Next Gen Application Security
Very pleased to welcome Rachit Sood in (virtually) to cover Next Gen Application Security. We will start with News and Notes at noon, then Rachit will take over.
It's 2020, and we’re in a dystopian movie; socially distant, monitored and more reliant on technology and the internet than …well 2019!
But wait, there’s more; Bill just handed you a pentest report for your “secret sauce” app and it looks a lot like the OWASP Top 10 & much more … what now?
The world’s taking a break… we should too; So let's pause, take a deep breath and "zoom" out; ask and hopefully answer a few burning questions:
*Why are we using meet instead of the other app (NASDAQ: ZM)?
*What is appsec?
*What gen are we in ?
*Why are Next Gen Firewalls so cool?
*Can appsec even be next gen?
*Is Orange really the new Black?
*Can the Lannisters ever pay back their … “tech debt”?
*How do the big guys do it?
*What about the “secret sauce”?
*What is Risky Development?
*What's Burpmotron/DASTmotron? … there’s a tool/script drop
*Where do we go from here?
Disclaimer: This is a long talk but is designed to be fun, meme-ey, gif-ey and friendly to all stakeholders involved in pushing a piece of code to production and taking care of it after.
Warning: Bright flashing lights on 1 slide.
It’s pronounced Ru-ch-eet (ch = cheese) and now that we have that out of the way.
I am :
*Professional Cat herder, needful doer, whiteboard ninja, builder, breaker and hacker.
*Known as the “Appsec Guy” (Application Security Engineer) at CoverMyMeds.
*On the receiving end of Bill’s pentest reports for the last 6 years
*Likes: Strategy, Apps, Security, OAuth, CI, Project Managers, Corgis
*Dislikes: Vulnerable code, Project Managers, Studying for the CISSP