Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, June 30 • 17:05 - 17:50
Using JIRA to manage Risks and Security Champions activities

Sign up or log in to save this to your schedule and see who's attending!

Some of the challenges of an effective Application Security programme are: 

a) how to capture and process security bugs/flaws discovered (manually, security reviews, attacks, SAST/DAST tools, etc..) 
b) manage developer's security activities 
c) create networks of Security Champions 
d) assign application security risks to relevant business/products owner 
f) capture application security knowledge 

Over the past year, Dinis has been leading a number of Application Security teams in the UK and this presentation will provide detailed and technical information on how JIRA was used to create 'Application Security' workflows, management reports and all of the challenges described above. 

One of the key concepts of the proposed JIRA workflow is an 'official Accept Risk' action, which changes the dynamic of the Security teams from "...NO you can't do that..." to "...If you do that there are these risks which you have to accept..." and "...here are the risks that your application has, now chose which ones you want to fix or accept"

Speakers
avatar for Dinis Cruz

Dinis Cruz

AppSec, OWASP
Dinis Cruz is a Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. After many years (and multiple roles) Dinis is still very active at OWASP, currently leading the O2 Platform project and helping out other projects and initiatives. After failing to scale his own security... Read More →


Thursday June 30, 2016 17:05 - 17:50
Room B (Tiziano Ballroom Sec. 1)

Attendees (33)