Front Range OWASP Conference 2013/Sessions/Sess3 Mgmt1

From OWASP
Revision as of 22:18, 9 March 2013 by Mark Major (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Using SaaS and the Cloud to Secure the SDLC

This session will cover Software as a Service (SaaS) offerings and how they can be effectively utilized in web security development efforts. Over the last few years, cloud services (i.e. SaaS) have been increasingly used as both a starting point for application security efforts and as a full outsourcing of the appsec program. However, by the very nature of cloud outsourcing and delivery, it is difficult to evolve this approach into a mature secure development lifecycle. Developer involvement is a necessity, and the solution has been to bring vulnerability assessment technologies in house. But recently, organizations have started to deploy a mixture of on-premise and cloud appsec solutions as an alternative to the all or nothing paradigm of on-premise or SaaS.

Topics covered include:

  • Overview of vulnerability assessment using SaaS
  • Overview of on-premise vulnerability scanning in the SDLC
  • Challenges of on-premise and SaaS implementations
  • Private cloud variations of on-premise and SaaS offerings
  • Hybrid on-premise/cloud implementations in the SDLC
  • Use of automation and integration with development infrastructure to ease developer adoption of on-premise/cloud appsec implementations
  • How organizations can use SaaS to get started with application security and mature into a robust software security assurance program featuring on-premise and cloud deployments.

Slides Video

Andrew Earle

Andrew Earle is a Security Solutions Architect for HP Enterprise Security Products (ESP). Andy has spent 3+ years designing and delivering application security programs, technology, and services for US Federal and commercial customers, specifically around HP's Fortify appsec products. Andy was previously the product manager for a high assurance multi-level secure operating system at BAE Systems, and Presales Engineer for various web development and mobile security firms. Early experience includes software engineering, mobile application development, and lifeguarding at his neighborhood pool. Andy has a B.S. in Systems Engineering from the University of Virginia.
Andrew Earle