Application Security
Where left is the right direction
About me
Software Developer
Application Security
Agile Enthusiast
Open source contributions
I am
I do
I am
I do
About me
Software Developer
Application Security
Agile Enthusiast
Open source contributions
I am
I do
I am
I do
Agenda
Definition
Why?
How?
Who?
Definition
Wikipedia
Application security encompasses measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Gary McGraw
"...maintains that application security is a reactive approach, taking place once software has been deployed. Software security, on the other hand, involves a proactive approach, taking place within the pre-deployment phase."
Wikipedia
finding
fixing
preventing
Gary McGraw
application security reactive approach
software security proactive approach
Why?
Implementation bugs
Architectural bugs
Inexpensive
Expensive
Cost to fix bugs
Cost to fix bugs
Left
Right
Cost to fix bugs
How to?
Software Development Life Cycle
SDLC
Design
Code
Learning
Habits
How?
Design
Code
Learning
Habits
How?
How to?
Security by Learning
Training
Security by learning
Capture the flag
Security by learning
Consulting
Security by learning
Security by learning
$ docker run tyro/challenge
Design
Code
Learning
Habits
How?
How to?
Secure by Design
Architecture Review
Secure By Design
Attack Trees
Secure By Design
Security Features
Secure By Design
Secure By Design
Design
Code
Learning
Habits
How?
How to?
Secure Code
Code Review
Secure Code
Static Analysis
Secure Code
Dependency Management
Secure Code
Secure Code
Design
Code
Learning
Habits
How?
How to?
Security Habits
Define Contracts
Security Habits
Build Pipeline
Security Habits
Pen Testing
Security Habits
Bug Bounty
Security Habits
Security Habits
How to?
Software Development Life Cycle
Reviewed!
SDLC Reviewed
Attack Trees
Security Features
Architecture Review
Code Review
Static Analysis
Dependency Management
Training
CTFs
Consulting
Contracts
Build Pipeline
Pen Testing
Bug bounty
Monitoring
Visibility
Drills
Infrastructure as Code
Who?
Responsibility
Accountability
Lessons
Title Text
Questions?
Application Security: Where left is the right direction
By Mário Areias
Application Security: Where left is the right direction
- 831