Developer-Centric AppSec In Practice

The idea of shifting application security left is widely accepted. Automating testing close to the code ensures that potential vulnerabilities are found quickly, and developer-centric security platforms allow software engineers to push fixes while they are working in the code base. Once implemented, your team can confidently ship secure applications without disruption to existing workflows. But what does it look like in practice?A full application security program is often thought of as static application security testing (SAST), dynamic application security testing (DAST), and software composition analysis (SCA).

In this session, StackHawk's CTO, Scott Gerlach, will demonstrate how these three types of application security testing can work together, automated in the delivery pipeline to surface potential vulnerabilities and equip developers to own the fix.