SecAppDev 2023 lecture details
42 things
This session covers 42 things about appsec. SIX software security zombies. TEN software security flaws. SEVEN software security myths. SEVEN startup lessons. FOUR CISO tribes. SEVEN things I learned in 21 years. Oh, and ONE BONUS THING.
Wednesday June 14th, 11:00 - 12:30
Room West Wing
Download handoutsAbstract
Software security is hard and being successful is about a lot more than performing risk analysis or following secure coding guidelines. It takes knowledge of the technical aspects, but just as well the skills to navigate people involved.
In this session, we discuss all that in 42 things based on my decades of experience. SIX software security zombies. TEN software security flaws. SEVEN software security myths. SEVEN startup lessons. FOUR CISO tribes. SEVEN things I learned in 21 years. Oh, and ONE BONUS THING.
Key takeaway
A treasure trove of advice based on the experience of a pioneer in the field of software security, or "42 things" in short
Content level
Introductory
Target audience
All SecAppDev participants
Prerequisites
None
Gary McGraw
CEO, Berryville Institute of Machine Learning
Expertise: Software security, machine learning security, security engineering
Related lectures
Building a secure Software Development Lifecycle
Introductory lecture by Avi Douglen in room West Wing
Monday June 12th, 11:00 - 12:30
How does an SDLC become a secure SDLC? In this session, we use real-world stories to identify and overcome challenges to integrate security into a development lifecycle. You will learn how to build and implement a high-value AppSec program.
Key takeaway: Learn how to initiate a software security program, manage the program on ongoing basis, keep it sustainable, and build stakeholder engagement and buy-in
Third-party library security management
Deep-dive lecture by Jim Manico in room West Wing
Wednesday June 14th, 14:00 - 15:30
Managing third party library dependence is one of the most difficult challenges in software development and requires significant process and technical discipline. This session offers actionable advice on getting this challenge under control.
Key takeaway: To handle third-party dependencies securely, you need to reduce the amount of libraries you use, vet the ones you use, and keep them up to date
OpenAPI: the common language of APIs
Deep-dive lecture by Isabelle Mauny in room Lemaire
Monday June 12th, 14:00 - 15:30
Understand how API contracts can be written in with the OpenAPI standard and leveraged across the API lifecycle, including for security.
Key takeaway: Learning about the power and extensibility of OpenAPI and its application across the API lifecycle.