing (BDT)
 
Adopting SAFe with JIRA
Adopting SAFe with JIRAAdopting SAFe with JIRA
Adopting SAFe with JIRA
 
#nostaging - Software Circus - Amsterdam, 2-9-2016
#nostaging - Software Circus - Amsterdam, 2-9-2016#nostaging - Software Circus - Amsterdam, 2-9-2016
#nostaging - Software Circus - Amsterdam, 2-9-2016
 
The Future of Testing and Testers
The Future of Testing and TestersThe Future of Testing and Testers
The Future of Testing and Testers
 
Stop Testing (Only) The Functionality of Your Mobile Apps!
Stop Testing (Only) The Functionality of Your Mobile Apps!Stop Testing (Only) The Functionality of Your Mobile Apps!
Stop Testing (Only) The Functionality of Your Mobile Apps!
 
Scrum levels danny_kovatch_agile_sparks
Scrum levels danny_kovatch_agile_sparksScrum levels danny_kovatch_agile_sparks
Scrum levels danny_kovatch_agile_sparks
 
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]
Lean DevOps for Mobility [Decoding DevOps Conference - InfoSeption]
 
Using CALI QuizWright in the Law School Classroom
Using CALI QuizWright in the Law School ClassroomUsing CALI QuizWright in the Law School Classroom
Using CALI QuizWright in the Law School Classroom
 
SAf
SAfSAf
SAf
 
SAFe® - scaled agile framework in practice
SAFe® - scaled agile framework in practiceSAFe® - scaled agile framework in practice
SAFe® - scaled agile framework in practice
 

Viewers also liked

Презентація:Буквені вирази
Презентація:Буквені вирази Презентація:Буквені вирази
Презентація:Буквені вирази sveta7940
 
Lokomozio aparatua e carla, iker, asier
Lokomozio aparatua e carla, iker, asierLokomozio aparatua e carla, iker, asier
Lokomozio aparatua e carla, iker, asierAlmudena73
 
Презентація:Перетворення виразів
Презентація:Перетворення виразівПрезентація:Перетворення виразів
Презентація:Перетворення виразівsveta7940
 
the effect of social responsibility and corporate image
the effect of social responsibility and corporate imagethe effect of social responsibility and corporate image
the effect of social responsibility and corporate imageIJAEMSJORNAL
 
STOCK PRODUCTOS DE LIMPIEZA
STOCK PRODUCTOS DE LIMPIEZASTOCK PRODUCTOS DE LIMPIEZA
STOCK PRODUCTOS DE LIMPIEZAANTONIO GOMEZ
 
Dissemination tm 1 lauro, Italy, February 2017
Dissemination tm 1 lauro, Italy, February 2017Dissemination tm 1 lauro, Italy, February 2017
Dissemination tm 1 lauro, Italy, February 2017An Dada
 
forgeability of az series magnesium alloy produced by twin roll casting
forgeability of az series magnesium alloy produced by twin roll castingforgeability of az series magnesium alloy produced by twin roll casting
forgeability of az series magnesium alloy produced by twin roll castingIJAEMSJORNAL
 
6 นิสัยสู่ความเป็นเลิศ
6 นิสัยสู่ความเป็นเลิศ6 นิสัยสู่ความเป็นเลิศ
6 นิสัยสู่ความเป็นเลิศMasterPeach Brand
 
Научно-исследовательская работа кафедры Теоретической механики
Научно-исследовательская работа кафедры Теоретической механикиНаучно-исследовательская работа кафедры Теоретической механики
Научно-исследовательская работа кафедры Теоретической механикиРуслан Пикалов
 
Design-Reality Gap Analysis
Design-Reality Gap AnalysisDesign-Reality Gap Analysis
Design-Reality Gap AnalysisJamil Wadaich
 
Organizing Function of Management
Organizing Function of ManagementOrganizing Function of Management
Organizing Function of ManagementTaslima Mujawar
 
an overview of wireless local area networks and security system
an overview of wireless local area networks and security systeman overview of wireless local area networks and security system
an overview of wireless local area networks and security systemIJAEMSJORNAL
 
Kls 10 narrative text
Kls 10 narrative textKls 10 narrative text
Kls 10 narrative textSyarifaaahh
 
Becoming Varnasrama Alert
Becoming Varnasrama AlertBecoming Varnasrama Alert
Becoming Varnasrama AlertSriSurabhi
 

Viewers also liked (19)

Презентація:Буквені вирази
Презентація:Буквені вирази Презентація:Буквені вирази
Презентація:Буквені вирази
 
Production
ProductionProduction
Production
 
Lokomozio aparatua e carla, iker, asier
Lokomozio aparatua e carla, iker, asierLokomozio aparatua e carla, iker, asier
Lokomozio aparatua e carla, iker, asier
 
