SecAppDev 2023 lecture details

Building a secure Software Development Lifecycle

How does an SDLC become a secure SDLC? In this session, we use real-world stories to identify and overcome challenges to integrate security into a development lifecycle. You will learn how to build and implement a high-value AppSec program.

Monday June 12th, 11:00 - 12:30
Room West Wing
Download handouts
OWASP top 10
Secure Coding
Abstract

Jim Manico once stated, "Software developers are security engineers, whether they know it, admit it, or like it.". But how does software engineering become security engineering? How does the software development lifecycle (SDLC) become secure?

This session will dive into the meaning of a secure SDLC, covering its various aspects, challenges, and pitfalls. We also explore how to hit the mark on that delicate trade-off between developer velocity and security assurance. You will walk away with actionable guidance on building and implementing a high value AppSec program.

Key takeaway

Learn how to initiate a software security program, manage the program on ongoing basis, keep it sustainable, and build stakeholder engagement and buy-in

Content level

Introductory

Target audience

Developers, dev leads, appsec engineers, security champions.

Prerequisites

Some experience with software development, preferably having been through a whole feature lifecycle from development through deploying to production (not mandatory)

Join us for SecAppDev. You will not regret it!

Avi Douglen
Avi Douglen

CEO, Bounce Security

Expertise: Product security, security processes, security tools, and threat modeling

More details

Join us for SecAppDev. You will not regret it!

Related lectures

Third-party library security management

Deep-dive lecture by Jim Manico in room West Wing

Wednesday June 14th, 14:00 - 15:30

Managing third party library dependence is one of the most difficult challenges in software development and requires significant process and technical discipline. This session offers actionable advice on getting this challenge under control.

Key takeaway: To handle third-party dependencies securely, you need to reduce the amount of libraries you use, vet the ones you use, and keep them up to date

OWASP top 10
Secure Coding
Supply chain security

OpenAPI: the common language of APIs

Deep-dive lecture by Isabelle Mauny in room Lemaire

Monday June 12th, 14:00 - 15:30

Understand how API contracts can be written in with the OpenAPI standard and leveraged across the API lifecycle, including for security.

Key takeaway: Learning about the power and extensibility of OpenAPI and its application across the API lifecycle.

API security
OWASP top 10
Secure Coding

42 things

Introductory lecture by Gary McGraw in room West Wing

Wednesday June 14th, 11:00 - 12:30

This session covers 42 things about appsec. SIX software security zombies. TEN software security flaws. SEVEN software security myths. SEVEN startup lessons. FOUR CISO tribes. SEVEN things I learned in 21 years. Oh, and ONE BONUS THING.

Key takeaway: A treasure trove of advice based on the experience of a pioneer in the field of software security, or "42 things" in short

Threat modeling
OWASP top 10
Secure Coding
all workshops all lectures

SecAppDev offers the most in-depth content you will find in a conference setting