This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 22 • 11:05 - 11:50
Building An AppSec Pipeline: Keeping Your Program, And Your Life, Sane

Sign up or log in to save this to your schedule and see who's attending!

Are you currently running at AppSec program?  AppSec programs fall into a odd middle ground; highly technical interactions with the dev and ops teams yet a practical business focus is required as you go up the org chart.  How can you keep your far too small team efficient while making sure you meet the needs of the business all while making sure you’re catching vulnerabilities as early and often as possible?

At Pearson, the AppSec program was faced with a highly geographically dispersed company with a wide range of different development styles and business practices. The AppSec team and the business created an AppSec Pipeline to handle the work flow.  The pipeline starts with “Bag of Holding”, an open source web application which helps automate and streamline the activities of your AppSec team.  At the end of the pipeline is ThreadFix to manage all the findings from all the sources. Finally we incorporated a chatbot to tie all the information into one place. This talk will cover the motivation behind its AppSec pipeline, its implementation at Pearson and how it can help you get the most out of your AppSec program.

avatar for Aaron Weaver (Cengage Learning)

Aaron Weaver (Cengage Learning)

Application Security Manager, Cengage Learning
Aaron Weaver is the Application Security Manager at Cengage Learning. Prior to that he was at Protiviti where he built out their secure coding practice. Aaron has managed application security programs at large organizations and leads OWASP Philadelphia. Aaron speaks frequently at OWASP, AppSec USA/EU, Infragard, ISSA, ISACA, IIA and Velocity. When he has time Aaron likes to make sawdust in his workshop.

Friday May 22, 2015 11:05 - 11:50
Room E103 Amsterdam RAI

Attendees (13)