OWASP Standard Classification - Achieving Security by Shifting Left in Agile

Explore a comprehensive approach to integrating application security into Agile software development in this 27-minute OWASP Foundation talk by Bhushan B Gupta. Learn how to create security-related personas, develop stories with acceptance criteria, prioritize threats using the STRIDE method, and implement security measures throughout the software development life cycle. Discover techniques for shifting security left, including code review, static and dynamic code analysis, and penetration testing. Gain insights on building secure web applications, creating effective test plans, and utilizing tools to achieve high-confidence security. Understand the importance of balancing security with other development priorities and conducting risk assessments to create more robust and secure applications.

Intro
About me
Objectives
Security breaches
Cost of fixing vulnerabilities
Penetration testing
Bring in security elements into your life cycle
Defining stories
Modeling
Design Encoding Principles
Testing Strategy
Code Reviews
Putting it all together
Balancing Act
Risk Assessment