MY TAKEAWAYS FROM OWASP APPSEC USA 2016

August 5, 2016
MY TAKEAWAYS FROM OWASP APPSEC USA 2016

MY TAKEAWAYS FROM OWASP APPSEC USA 2016

Okay, I’ll admit that this blog comes a little late. But work pressures have kept me from writing this earlier than I would’ve liked to.To begin, my experience at the OWASP AppSecUSA this year was uh-maazing! It was great meeting old friends and making  new friends, while at the same time learning and discussing tons of Application Security at the event.The event started off on a high note for us at we45. We delivered a sold-out workshop on Security in DevOps (SecDevOps/DevSecOps) at the event. The interactions and engagement at the workshop, led me to firmly believe that creating automated, yet effective processes around security for DevOps implementations is the only way to go forward. We did many hands-on exercises including, Creating Customized Application Security Test Automation for CI services, Secrets Management, Integrating instrumented scans for tools like OWASP ZAP and w3af and much more. I learned much from the audience as I hope they did from me. Here are some of the testimonials from participants in the workshop.

One of the key themes for the rest of the conference was centered extensively around Security in DevOps and creating automated security pipelines. Some of my favourite talks were:

One thing that emerged from this conference is that the Application Security industry is clearly committed to ensuring that Application Security stays in step with the massively disruptive and quick-to-change trends in a world of Continuous Delivery. While I was elated at the fact that our team at we45 have been implementing several elements of what was being highlighted in this conferences, with our clients and our workshops, I also took away some great content from some of the smartest people in the security world.I am looking forward to more Security in DevOps and what I am sure, would be rapidly evolving tech in this space. One thing I can say for sure, we45 will be working overtime to deliver the best in Security in DevOps (SecDevOps) for our clients and trainees in 2017 and beyond. I’d like to thank the organizers, volunteers and office bearers at OWASP for bringing us a great conference.