Agile + DevOps West 2022 Concurrent Session : Putting Application Security into Agile Development


Thursday, June 16, 2022 - 1:30pm to 2:30pm

Putting Application Security into Agile Development

Application Security is a critical part of software development that isn’t well represented in many agile projects. This talk will explain how to factor application security into short feedback cycles so that teams aren’t overwhelmed by application security issues or practices at any one time.

One of the challenges we have in using Application Security practices is where to start, how to get value. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious. What should you do If you aren’t involved with AppSec and still want to get started using AppSec practices? By adding steps to your daily practices and build a pipeline, you can iteratively add AppSec practices to your process and increase the security of your software. Join Tom as he lays out a plan for AppSec: where to start, how to achieve success, and build on it. We will also talk about what to do next, how you should introduce AppSec in your development process, and where AppSec should go in your build pipeline. Finally, we will discuss what can be accomplished with tools and what still needs to be done by a person. 


Tom Stiehm has been developing applications and managing software development teams for over twenty years. As CTO of Coveros, he is responsible for the oversight of all technical projects and integrating new technologies and testing practices into software development projects. Recently, Tom has been focusing on how to incorporate DevSecOps and agile best practices into projects and how to achieve a balance between team productivity and cost while mitigating project risks. One of the best risk mitigation techniques Tom has found is leveraging DevSecOps and agile testing practices into all aspects of projects. Previously, as a managing architect at Digital Focus, Thomas was involved in agile development and found that agile is the only methodology that makes the business reality of constant change central to the process.