AppSec - The missing link
Achieving the “Shift Left” transformation is the goal of many organizations when it comes to application security. To do so, important amounts of efforts and money are spent to include security activities in the CI/CD pipeline. Such activities are often considered as both the starting point and the target of the shift left transformation. In fact, security activities in the CI/CD are just a portion of an organization journey to achieve the shift left. Indeed Secure Software Development Practices (SSDLC) as well are an important portion of that journey but there are other key aspects which are less often considered.
In this talk we will present prerequisites, dependencies and outcomes of security activities integration in CI/CD organizations faces during their shift left journey. We will focus on the importance of development and security practices outside of the normal scope of SSDLC. In other words, what should be considered aside pure AppSec practices in the road to success of the shift left journey.