Costs of Coding to Compliance
Magen Wu at AppSec California 2018
The problem with most compliance, such as PCI, is that when you manage a project, design, or code only to the line of compliance, there are going to be security gaps. When you have gaps, your risk gets higher, and it becomes more costly to fill those gaps later.
This talk will describe the requirements of some compliance frameworks and the gaps that can occur when you’re following the bare minimum secure coding practices that they require. The presenters will also give suggestions on how to address these gaps and how to plan for future risk as your applications and dependencies grow and requirements change.
The approach will look at prioritizing security initiatives to better manage risk as they pertain to application security and create more efficient processes as they relate to software development. Together, these will increase the ability to prevent, detect, and respond to security events that threaten your apps while supporting compliance initiatives.
At the end of the presentation attendees will have a good understanding of how a more mature security posture and implementing a framework that also allows you to follow secure coding practices can help harden even your more robust applications, as well as address compliance requirements for application security.
Magen Wu has over 10 years of specialized IT experience, is a Sr. Consultant with Rapid7's Strategic Advisory Service group. In her career, she has consulted with organizations in multiple industries including: state and local government, education, retail, technology, and healthcare. Magen received her Bachelor’s degree in IT Management, with a focus on Information Security and is currently enrolled with Southern New Hampshire University, earning a Master’s degree in Industrial and Organizational Psychology. Outside of work, Magen spends her time as the senior lead for DEF CON workshops and presenting at several conferences a year.
This talk will describe the requirements of some compliance frameworks and the gaps that can occur when you’re following the bare minimum secure coding practices that they require. The presenters will also give suggestions on how to address these gaps and how to plan for future risk as your applications and dependencies grow and requirements change.
The approach will look at prioritizing security initiatives to better manage risk as they pertain to application security and create more efficient processes as they relate to software development. Together, these will increase the ability to prevent, detect, and respond to security events that threaten your apps while supporting compliance initiatives.
At the end of the presentation attendees will have a good understanding of how a more mature security posture and implementing a framework that also allows you to follow secure coding practices can help harden even your more robust applications, as well as address compliance requirements for application security.
Magen Wu has over 10 years of specialized IT experience, is a Sr. Consultant with Rapid7's Strategic Advisory Service group. In her career, she has consulted with organizations in multiple industries including: state and local government, education, retail, technology, and healthcare. Magen received her Bachelor’s degree in IT Management, with a focus on Information Security and is currently enrolled with Southern New Hampshire University, earning a Master’s degree in Industrial and Organizational Psychology. Outside of work, Magen spends her time as the senior lead for DEF CON workshops and presenting at several conferences a year.