James Wickett, Sr. Engineer at Signal Sciences, gave this talk at GOTO Conference in London last fall and the videos were made public just a few weeks ago. Below is the talk abstract and the video from the event. Enjoy!
Over the years, application security (appsec) has made progress, but it has also made some considerable mis-steps. Appsec focuses almost solely on developer awareness and secure development training as remediation. This isn’t sustainable and arguably does little good. There is a better way, but we have to separate ourselves from the core assumptions we have made that got us here. Lets journey together to find old truths and better approaches.
We will explore ways to make a change for the better across all levels of the development lifecycle, but we will focus on security testing early on in the development process. From this session, you will learn pragmatic approaches and tooling that will affect your development processes and delivery pipelines. You will walk away with code examples and tools that you can put into practice right away for security and rugged testing.
How To Effect Change in the Epistemological Wasteland of Application Security, by James Wickett at GOTO London 2015
Signal Sciences’ industry first Next Generation Web Application Firewall was built in response to our frustrations of trying to use legacy WAFs while enabling business initiatives like DevOps and cloud adoption. The Signal Sciences NGWAF works seamlessly across cloud, physical, and containerized infrastructure, providing security prioritization based on where your applications are targeted, and blocking attacks without breaking production traffic.