Five Keys to Building an Application Security Program in the Age of DevOps

Discover five essential keys to establishing an effective Application Security Program in the DevOps era through this insightful conference talk from BSidesSF 2017. Explore the challenges of integrating security into the fast-paced DevOps environment and learn practical strategies to bridge the gap between security and development teams. Delve into topics such as containerization, framing security concerns, common vulnerabilities, and automated security measures. Gain valuable insights on when to implement security testing, which technologies to deploy, and how to handle false positives. Learn the importance of building security champions within your organization and leave with actionable principles to enhance your application security practices while maintaining DevOps speed and efficiency.

Introduction
DevOps culture clash
Security in DevOps
Containerization
Framing Security
Impact of Security Issues
Common Vulnerabilities
Practical Principles
Automated Security
Early vs Late
What technologies to deploy
Testing in production
False positives
Build champions
Wrapup