Using IAST to Unlock the Benefits of DevSecOps

Explore how Interactive Application Security Testing (IAST) can revolutionize DevSecOps in this conference talk from YOW! 2022. Learn about the limitations of traditional security testing methods and discover how IAST provides a more efficient, accurate, and integrated approach to application security. Understand the inner workings of IAST, including its ability to detect vulnerabilities in real-time, analyze runtime libraries, and generate architecture diagrams. Gain insights into deploying IAST at scale and its impact on secure code delivery. Examine case studies of organizations that have successfully transformed their application security programs, reduced vulnerability backlogs, and aligned development and security teams. Discover key metrics for measuring the effectiveness of DevSecOps initiatives and how IAST can help achieve them.

Intro
Public expectations don't match reality
DevSecOps will fix everything
Instrumentation changes everything
Example: Detecting SQL injection
IAST
Runtime vulnerability snapshots
Runtime library analysis
Runtime route coverage
Runtime architecture diagrams
Deploying IAST at scale
DevSecOps - Getting secure code moving
Metrics that matter
Outro