Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure by Design - Across the Stack

Abhay Bhargav
September 20, 2024
0
130

Secure by Design - Across the Stack

Presented by Abhay Bhargav, Founder of AppSecEngineer and we45, this insightful talk delves into the future of software security through Secure by Design principles. Discover how to apply the Pareto Principle to strategically secure every layer of your tech stack—from application to deployment. Abhay, with over 15 years of expertise in AppSec automation and DevSecOps, will guide you through practical, scalable approaches that empower engineering teams to take ownership of security. Whether tackling source code, builds, or supply chains, this talk provides actionable strategies to drive security across distributed applications with speed and precision.

Abhay Bhargav

September 20, 2024
Tweet

More Decks by Abhay Bhargav

See All by Abhay Bhargav
Policy-as-Code: Across the Stack - OWASP AppSec DC 2023 | Abhay Bhargav
abhaybhargav
0
600
Flaming Hot SLSA!
abhaybhargav
1
610
SecAppDev - Fantastic API Security Vulnerabilities and where to find them
abhaybhargav
1
100
SecAppDev 2022 - Everything as code
abhaybhargav
0
120
Hook, Line and Sinker - Pillaging API Webhooks
abhaybhargav
0
780
DevSecOops - Stories of DevSecOps Failures and Success
abhaybhargav
0
1.6k
Practical DevSecOps Pipelines
abhaybhargav
1
340
A Hitchhikers Guide to Secrets Management in the Cloud - OWASP Seattle
abhaybhargav
0
290
Agile Threat Modeling-as-Code
abhaybhargav
2
720

Featured

See All Featured
How to Ace a Technical Interview
jacobian
275
23k
Become a Pro
speakerdeck
PRO
24
4.9k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
2
310
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
167
49k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.7k
GraphQLの誤解/rethinking-graphql
sonatard
65
9.9k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
4
120
Teambox: Starting and Learning
jrom
132
8.7k
Building Applications with DynamoDB
mza
90
6k
Design by the Numbers
sachag
278
19k
Building Your Own Lightsaber
phodgson
102
6k

Transcript

  1. The complete Product Security Training Suite appsecengineer.com Secure by Design:

    Across the Stack

  2. About Me • Founder at AppSecEngineer and we45 • Built

    the world’s first DevSecOps Practice and Training - Lead train at Black Hat, OWASP, etc. • AppSec Automation Expert with over 15 years of experience • Built the world’s first Threat Modeling as Code Project • Author of multiple books on AppSec @abhaybhargav

  3. Agenda • What is “Secure by Design”? • Why do

    it? • Pareto Principle - “Secure by Design” across the stack • Conclusions @abhaybhargav

  4. What is “Secure by Design”? @abhaybhargav

  5. Why? Source: Krebs on Security Source: CyberArk

  6. Why do this? • Secure by Design is essential. It

    seems to be making its way into Software-originating Liability • Secure by Design is the way to achieve a higher level of collaboration and ownership from Engineering teams • Secure by Design - Only way to secure distributed apps with scale and speed @abhaybhargav

  7. The “Stack” @abhaybhargav

  8. What we want • Activities that give us asymmetric returns

    - Pareto Principle • Tactical and Implementable • Works across the stack • Complementary @abhaybhargav

  9. Application - Secure by design Pareto @abhaybhargav

  10. Source and Build - SBD Pareto

  11. Supply-Chain SBD - Pareto @abhaybhargav

  12. Deployment - SBD - Pareto

  13. Thank you References: • CISA Secure by Design • CISA

    Secure by Design Pledge • SLSA - Supply-Chain Security Requirements • DevSecOps Maturity Model (DSOMM) @abhaybhargav