Презентація:Перетворення виразів
Презентація:Перетворення виразівПрезентація:Перетворення виразів
Презентація:Перетворення виразів
 
Communication gadgets
Communication gadgetsCommunication gadgets
Communication gadgets
 
Psalm 23
Psalm 23Psalm 23
Psalm 23
 
the effect of social responsibility and corporate image
the effect of social responsibility and corporate imagethe effect of social responsibility and corporate image
the effect of social responsibility and corporate image
 
STOCK PRODUCTOS DE LIMPIEZA
STOCK PRODUCTOS DE LIMPIEZASTOCK PRODUCTOS DE LIMPIEZA
STOCK PRODUCTOS DE LIMPIEZA
 
Dissemination tm 1 lauro, Italy, February 2017
Dissemination tm 1 lauro, Italy, February 2017Dissemination tm 1 lauro, Italy, February 2017
Dissemination tm 1 lauro, Italy, February 2017
 
forgeability of az series magnesium alloy produced by twin roll casting
forgeability of az series magnesium alloy produced by twin roll castingforgeability of az series magnesium alloy produced by twin roll casting
forgeability of az series magnesium alloy produced by twin roll casting
 
6 นิสัยสู่ความเป็นเลิศ
6 นิสัยสู่ความเป็นเลิศ6 นิสัยสู่ความเป็นเลิศ
6 นิสัยสู่ความเป็นเลิศ
 
El planeta Tierra
El planeta TierraEl planeta Tierra
El planeta Tierra
 
Научно-исследовательская работа кафедры Теоретической механики
Научно-исследовательская работа кафедры Теоретической механикиНаучно-исследовательская работа кафедры Теоретической механики
Научно-исследовательская работа кафедры Теоретической механики
 
Rekweb
RekwebRekweb
Rekweb
 
Design-Reality Gap Analysis
Design-Reality Gap AnalysisDesign-Reality Gap Analysis
Design-Reality Gap Analysis
 
Organizing Function of Management
Organizing Function of ManagementOrganizing Function of Management
Organizing Function of Management
 
an overview of wireless local area networks and security system
an overview of wireless local area networks and security systeman overview of wireless local area networks and security system
an overview of wireless local area networks and security system
 
Kls 10 narrative text
Kls 10 narrative textKls 10 narrative text
Kls 10 narrative text
 
Becoming Varnasrama Alert
Becoming Varnasrama AlertBecoming Varnasrama Alert
Becoming Varnasrama Alert
 

Similar to Growing Up AppSec and ASVS

Webinar Series - How To Launch Your App Idea
Webinar Series - How To Launch Your App IdeaWebinar Series - How To Launch Your App Idea
Webinar Series - How To Launch Your App IdeaTheAppLabb
 
Minimum Viable Architecture - Good Enough is Good Enough
Minimum Viable Architecture - Good Enough is Good EnoughMinimum Viable Architecture - Good Enough is Good Enough
Minimum Viable Architecture - Good Enough is Good EnoughRandy Shoup
 
Java vs javascript (XPages)
Java vs javascript (XPages)Java vs javascript (XPages)
Java vs javascript (XPages)Andrew Barickman
 
Dreamwares salesforce (Updated)
Dreamwares salesforce (Updated)Dreamwares salesforce (Updated)
Dreamwares salesforce (Updated)Amit Ahuja
 
ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...
ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...
ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...Tracy Lee
 
Unveiling the World of Web App Development.pptx
Unveiling the World of Web App Development.pptxUnveiling the World of Web App Development.pptx
Unveiling the World of Web App Development.pptxPriyankShah174006
 
Doing Architecture with Agile Teams IASA UK Summit 2013
Doing Architecture with Agile Teams IASA UK Summit 2013Doing Architecture with Agile Teams IASA UK Summit 2013
Doing Architecture with Agile Teams IASA UK Summit 2013Chris F Carroll
 
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011TEST Huddle
 
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...AppDynamics
 
Axelerant company overview apr 2015
Axelerant company overview apr 2015Axelerant company overview apr 2015
Axelerant company overview apr 2015Ani Gupta
 
Axelerant Company Overview Apr 2015
Axelerant Company Overview Apr 2015Axelerant Company Overview Apr 2015
Axelerant Company Overview Apr 2015Ani Gupta
 
[Tuyen nguyen]waterfall&agile
[Tuyen nguyen]waterfall&agile[Tuyen nguyen]waterfall&agile
[Tuyen nguyen]waterfall&agileTuyenNguyen457
 
Software Quality without Testing
Software Quality without TestingSoftware Quality without Testing
Software Quality without TestingNagarro
 
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...Ed Sattar
 
Holistic Product Development
Holistic Product DevelopmentHolistic Product Development
Holistic Product DevelopmentGary Pedretti
 
