Making the Web Secure, by Design!

Name: Glenn Ten Cate, ING Security Chapter Leader, ING Belgium
Topic: Making the Web Secure, by Design!
Date of Webinar: 9th October 2018
Time and Location: 11am Brussels Time/ 2:30pm IST/ 5:00pm SGT

Speaker Bio: As a coder, hacker, speaker, trainer and security researcher employed at ING Belgium, Glenn has over 10 years of experience in the field of security. He is one of the founders of defensive development [defdev], a security training series dedicated to helping you build and maintain secure software, and has also spoken at multiple security conferences around the world.

Glenn is also an expert on implementing security test automation in CI/CD pipelines. This helps create short feedback loops back to the developer and prevents bugs from getting into production at an early phase in the development lifecycle.

Topic Abstract: While working as a penetration tester, you are bound to come across numeral vulnerabilities that are introduced through applications. Most of these vulnerabilities could have been prevented while developing the application.
The latest trend in the industry is integrating security tooling into CI/CD pipelines, however, security tools integrated into your security pipe-lines is not sufficient to protect the whole attack surface. This is because the tool can never comprehend the full context of the functions and logic of the application. On the other hand, resources in the form of manual verification can often be scarce and expensive.

Where do we find the right balance between security test automation and manual verification?
More importantly, how do we train the developers to understand the metrics and make security part of their process and culture?
This could have been achieved by setting up an (S)SDLC, but what does a good (S)SDLC consists of?
This talk will guide you on how to take the maturity of your security in software development to the next level.