Are you currently running at AppSec program? AppSec programs fall into a odd middle ground; highly technical interactions with the dev and ops teams yet a practical business focus is required as you go up the org chart. How can you keep your far too small team efficient while making sure you meet the needs of the business all while making sure you’re catching vulnerabilities as early and often as possible?
The AppSec team and the business created an AppSec Pipeline to handle the work flow. The pipeline starts with “Bag of Holding”, an open source web application which helps automate and streamline the activities of your AppSec team. At the end of the pipeline is ThreadFix to manage all the findings from all the sources. Finally we incorporated a chatbot to tie all the information into one place.
5. Standardization of products and
processes.
A Big Mac is a Big Mac wherever you
purchase it in the U.S., and this emphasis
on reliable and highly standardized product
offerings, as well as uniform production
processes, is something fast-food
companies have perfected.
Source: ValueStreamGuru.com
6. A production process approach
Different work cells within an individual
restaurant combine to make the finished
product, allowing for maximum efficiency in
each work unit.
Source: ValueStreamGuru.com
7. A flexible and multi-skilled
workforce
Each employee specializing within a role but
also being trained to step into other areas
whenever needed.
Source: ValueStreamGuru.com
8. Lean production
Maximizes the use of a facility's space. Fast-
food kitchens are rarely large, but their
output is tremendous, meaning they get the
most from the limited space available.
Source: ValueStreamGuru.com
16. What does BoH do?
• Manages our Application Security Program
• Application Repository
• Engagement Tracking
• Report Repository
• Comments on any application, engagement or activity
• Data Classification and PII data
• Time taken on secure software activities
• Historical knowledge of past assessments
• Credential repository
• Environment details
46. Photo Credits
• Chicago street photography - The One That Got Away
https://goo.gl/I6FLgl
• Silos
https://goo.gl/3g9M38
• Kid
https://goo.gl/NlwmBW
• Hipster
https://goo.gl/52VUyV
46
Editor's Notes
AppSec tools tend to be their own silo
Instead of send around curl commands or distributing runtimes deploy it to your chatops server!