Doing AppSec at Scale - DevOps + Agile + CI/CD == AppSec Pipelines

Explore strategies for scaling application security in large organizations through this conference talk from LASCON 2015. Learn how to leverage DevOps, Agile, and CI/CD principles to transform a small AppSec team into a virtual army capable of handling extensive application portfolios. Discover real-world experiences from Rackspace and Pearson, covering key principles for accelerating and scaling AppSec programs. Gain insights into practical implementations, including rapid static scanning provisioning, 24/7 remediation advice for developers, and efficient report generation. Delve into topics such as automation, orchestration, ChatOps, and AppSec Pipelines to address technical security debt proactively. Understand concepts like workflow optimization, defect management, and the importance of creating a culture of innovation in AppSec. Learn how to improve feedback loops, implement "Ask the Bot" systems, and explore open-source project opportunities to enhance your organization's application security capabilities.

Intro
The Phoenix Project
Workflow
Flow Rate
Repeatable
Scripts
Defects
Local Optimization
Burrito analogy
AppSec Pipelines
Knapsack Workflow
Key Features
AppSec Pipeline
AppSec Intake
Pipeline Testing
Why do we like pipelines
What does Bo do
Software Activities
Improve Feedback
Ask the Bot
Culture of Innovation
OS Project