This course teaches learners how to scale up their application security (AppSec) programs by incorporating principles from DevOps, Agile, and CI/CD methodologies. The course covers real-world experiences from running AppSec groups at companies with large portfolios and international presence. By implementing practices such as automation, orchestration, and ChatOps, participants will learn how to speed up and scale up their AppSec programs. The course also provides practical examples of these practices in action, such as quick provisioning of recurring static scanning, 24/7 remediation advice for developers, and fast report generation. The intended audience for this course includes AppSec professionals looking to enhance their skills and scale up their security programs.
Doing AppSec at Scale - DevOps + Agile + CI/CD == AppSec Pipelines
Overview
Syllabus
Intro
The Phoenix Project
Workflow
Flow Rate
Repeatable
Scripts
Defects
Local Optimization
Burrito analogy
AppSec Pipelines
Knapsack Workflow
Key Features
AppSec Pipeline
AppSec Intake
Pipeline Testing
Why do we like pipelines
What does Bo do
Software Activities
Improve Feedback
Ask the Bot
Culture of Innovation
OS Project
Taught by
LASCON
