Using IAST to Unlock the Benefits of DevSecOps • Jeff Williams • YOW! 2022
This presentation was recorded at YOW! 2022. #GOTOcon #YOW
Jeff Williams - CTO & Co-founder at Contrast Security @ContrastSecurity
RESOURCES
ABSTRACT
The complexity of modern applications and APIs makes them extremely difficult to test for security vulnerabilities. Traditional tools like static (SAST) and dynamic (DAST) scanners are complex to run and produce far too many false positive and false negative results. This inevitably leads to siloed appsec testing teams, bottlenecks, long feedback loops, and large security backlogs.
Fortunately, there’s a way out of this trap. Using interactive application security testing (IAST), we can get inside the running application and directly measure security. Anyone who can use a browser can find complex, critical vulnerabilities without scanning, without security expertise, and without changing anything about their development process. IAST runs in real time and merges highly accurate security testing into all your normal QA activity. In this talk, you’ll learn how IAST works and how it can unlock the benefits of DevSecOps.
Jeff will share data showing how large real-world companies have transformed their application security programs, eliminated their security backlog, slashed their mean time to remediate vulnerabilities, and cut their new vulnerability rate. And more importantly, they’ve merged their quality and security testing infrastructures and aligned the interests of the development and security teams. These organizations are getting secure code moving and delivering value to customers at high velocity. [...]
TIMECODES
00:00 Intro
02:04 Public expectations don’t match reality
05:04 DevSecOps will fix everything
08:37 Instrumentation changes everything
12:10 Example: Detecting SQL injection
13:45 IAST
17:42 Runtime vulnerability snapshots
19:09 Runtime library analysis
21:07 Runtime route coverage
23:13 Runtime architecture diagrams
24:50 Deploying IAST at scale
25:55 DevSecOps - Getting secure code moving
29:33 Metrics that matter
32:53 Outro
Download slides and read the full abstract here:
RECOMMENDED BOOKS
Liz Rice • Container Security •
Liz Rice • Kubernetes Security •
Aaron Parecki • OAuth 2.0 Simplified •
Aaron Parecki • OAuth 2.0 Servers •
Aaron Parecki • The Little Book of OAuth 2.0 RFCs •
Erdal Ozkaya • Cybersecurity: The Beginner’s Guide •
Richer & Sanso • OAuth 2 in Action •
#DevSecOps #IAST #Security #ContrastSecurity #JeffWilliams #SAST #DAST #appsec
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at
Sign up for updates and specials at
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
1 view
0
0
5 days ago 00:20:33 1
Movie “Wicked” Sign of the End Time
3 weeks ago 00:04:19 1
The Fox | Historical Documentary Constructor
3 weeks ago 00:50:22 1
🔴#DJRIDNAS - Prime Time #193 #AFROHOUSE #МУЗЫКАОНЛАЙН2024 #НОВИНКИМУЗЫКИ2024
4 weeks ago 00:03:13 2
Benson Boone - Beautiful Things (Official Music Video)
1 month ago 00:05:43 1
Just boiling water with flour. Simple and delicious you can make this everyday. No yeast No oven
1 month ago 00:10:47 1
Why A Record Number of CEOs Are “Resigning“
1 month ago 00:10:45 1
Iran Strikes Back At The US Over Israel Attack!
1 month ago 00:03:21 1
ROAD TO KIEV - Russian Army At War | ASENSSIA, BLVCK CVRNVGE - НОЧЬ
1 month ago 00:02:52 20
[FREE] УННВ x Рыночные Отношения x Kunteynir Old School 90s Type Beat - ()
1 month ago 00:44:02 1
Basstardos / The Black Room Sessions - Full Concert - LIVE
1 month ago 00:22:02 15
Ozzy’s Hall of Fame Induction Will Leave You SPEECHLESS feat. Wolfgang Van Halen
1 month ago 00:00:58 1
📣Вы не можете судить Живых Людей! Господь заступится за нас!!☦️
1 month ago 00:00:55 1
🎙️🔴 Уникальная запись с судебного заседания!!! Перед ЛЖЕСУДЬЯМИ не встаю!
1 month ago 00:00:48 1
Бог предупреждает заранее!
1 month ago 00:35:38 1
Hot Tent Camping In A Snowstorm
1 month ago 00:39:37 1
Zourabichvili & BORIS want Georgia Maidan. Orban in Tbilisi. US NEWS, Russia No. 1 Military
1 month ago 00:00:59 1
Мы Чада Бога Живаго!!!
1 month ago 00:03:33 1
Xena & Gabrielle - Love Exists
1 month ago 00:00:55 1
Господь всех соберёт как на Успение Божией Матери.
1 month ago 00:01:00 1
📢 Судят Живого! Ульяновский БЕСПРИДЕЛ‼️
1 month ago 00:00:42 1
Факт захвата антихристом официальных церквей!!
1 month ago 00:00:58 1
Живых, так называемые судьи, не имею права судить! Но..., только если ты заявишь 📣 себя Живым!
1 month ago 00:00:58 1
‼️👑Как?? Все ждут Царя на Святой Триединой Руси, а он уже Венчан на Царство?!