During our work as penetration testers we found that there are a lot of vulnerabilities being introduced in applications that could have been prevented in an early stage of development.
The latest trend in integrating security tooling into CI/CD pipelines. However, security tooling integrated in your security pipe-lines will not cover the whole attack surface. This is because the tooling can never understand the full context of the applications functions and logic. On the other hand, resources in the form of manual verification can often be scarce and expensive.
So what is the right balance and how can we make the most impact? By Guiding and training the developers and enabling them in writing secure software.
We created an online free to use, fully open-source platform that enables you to learn about building secure software using materials from the best resources available and practice them in hands-on labs. We currently have 3 different tracks that you can follow, Defensive secure coding, Offensive security testing and Infra security. Now you can have everything you need, training & guidance for doing AppSec right!
This aim of this talk will be to guide everybody willing to take the maturity of their security in software development to a higher level.
He has over 15 years of experience in the field with a background in software development, hacking and security engineering. Currently working at ING Bank Belgium as a Security Chapter Leader. Also Glenn is very active in the open source community and is currently one of the Global Board of Directors at OWASP and he is part of the OpenSSF Software & Education group.
Also Glenn created together with his brother one of the OWASP Flagship projects, Security Knowledge Framework, that is dedicated to helping developers and organisations approach security by design. He is also well known in the field of secure development training, offering training workshops at universities and companies around the world.