AppSec at DevOps Speed and Portfolio Scale

Explore a revolutionary approach to application security in this 52-minute OWASP Foundation talk by Jeff Williams. Delve into the challenges of modern software development outpacing traditional security techniques and learn how to bridge the gap between application security and DevOps. Discover how instrumenting an entire IT organization with passive sensors can provide real-time visibility into application security across an organization's portfolio. Gain insights on identifying vulnerabilities, enhancing security architecture, and generating value through application security. Examine innovative concepts such as clickjacking sensors, access control intelligence, CSRF defense, and injection sensors. Understand the importance of continuous application security and how it can transform the way organizations approach software assurance in today's fast-paced development environment.

Intro
Application Security Is Healthcare
Sensors Are Revolutionizing Healthcare
Traditional Tools and Techniques Are Failing...
Defining "Portfolio Scale"
Designing a Clickjacking Sensor
CHECK YOUR HEADERS
Access Control Intelligence Sensor
Generated Access Control Matrix from Code
CSRF Defense Sensor
Canonicalization Correctness Sensor
Injection Sensors
Continuous Application Security!
Transforming AppSec