OWASP AppSec EU 2018 DevOps Track - Day 1, talk 5

The last decade has seen significant changes in how organizations develop and release software- fleets of servers are provisioned programmatically and new code is pushed to production dozens of times a day. Oftentimes, developers outnumber security engineers by 100:1 or more. How do you keep up?
Join us as we share pro-tips and actionable lessons learned from a number of San Francisco Bay Area software companies with mature security teams. Topics discussed will include:
* Effective ways to get buy-in for new security requirements from security management, security engineers, and developers
* High value engineering projects that can prevent classes of bugs
* An overview of static and dynamic analysis, fundamental trade-offs, and tips on building your own
* How and where to integrate static and dynamic analysis into the CI/CD process to find potential dangers quickly and reduce risk
* Monitoring in production tips - detecting users with malicious intent and adding telemetry to detect successful attacks
* Open source tools that help with one or more of the above, and more
Attendees will leave with specific steps they can take to improve their organization's security posture, some perspective on how other companies have addressed common security challenges, and a few longer term, more ambitious security process goals

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...