This is a double header edition of the OWASP Vancouver meet-up series, with intermission and opportunity to socialize and network!
Redefining Threat Modeling: Security team goes on vacation (6:00-7:00pm)
By: Jeevan Singh (Segment)
Threat Modeling is an important part of every company's Security Development Lifecycle, but as development teams grow bigger Security will either have to choose which features they want to Threat Model or they will become a bottleneck for the development organization.
What if I told you, you can have your cake and eat it too. It is possible to scale your threat modeling program to *every* feature and you don't have to be a bottleneck to the development organization. What if I also told you that the Threat Models in this utopia are also of higher quality as well.
In this utopian world, Threat Modeling is no longer the Application Security team's responsibility. The responsibility now lies with the development teams. Self-serve Threat Modeling is the way of the future.
Speaker Bio:
Jeevan Singh is a Security Engineering Manager for a software company, where he is embedding security into all aspects of the software development process. Jeevan enjoys building security culture within organizations and educating staff on security best practices. Jeevan is responsible for a wide variety of tasks including: architecting security solutions, working with development teams to resolve security vulnerabilities and building out security features. Before life in the security space, Jeevan had a wide variety of development and leadership roles over the past 15 years.
Practical Approaches to Integrating SAST (7:00-8:00pm)
By: David Scrobonia (Boost Security)
Adding SAST or security linters to your pipeline can be a great lever for security, but knowing what tools to use and how to integrate them with development teams can be difficult. This talk will discuss what types of open source tools to use, how best to use them so that your dev teams aren't overwhelmed, and highlight a few real world examples of integrating static analysis tools at scale.
Speaker Bio:
David Scrobonia is part of Engineering team at Boost Security working to secure modern web apps and AWS infrastructure. He contributes to open source and has been a core team member of the OWASP ZAP project.