The Art Shaping Application Security at Scale with Seth J. Kirschner
Dev Academy Podcast - Un pódcast de Bartosz Pietrucha
Categorías:
Web Security Dev Academy WAITING LIST: http://links.dev-academy.com/f7y Secure your spot and receive exclusive bonuses 🎉 The conversation explores the topic of application security maturity within organizations and its relationship with developers, teams, management, and products. The guest, Seth, shares his insights and experiences in building application security programs. He emphasizes the importance of communication channels and learning and development opportunities for developers. Seth also discusses the role of security champions and the implementation of guardrails as preventative controls. The conversation highlights the challenges of onboarding new developers and suggests strategies such as automated messaging, open communication channels, and recognition programs. In this conversation, Seth Kirschner discusses various aspects of application security, including the challenges faced by developers, the importance of collaboration between security and development teams, and strategies for incentivizing developers to prioritize security. He also shares insights on implementing security programs, dealing with vulnerabilities, and the future of application security. The conversation highlights the significance of software supply chain security as a major threat in the coming years. Takeaways Building an application security program starts with knowing the company, people, and applications. Open communication channels and establish training and resources for developers to understand security best practices. Security champions are individuals who have an interest in security and can lead efforts within their teams. Guardrails are preventative controls that guide developers to make better decisions and prevent misconfigurations. Onboarding new developers should involve gradual exposure to security guidelines and resources. Recognition programs, such as leaderboards, can motivate developers to engage in security practices. Collaboration between security and development teams is crucial for effective application security. Incentivizing developers through monetary and non-monetary rewards can encourage them to prioritize security. Choosing the right vulnerability scanning tools and evaluating their fit for the organization is important. Regularly reviewing and updating security practices and tools is necessary for program maturity. In small organizations, outsourcing or seeking guidance from trusted advisors can help establish basic security measures. Software supply chain security, particularly open source models and code bases, poses a significant threat in the future. #DevSecOps #SecureCoding #AppSecTips #CodeSecurity #TechTrends #DevelopersLife #CodingBestPractices