Juggling the Elephants - Making AppSec a Continuous Program

Explore a comprehensive strategy for implementing a continuous Application Security (AppSec) program in this 46-minute conference talk from AppSecUSA 2017. Learn how to unify disparate security initiatives, address full application portfolio coverage, and enable high-paced development paradigms like DevOps and CI/CD. Discover a model that ties together threat modeling, code reviews, and penetration tests with business and risk processes to enhance development efficiency. Understand how to leverage OWASP SAMM principles, enable continuous improvement, and implement the program incrementally. Gain insights on prioritizing security initiatives, managing risks, and empowering application teams to advocate for security practices. Leave with actionable strategies to transform your AppSec approach and juggle the elephants of enterprise application security effectively.

Introduction
Agenda
The Tunnel
Application Portfolios
Challenges
Continuous Program Approach
Application Profiling Components
Assessment Strategy
What Fits Our Organization
Design Enablement
Reference Architecture
Analysis Metrics
DevOps Integration
Questions