How to Verify for Security Early and Often
Katy Anton at DevSecCon24 2020
In many organizations testing for security is done following a “scan-then-fix” approach. The security team runs a scanning tool or conducts a pen test, triages the results, and then presents the development team a long list of vulnerabilities to be fixed right away. This is often referred to as ""the hamster wheel of pain"". There is a better way.
As part of this presentation we will explore how to inject security verification in every step of the software development . We will discuss how to make security assessment an integral part of developers’ software engineering practice and which OWASP projects can be leveraged for this.
Recommended to everyone looking to build more secure software from the start.
Katy Anton
Katy Anton is a security professional with a background in software development. An international public speaker, she enjoys speaking at both developers and security events about secure coding and how to secure the software.
In her previous roles she led software development teams and implemented security best practices in software development life cycle. As part of her work she got involved in OWASP Top Ten Proactive Controls project where she joined as project leader.
In her current role as Principal Application Security Consultant at Veracode, Katy works with security teams and developers around the world and helps them secure their software.
As part of this presentation we will explore how to inject security verification in every step of the software development . We will discuss how to make security assessment an integral part of developers’ software engineering practice and which OWASP projects can be leveraged for this.
Recommended to everyone looking to build more secure software from the start.
Katy Anton
Katy Anton is a security professional with a background in software development. An international public speaker, she enjoys speaking at both developers and security events about secure coding and how to secure the software.
In her previous roles she led software development teams and implemented security best practices in software development life cycle. As part of her work she got involved in OWASP Top Ten Proactive Controls project where she joined as project leader.
In her current role as Principal Application Security Consultant at Veracode, Katy works with security teams and developers around the world and helps them secure their software.