Join us for Denver OWASP's January Meeting

Please come join us for our OWASP Denver meeting. Enjoy some great food, drinks and networking courtesy of Solutions II. Come network beforehand and after the presentation (which will start shortly after 6:00)

TOPIC: Adding an S to SDLC: Building a plan for ‘going left’

As application security programs mature and grow, the number of concerns they are trying to address increases quickly. Part of this increase in the number concerns is attributable to the now popular ideas of Agile development, DevSecOps, and "moving security left". In this presentation, I will present a framework to organize these concerns and help an organization build a plan that fits their needs and capabilities. I will focus on the prerequisite concepts and information that are passed over by the majority of security organizations that are trying (but struggling) to keep up with their development counterparts, but seem to be well understood by the organizations who are having the most success. I will discuss the state of security scanning products and why understanding how they work, what they can do, and what they can’t do is key to building an assessment process that provides real security value to your organization and the software that it produces.

PRESENTER: Zach Jones

Zach Jones is the Senior Manager of Static Code Analysis within WhiteHat Security’s Threat Research Center. Zach joined WhiteHat as an ethical hacker in 2011 and has since had the opportunity to deliver and develop services in both DAST and SAST gaining expertise in scanning, manual testing, and source code review. Prior to joining WhiteHat, Zach was a systems architect for a Houston based online photo-lab, and before that spent several years as an aspiring golf professional. In 2013, Zach joined WhiteHat’s research and development team to begin operationalizing WhiteHat’s new Sentinel Source offering. Since then, he has built an international team that is responsible for scanning and verifying results for over 250 million lines of code daily, covering five programming languages. Currently, Zach’s primary role beyond managing the service delivery team for Sentinel Source involves working directly with WhiteHat’s largest customers to implement SAST within their SDLC helping development and security organizations partner better to deliver more secure software.