Date: Wednesday, February 20

Time: 1:00-2:00PM (EST)

As an industry, we have not figured out how to integrate security activities into software development as we have done for performance, reliability and functionality; and, we continue to struggle to identify the right skills and activities our development teams need to create secure code. Organizations are “investing” time and money to solve the problem, but continue to develop insecure software applications.

This webcast, delivered by a software quality professional and a respected industry analyst who researches security products, will discuss the shifts in mindset and approach that organizations must take to roll out an effective application security program - which includes the right mix of training, tools, best practices and assessment that yield the highest mitigation on investment.

Systemic issues of insecure software

• Failure to consider abuse case testing
• Focusing on vulnerabilities instead of threats, attacks, and risk
• Over-reliance on tools and testing
• Getting stuck in the “find & fix” pit of despair
• Organizational disconnects

Security Technologies:  what automation can and can't protect

• Integrated Development Environments (IDEs)
• Frameworks
• Dynamic, static, and fuzz testing tools
• Web Application Firewalls (WAFs)

Maturing your efforts

• Acquiring skills and adopting activities based on role, function, development/deployment platforms, etc.
• Making tools part of the SDLC… the right way
• Taking a risk-based approach to software development and deployment