Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure by Design - Across the Stack

Abhay Bhargav
September 20, 2024
0
140

Secure by Design - Across the Stack

Presented by Abhay Bhargav, Founder of AppSecEngineer and we45, this insightful talk delves into the future of software security through Secure by Design principles. Discover how to apply the Pareto Principle to strategically secure every layer of your tech stack—from application to deployment. Abhay, with over 15 years of expertise in AppSec automation and DevSecOps, will guide you through practical, scalable approaches that empower engineering teams to take ownership of security. Whether tackling source code, builds, or supply chains, this talk provides actionable strategies to drive security across distributed applications with speed and precision.

Abhay Bhargav

September 20, 2024
Tweet

More Decks by Abhay Bhargav

See All by Abhay Bhargav
Policy-as-Code: Across the Stack - OWASP AppSec DC 2023 | Abhay Bhargav
abhaybhargav
0
610
Flaming Hot SLSA!
abhaybhargav
1
620
SecAppDev - Fantastic API Security Vulnerabilities and where to find them
abhaybhargav
1
100
SecAppDev 2022 - Everything as code
abhaybhargav
0
130
Hook, Line and Sinker - Pillaging API Webhooks
abhaybhargav
0
810
DevSecOops - Stories of DevSecOps Failures and Success
abhaybhargav
0
1.6k
Practical DevSecOps Pipelines
abhaybhargav
1
350
A Hitchhikers Guide to Secrets Management in the Cloud - OWASP Seattle
abhaybhargav
0
300
Agile Threat Modeling-as-Code
abhaybhargav
2
730

Featured

See All Featured
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
What's in a price? How to price your products and services
michaelherold
243
12k
The Language of Interfaces
destraynor
154
24k
Intergalactic Javascript Robots from Outer Space
tanoku
269
27k
GitHub's CSS Performance
jonrohan
1030
460k
Adopting Sorbet at Scale
ufuk
73
9.1k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
The Pragmatic Product Professional
lauravandoore
31
6.3k
Producing Creativity
orderedlist
PRO
341
39k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k

Transcript

  1. The complete Product Security Training Suite appsecengineer.com Secure by Design:

    Across the Stack

  2. About Me • Founder at AppSecEngineer and we45 • Built

    the world’s first DevSecOps Practice and Training - Lead train at Black Hat, OWASP, etc. • AppSec Automation Expert with over 15 years of experience • Built the world’s first Threat Modeling as Code Project • Author of multiple books on AppSec @abhaybhargav

  3. Agenda • What is “Secure by Design”? • Why do

    it? • Pareto Principle - “Secure by Design” across the stack • Conclusions @abhaybhargav

  4. What is “Secure by Design”? @abhaybhargav

  5. Why? Source: Krebs on Security Source: CyberArk

  6. Why do this? • Secure by Design is essential. It

    seems to be making its way into Software-originating Liability • Secure by Design is the way to achieve a higher level of collaboration and ownership from Engineering teams • Secure by Design - Only way to secure distributed apps with scale and speed @abhaybhargav

  7. The “Stack” @abhaybhargav

  8. What we want • Activities that give us asymmetric returns

    - Pareto Principle • Tactical and Implementable • Works across the stack • Complementary @abhaybhargav

  9. Application - Secure by design Pareto @abhaybhargav

  10. Source and Build - SBD Pareto

  11. Supply-Chain SBD - Pareto @abhaybhargav

  12. Deployment - SBD - Pareto

  13. Thank you References: • CISA Secure by Design • CISA

    Secure by Design Pledge • SLSA - Supply-Chain Security Requirements • DevSecOps Maturity Model (DSOMM) @abhaybhargav