Thursday
Room 4
09:00 - 10:00
(UTC+01)
Talk (60 min)
Tune your Toolbox for Velocity and Value
You bought the application security tools, but now what? Many organizations find themselves drowning in “possible vulnerabilities”, struggling to streamline their processes and not sure how to measure their progress.
If you are involved in using automated scanners, such as SAST, DAST or SCA tools, in your organization, these may be familiar feelings to you.
In this talk, I will give you ideas on how to streamline your implementation and automation to focus on what matters most. We’ll also discuss what to consider when designing the manual processes and tasks around the automation so that you get more value in less time.
You will leave with a much better understanding of these security tools as well as ideas for improving processes and adding value that you can take and apply at your own organizations.
Josh Grossman
Josh has worked as a consultant in IT/Application Security and Risk for 15 years now as well as a Software Developer. In that time he has seen the good, the bad and the stuff which is sadly/luckily still covered by an NDA. He is currently Chief Technology Officer for Bounce Security where he spends his time helping organisations improve and get better value from their Application Security processes and providing specialist Application Security advice. In his spare time he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board.