How to Effect Change in the Epistemological Wasteland of App Security • James Wickett • GOTO 2015

This video was recorded at GOTO London 2015 http://gotoldn.com James Wickett - Senior Engineer at Signal Sciences Corp. Over the years, application security (appsec) has made progress, but it has also made some considerable mis-steps. Appsec focuses almost solely on developer awareness and secure development training as remediation. This isn't sustainable and arguably does little good. There is a better way, but we have to separate ourselves from the core assumptions we have made that got us here. Lets journey together to find old truths and better approaches. Download slides and read the full abstract here: http://gotocon.com/goto-london-2015/#!#schedulePopupExtras-7000 TIMECODES 0:00 Introduction 0:12 How to effect change in the Epistemological Wasteland of Application Security 1:54 SUMMARY 3:59 EPISTEMOLOGICAL PROBLEM OF SOFTWARE DEVELOPMENT 5:32 TLDR; RAPID ITERATIONS WIN 5:52 THE WORLD HAS CHANGED SINCE AGILE 6:26 DEVOPS IS THE APPLICATION OF AGILE METHODOLOGY TO SYSTEM ADMINISTRATION -THE PRACTICE OF CLOUD SYSTEM ADMINISTRATION BOOK 6:44 AGILE INFRASTRUCTURE 11:21 SEPARATION OF DUTIES CONSIDERED HARMFUL 11:54 REDUCE CODE LATENCY INCREASE CODE VELOCITY 17:49 INTEGRATED RUGGED TESTING SHOULD SIT INSIDE THE PIPELINE 24:32 PUT SECURITY TESTING IN YOUR CONTINUOUS INTEGRATION SYSTEM 25:27 ADD APPLICATION SECURITY TELEMETRY TO DEVS AND OPS https://twitter.com/gotoldn https://www.facebook.com/GOTOConference http://gotocon.com Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter