Shifting from Syntax to Secure Software Development Processes • Laura Bell Main • YOW! 2023

This presentation was recorded at YOW! Australia 2023. #GOTOcon #YOW https://yowcon.com Laura Main - Co-Founder & CEO of SafeStack @laurabellmain ORIGINAL TALK TITLE So Long, Secure Coding - Shifting from Syntax to Secure Software Development Processes RESOURCES https://twitter.com/lady_nerd https://linkedin.com/in/lauradbell https://github.com/ladynerd https://www.laurabellmain.com https://safestack.io/blog ABSTRACT If you still need to start to shift left, you're late. I mean, the whole world has been shifting application security left for about five years... especially in the wake of DevSecOps. But have we? Have we really? Let's look at the data from the language we use, the practices we recommend, the posts we make, and the frameworks we share. We are still stuck in a world focused on ""secure code"" when the code itself is only part of the picture when protecting our data, systems, and people. This talk will examine why we focus on secure code and how to move towards secure development. Laura will provide practical actions you can take throughout your SDLC, from initial ideas to ongoing systems maintenance and support that you can apply today, whether as an individual team member or across a more complex project. Let's say goodbye to our dreams of secure code and embrace the idea of secure systems development. [...] TIMECODES 00:00 Intro 03:51 AppSec 06:23 World is not as mature as we think 07:46 SDLC 11:12 Design 19:25 Code 24:14 Test 31:15 Deploy 35:30 Support 42:50 Summary 43:39 Outro Download slides and read the full abstract here: https://yowcon.com/sydney-2023/sessions/2979 RECOMMENDED BOOKS Laura Bell, Michael Brunton-Spall, Rich Smith & Jim Bird • Agile Application Security • https://amzn.to/3uxUIUI Laura Bell & Erica Anderson • Security for Everyone • https://www.holloway.com/b/security-for-everyone Izar Tarandach & Matthew J. Coles • Threat Modeling • https://amzn.to/40PCKbU Liz Rice • Container Security • https://amzn.to/3oU4iJe Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3 https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #ShiftLeft #DevSecOps #Security #Cybersecurity #SDLC #AppSec #SecureSoftwareDevelopment #SafeStack #OWASP #ThreatModeling #SecurityArchitect #Dependabot #LauraBellMain #YOWcon Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1