Friday, May 22 • 11:05 - 11:50
Building An AppSec Pipeline: Keeping Your Program, And Your Life, Sane

Sign up or log in to save this to your schedule and see who's attending!

Are you currently running at AppSec program?  AppSec programs fall into a odd middle ground; highly technical interactions with the dev and ops teams yet a practical business focus is required as you go up the org chart.  How can you keep your far too small team efficient while making sure you meet the needs of the business all while making sure you’re catching vulnerabilities as early and often as possible?

At Pearson, the AppSec program was faced with a highly geographically dispersed company with a wide range of different development styles and business practices. The AppSec team and the business created an AppSec Pipeline to handle the work flow.  The pipeline starts with “Bag of Holding”, an open source web application which helps automate and streamline the activities of your AppSec team.  At the end of the pipeline is ThreadFix to manage all the findings from all the sources. Finally we incorporated a chatbot to tie all the information into one place. This talk will cover the motivation behind its AppSec pipeline, its implementation at Pearson and how it can help you get the most out of your AppSec program.

avatar for Aaron Weaver

Aaron Weaver

Application Security Manager, NA Bancard
Aaron Weaver is the Application Security Manager at NA Bancard. Prior to that he was at Cengage Learning and Protiviti where he built out their secure coding practice. Aaron has managed application security programs at large organizations and leads OWASP Philadelphia. Aaron speaks... Read More →

Friday May 22, 2015 11:05 - 11:50
Room E103 Amsterdam RAI

Attendees (0)