FREE WORKSHOP: Scaling your AppSec Program with Semgrep

Sunday, April 25, 1:00pm - 3:00pm (EDT)

JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277150000/

Between Agile, DevOps, and infrastructure as code, development is happening faster than ever. As a security team, it can be tough to keep up.

How can you help empower your engineering counterparts to ship software quickly and securely?

An increasingly popular answer is secure defaults - make it easy to do the secure thing, and hard to do the insecure thing, whether that’s parsing XML files, interacting with the database, authorization, or any other security-relevant functionality.

Done properly, secure defaults (also called “guardrails” or building a “paved road”) can effectively eliminate classes of vulnerabilities from ever occurring in the first place, effectively scaling your security team.

The power of secure defaults has been praised by established companies like Netflix, Google, Facebook, and Microsoft as well as rapidly growing mid-sized companies and even start-ups.

“But I don’t have a FAANG-sized budget or headcount, what can I do?”

This workshop will show you:
-How to start getting security coverage of all of your repos continuously in CI in minutes
-Best practices in rolling out continuous code scanning - what to focus on, what to ignore, and how to maintain good working relationships with development teams
-How to use this scanning to enforce secure defaults across your org
-How to enforce security best practices unique to your organization using the open-source static analysis tool Semgrep, around nuances like authorization, authentication, secret management, etc.

This workshop will be part big picture ideas and best practices, and a lot of hands-on examples and demos. You’ll leave with some insights, open-source tools, and actionable tips to get started immediately.

PRE-REQUISITE: A GitHub account.

INSTRUCTOR: CLINT GIBLER

Clint Gibler (@clintgibler) is the Head of Security Research for r2c, a startup working on giving security tools directly to developers. Previously, Clint was a Research Director at NCC Group, a global security consulting firm, where he helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and many DevSecCons. Clint holds a Ph.D. in Computer Science from the University of California, Davis. Want to keep up with security research? Check out *tl;dr sec*, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web. https://tldrsec.com/

JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277150000/

Add to Calendar 2021/04/25 13:00:00 2021/04/25 15:00:00 America/Toronto FREE WORKSHOP: Scaling your AppSec Program with Semgrep JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277150000/

Between Agile, DevOps, and infrastructure as code, development is happening faster than ever. As a security team, it can be tough to keep up.

How can you help empower your engineering counterparts to ship software quickly and securely?

An increasingly popular answer is secure defaults - make it easy to do the secure thing, and hard to do the insecure thing, whether that’s parsing XML files, interacting with the database, authorization, or any other security-relevant functionality.

Done properly, secure defaults (also called “guardrails” or building a “paved road”) can effectively eliminate classes of vulnerabilities from ever occurring in the first place, effectively scaling your security team.

The power of secure defaults has been praised by established companies like Netflix, Google, Facebook, and Microsoft as well as rapidly growing mid-sized companies and even start-ups.

“But I don’t have a FAANG-sized budget or headcount, what can I do?”

This workshop will show you:
-How to start getting security coverage of all of your repos continuously in CI in minutes
-Best practices in rolling out continuous code scanning - what to focus on, what to ignore, and how to maintain good working relationships with development teams
-How to use this scanning to enforce secure defaults across your org
-How to enforce security best practices unique to your organization using the open-source static analysis tool Semgrep, around nuances like authorization, authentication, secret management, etc.

This workshop will be part big picture ideas and best practices, and a lot of hands-on examples and demos. You’ll leave with some insights, open-source tools, and actionable tips to get started immediately.

PRE-REQUISITE: A GitHub account.

INSTRUCTOR: CLINT GIBLER

Clint Gibler (@clintgibler) is the Head of Security Research for r2c, a startup working on giving security tools directly to developers. Previously, Clint was a Research Director at NCC Group, a global security consulting firm, where he helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and many DevSecCons. Clint holds a Ph.D. in Computer Science from the University of California, Davis. Want to keep up with security research? Check out *tl;dr sec*, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web. https://tldrsec.com/

JOIN OUR MEETUP GROUP: https://www.meetup.com/OWASP-DevSlop-Project/events/277150000/
https://youtu.be/DfU1SFfNrU0 false MM/DD/YYYY 30 OPAQUE alqcujNovzVzusUtJmmM104566

Sunday, April 25, 1:00pm - 3:00pm (EDT)

https://youtu.be/DfU1SFfNrU0

OWASP DevSlop Team, owasp.devslop@gmail.com