Agile Simplified
Agile SimplifiedAgile Simplified
Agile SimplifiedWalaa Atef
 

Similar to Growing Up AppSec and ASVS (20)

ChromeInfotech - Corporate Profile
ChromeInfotech - Corporate ProfileChromeInfotech - Corporate Profile
ChromeInfotech - Corporate Profile
 
Webinar Series - How To Launch Your App Idea
Webinar Series - How To Launch Your App IdeaWebinar Series - How To Launch Your App Idea
Webinar Series - How To Launch Your App Idea
 
Minimum Viable Architecture - Good Enough is Good Enough
Minimum Viable Architecture - Good Enough is Good EnoughMinimum Viable Architecture - Good Enough is Good Enough
Minimum Viable Architecture - Good Enough is Good Enough
 
Java vs javascript (XPages)
Java vs javascript (XPages)Java vs javascript (XPages)
Java vs javascript (XPages)
 
Dreamwares salesforce (Updated)
Dreamwares salesforce (Updated)Dreamwares salesforce (Updated)
Dreamwares salesforce (Updated)
 
ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...
ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...
ChicagoJS's JSCAMP 2019 Keynote - Inclusive Architecture - Building Sustainab...
 
Fundamentals of Agile Methodologies - Part I
Fundamentals of Agile Methodologies - Part IFundamentals of Agile Methodologies - Part I
Fundamentals of Agile Methodologies - Part I
 
Unveiling the World of Web App Development.pptx
Unveiling the World of Web App Development.pptxUnveiling the World of Web App Development.pptx
Unveiling the World of Web App Development.pptx
 
Doing Architecture with Agile Teams IASA UK Summit 2013
Doing Architecture with Agile Teams IASA UK Summit 2013Doing Architecture with Agile Teams IASA UK Summit 2013
Doing Architecture with Agile Teams IASA UK Summit 2013
 
Agile scrum brown bag
Agile scrum brown bagAgile scrum brown bag
Agile scrum brown bag
 
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
 
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
Standard Bank: How APM Supports DevOps, Agile and Engineering Transformation ...
 
Axelerant company overview apr 2015
Axelerant company overview apr 2015Axelerant company overview apr 2015
Axelerant company overview apr 2015
 
Axelerant Company Overview Apr 2015
Axelerant Company Overview Apr 2015Axelerant Company Overview Apr 2015
Axelerant Company Overview Apr 2015
 
[Tuyen nguyen]waterfall&agile
[Tuyen nguyen]waterfall&agile[Tuyen nguyen]waterfall&agile
[Tuyen nguyen]waterfall&agile
 
Software Quality without Testing
Software Quality without TestingSoftware Quality without Testing
Software Quality without Testing
 
mts-13-5104.pptx
mts-13-5104.pptxmts-13-5104.pptx
mts-13-5104.pptx
 
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
Cloud Based Cognitive Learning & IT Project Performance Platform (CLIPP Platf...
 
Holistic Product Development
Holistic Product DevelopmentHolistic Product Development
Holistic Product Development
 
Agile Simplified
Agile SimplifiedAgile Simplified
Agile Simplified
 

Growing Up AppSec and ASVS

  • 1. Growing up AppSec As an App Dev services provider
  • 2. Vibhor Mahajan • Tech Arch @ Trantor – Member of the ACE, SEPG & PMO • I Contribute to – Null & OWASP Chd – Scrum Alliance Agile Chd • I Love – Traveling – Beauty in Code – Software Engineering
  • 3.
  • 4. Mission Secure Chandigarh • Be Safe Online • Make Safe Online
  • 5. We can keep talking about the problem
  • 8. Coaching • Call to good will of developers • Interesting tech talks • Developed a group of mentors/trainers
  • 9.
  • 10. Addition to Quality Manual • A push from top down to "do AppSec"
  • 12. Rock Bottom is a Beautiful Start https://flic.kr/p/a2dQ2T
  • 14. Challenges and Lessons • Each of your customers would have their own way and you cannot enforce a standard • What gets measured gets managed • You can call on the good-will but it is never a guarantee • People would follow the crowd
  • 15. Introduction to OWASP ASVS • OWASP Flagship project • Started in 2009 • 3 levels of maturity – Basically a curated checklist of all the good practices that you have known all along • Collection of practical advise on implementation
  • 16. Maturity Levels • ASVS Level 1 (opportunistic) is meant for all software • ASVS Level 2 (standard) is for applications that contain sensitive data, which requires protection • ASVS Level 3 (advanced) is for the most critical applications - applications that perform high value transactions, contain sensitive medical data, or any application that requires the highest level of trust
  • 17. Uses of OWASP ASVS • Use as a metric • Use as guidance • Use during procurement
  • 18. Let’s take a look at the Checklist
  • 19.
  • 20. Resources Application Security Verification Standard https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verificatio n_Standard_Project