We are witnessing a fundamental change in how we perform web application security. The collision of several trends _outside_ of security not only make it possible, but incentivizes us to re-think and re-implement our application security programs. The same forces that promote micro-service architectures, containers and lambda functions push us toward more focused application security programs. The same capabilities that allow us to automate builds and orchestrate IT allow us to implement security testing as part of the process. We are moving to a more fully integrated approach, one that provides better security with lower friction between teams, and is less dependent on external (re: non-application) security tools. Development teams for years have pushed to become more agile, and now we can have agile application security as well. In this presentation, we discuss the trends driving these changes, then detail several new security technologies, and offer pragmatic advice on how to incorporate both new and existing tools into web application security testing.
Adrian Lane is a Security Strategist and brings over 25 years of industry experience to the Securosis team, much of it at the executive level. Adrian specializes in database security, data security, and software development. With experience at Ingres, Oracle, and Unisys, he has extensive experience in the vendor community, but brings a pragmatic perspective to selecting and deploying technologies having worked on "the other side" as CIO in the finance vertical. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. He has been invited to present at dozens of security conferences, contributed articles to many major publications, and is easily recognizable by his "network hair" and propensity to wear loud colors. Despite rumors, he is not the real Lawrence Waterhouse. But once you get past his windy rants on data security and incessant coffee consumption, he can be entertaining. Adrian is a Computer Science graduate of the University of California at Berkeley with post-graduate work in operating systems at Stanford University.
Setu Kulkarni, Vice President, Product Management, WhiteHat Security, is responsible for product vision, strategy, and direction at WhiteHat Security. Setu joins the WhiteHat leadership team after a 10+ year stint at TIBCO Software Inc., where he most recently led product management and strategy for the Operational Intelligence product portfolio.