AppSec Europe 2016 has ended
Back To Schedule
Thursday, June 30 • 17:05 - 17:50
Using JIRA to manage Risks and Security Champions activities

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Some of the challenges of an effective Application Security programme are: 

a) how to capture and process security bugs/flaws discovered (manually, security reviews, attacks, SAST/DAST tools, etc..) 
b) manage developer's security activities 
c) create networks of Security Champions 
d) assign application security risks to relevant business/products owner 
f) capture application security knowledge 

Over the past year, Dinis has been leading a number of Application Security teams in the UK and this presentation will provide detailed and technical information on how JIRA was used to create 'Application Security' workflows, management reports and all of the challenges described above. 

One of the key concepts of the proposed JIRA workflow is an 'official Accept Risk' action, which changes the dynamic of the Security teams from "...NO you can't do that..." to "...If you do that there are these risks which you have to accept..." and "...here are the risks that your application has, now chose which ones you want to fix or accept"

avatar for Dinis Cruz

Dinis Cruz

Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis... Read More →

Thursday June 30, 2016 17:05 - 17:50 CEST
Room B (Tiziano Ballroom Sec. 1)