Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Integrating security into an existing agile SDLC
Search
Laura Bell
September 12, 2014
Technology
0
150
Integrating security into an existing agile SDLC
Laura Bell
September 12, 2014
Tweet
Share
More Decks by Laura Bell
See All by Laura Bell
DIY security for the amateur superhero
ladynerd
0
260
Hackcon 11 - Protecting our people
ladynerd
0
240
Security in a container based world
ladynerd
0
150
Securing Microservice Architectures
ladynerd
2
360
Better Connected
ladynerd
0
71
Continuous Security
ladynerd
3
1.1k
Automated Human Vulnerability Scanning with AVA
ladynerd
3
2.7k
Blindsided by security
ladynerd
0
100
Practical tools for privacy audit
ladynerd
0
200
Other Decks in Technology
See All in Technology
Foundation Model × VisionKit で実現するローカル OCR
sansantech
PRO
0
300
解消したはずが…技術と人間のエラーが交錯する恐怖体験
lamaglama39
0
190
データモデリング通り #2オンライン勉強会 ~方法論の話をしよう~
datayokocho
0
100
Unson OS|48時間で「売れるか」を判定する AI 市場検証プラットフォーム
unson
0
170
Perlアプリケーションで トレースを実装するまでの 工夫と苦労話
masayoshi
1
410
2025-07-31: GitHub Copilot Agent mode at Vibe Coding Cafe (15min)
chomado
2
380
S3 Glacier のデータを Athena からクエリしようとしたらどうなるのか/try-to-query-s3-glacier-from-athena
emiki
0
180
【Λ(らむだ)】最近のアプデ情報 / RPALT20250729
lambda
0
230
【新卒研修資料】数理最適化 / Mathematical Optimization
brainpadpr
25
11k
【2025 Japan AWS Jr. Champions Ignition】点から線、線から面へ〜僕たちが起こすコラボレーション・ムーブメント〜
amixedcolor
1
120
AI によるドキュメント処理を加速するためのOCR 結果の永続化と再利用戦略
tomoaki25
0
400
リリース2ヶ月で収益化した話
kent_code3
1
190
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
45
7.6k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Agile that works and the tools we love
rasmusluckow
329
21k
How GitHub (no longer) Works
holman
314
140k
Building Adaptive Systems
keathley
43
2.7k
Fireside Chat
paigeccino
38
3.6k
Art, The Web, and Tiny UX
lynnandtonic
301
21k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
34
6k
Being A Developer After 40
akosma
90
590k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
YesSQL, Process and Tooling at Scale
rocio
173
14k
We Have a Design System, Now What?
morganepeng
53
7.7k
Transcript
ARC208
once upon a time design code stuff ideas test deploy
security was all about gates design code stuff idea test
deploy
and goodness do we love gates design code stuff idea
test deploy Initial Risk Assessment Design Review Code and Implementation Review Penetration Testing
same thing, just more frequently?
None
Why don’t you do security?
we can make you look good Proactive security engagement increases:
Preparedness Credibility Market awareness Strategic thinking
So what does agile security need to be 1. Able
to empower developers 2. Cost effective 3. Pragmatic and flexible 4. Easy to integrate with existing workflows 5. Scalable
common misconceptions
avoidance != management
too little to fail (at security)
the sky is not always falling* *except when it is
(then you should really do something about it)
agility increases risk
Ten steps to a better, stronger and more secure you
regardless of budget, organisation size or how cool you are
1. know your stack Languages Libraries Operating Systems Applications Third
Party Services
2. learn to add, adapt and abandon
3. create a simple risk taxonomy Critical High Medium Low
Informational False Positive
4. understand your security and technical debt it’s natural and
awesome but you can’t run from it forever
5. bring security into your requirements “engage security early and
often and be sure to have it included in your definition of done”
6. prepare for the worst Monitoring Analysis Understanding Response Feedback
7. build an empire one developer at a time
8. design your workflows “the best technical people I know
work really hard to make themselves redundant. “
fails
10. outsource smartly “if you are going to spend the
money, research your options, scope well and be demanding”
common challenges and how to conquer, obliterate or otherwise win
compliance is a priority “nothing is more fatal to a
new business than the fines for non-compliance”
maintain momentum “more secure today than yesterday”
use your words No Simple way to remove risk Must
be logically applied and justified Does not remove the original need or objective Yes Scary for security people Accepts risks and understands them Enables innovation Encourage safe usage
None
Ready to get started? …take a deep breath
None
None