Promoting security awareness and development.

« Back to Events

August 14th, 2020 meeting

Fri, Aug. 14, 2020 2:00pm — 4:00pm

Add this to Calendar

 

DATE:

August 14th, 2020

TIME:

2:00pm to 4:00pm (PST)

VENUE:

Zoom Online meeting

Please obtain passcode to enter meeting from email confirmation

RSVP Required – register at Zoom

TOPIC(S):

The Clutter that’s Choking AppSec

PRESENTER(S):  

Rahul Raghavan (Co-Founder and Chief Evangelist, we45)

 

 

 

ABSTRACT

 

Increasingly shorter agile development sprints and mandatory security
assessments are putting pressure on product teams to deliver secure applications faster
than ever. Further, inorganic adoption of security tooling sometimes creates information
overload that does more harm than good.


What’s going wrong:
• Results from SAST, DAST and SCA tools create large vulnerability data sets that are
difficult to act upon.
• Automated scan results from security tools are replete with false positives and duplicate
entries that make remediation troublesome.
• Manual methods of triaging vulnerability data sets are inefficient and lower productivity.
• Improper vulnerability management increases friction between security and engineering
teams.

What the audience will glean from this talk:
• How automated methods of vulnerability correlation and de-duplication can significantly
reduce your AppSec testing time.
• How to effectively integrate vulnerability remediation with the engineering workflow.
• Understand the basic anatomy of a vulnerability to effectively prioritise and fix security bugs
faster and better!


Why should they care:
• Without a change in approach, application security professionals and engineering teams
will continue to delay development schedules and product release dates, or risk releasing a
product that is not entirely secure.


Who should attend:
• Security professionals who face problems managing vulnerabilities.
• Engineering teams who find the current vulnerability remediation workflow problematic.
• CISO’s who want to lay down a mature and efficient AppSec Program.

 

 

BIOGRAPHY

 

Rahul is the Co-Founder and Chief Evangelist at we45.


The sheer pervasiveness of applications, their associated software engineering process and
therefore the variance of application security quotient across software teams is what drives
Rahul’s primary role as an AppSec Advocate at we45.


Having worked on both the building and breaking sides of product engineering, Rahul
appreciates both the constraints and the opportunities of imbibing security within the
software lifecycle. This understanding created a natural segue for we45’s custom security
solution engineering and enhanced AppSec service delivery models for its global customers.


As an active DevSecOps Marketer, Rahul works closely with the offices of CTOs and CIOs
in the setting up of cross functional skill building and collaboration models between
engineering, QA and security teams to build and manage software security maturity
frameworks.


Rahul is Certified Information Systems Auditor (CISA) and is a regular speaker at global
conferences, seminars and meetup groups on the following topic areas
1. Application Security Automation and DevSecOps
2. AppSec Tooling
3. Threat Modeling in Agile Engineering
4. QA: Security Mapping
5. Automation ROI Modelling
6. AWS Security
7. Secure Software Maturity Models

 

 RSVP Required - register at Zoom