Costs of Coding to Compliance
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the challenges of balancing security and compliance in software development through this insightful conference talk from APPSEC Cali 2018. Delve into the pitfalls of coding solely to meet compliance standards like PCI, and discover how this approach can lead to security gaps and increased risk. Learn strategies for addressing these gaps, planning for future risks, and prioritizing security initiatives to better manage application security risks while supporting compliance efforts. Gain valuable insights on implementing a framework that combines secure coding practices with compliance requirements, ultimately hardening applications and improving overall security posture. Understand how a more mature security approach can benefit even robust applications while meeting compliance standards for application security. Presented by Magen Wu, a Senior Consultant at Rapid7 with over 10 years of specialized IT experience, this talk covers topics such as security metrics, security maturity models, PCI compliance, multifactor authentication, security lifecycle development cycles, and the importance of cultural shifts in addressing security challenges.
Syllabus
Intro
Security vs Compliance
Most Significant Driver
Least Resistance
Security Metrics
Security Maturity Model
Customer Story
Building a Gate
PCI Compliance
Multifactor
Theres no easy button
Culture shift
People problem
Compliance tree
Red Rover
Security to Compliance
Security Lifecycle Development Cycle
Bring in HR
Next steps
Contact information
Response to developers
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube