This Lane Ends: Shifting Security Left

During the Agile revolution, the wider software development community discovered the benefits of shifting testing left. The primary benefits included reduced schedule risk, higher team confidence and reduced development costs. Additionally, developers have gotten better at writing functional code and fewer things are found late in the cycle. What if we tried the same with security? Would we see the same benefits? Absolutely! Let’s talk about how to make shift happen in your SDLC. Digital transformations cannot be undertaken without understanding and dealing with the security of your applications.

Security testing has been a late comer to the shift left phenomenon for three main reasons. First, cooperation and trust between security and development was nonexistent. Second, the technology was too slow and clunky to have a positive impact with developers. Third, security testing tools have been riddled with a high FP rate that made them more of a distraction than they were worth. Recent advancements in the security testing industry have made the tools much more useful and accessible to development teams. Now is the time to bring them into your SDLC as early as possible and reap the rewards.

While the tooling makes it possible, much of the content will be about the human factors. The relationships between security and development will be front and center. I will tear down the wall of fear between them and show the path forward. There is work to do on both sides. We must all play our part.

What you will learn: 1. Why shift didn’t happen historically 2. How to make shift happen 3. The benefits you will see as a team



Peter Chestna

Pete Chestna has more than 25 years of experience developing software and leading development teams, and has been granted three patents. Pete has been developing web applications since 1996, including ...