This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Front Range OWASP Conference 2013/Presentations/SaaS"
Mark Major (talk | contribs) (Created page with "===Using SaaS and the Cloud to Secure the SDLC=== This session will cover Software as a Service (SaaS) offerings and how they can be effectively utilized in web security deve...") |
Jess Garrett (talk | contribs) |
||
| Line 11: | Line 11: | ||
* Use of automation and integration with development infrastructure to ease developer adoption of on-premise/cloud appsec implementations | * Use of automation and integration with development infrastructure to ease developer adoption of on-premise/cloud appsec implementations | ||
* How organizations can use SaaS to get started with application security and mature into a robust software security assurance program featuring on-premise and cloud deployments. | * How organizations can use SaaS to get started with application security and mature into a robust software security assurance program featuring on-premise and cloud deployments. | ||
| + | |||
| + | [[Media:Earle.pptx | Slides]] | ||
| + | [https://vimeo.com/68111315 Video] | ||
| + | <br> | ||
Latest revision as of 17:49, 11 June 2013
Using SaaS and the Cloud to Secure the SDLC
This session will cover Software as a Service (SaaS) offerings and how they can be effectively utilized in web security development efforts. Over the last few years, cloud services (i.e. SaaS) have been increasingly used as both a starting point for application security efforts and as a full outsourcing of the appsec program. However, by the very nature of cloud outsourcing and delivery, it is difficult to evolve this approach into a mature secure development lifecycle. Developer involvement is a necessity, and the solution has been to bring vulnerability assessment technologies in house. But recently, organizations have started to deploy a mixture of on-premise and cloud appsec solutions as an alternative to the all or nothing paradigm of on-premise or SaaS.
Topics covered include:
- Overview of vulnerability assessment using SaaS
- Overview of on-premise vulnerability scanning in the SDLC
- Challenges of on-premise and SaaS implementations
- Private cloud variations of on-premise and SaaS offerings
- Hybrid on-premise/cloud implementations in the SDLC
- Use of automation and integration with development infrastructure to ease developer adoption of on-premise/cloud appsec implementations
- How organizations can use SaaS to get started with application security and mature into a robust software security assurance program featuring on-premise and cloud deployments.
