Thank you for joining us at our 20th Anniversary Event! All sessions were recorded and will be posted in the coming weeks on the OWASP YouTube channel.

We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, to gain access to the session links.

Back To Schedule
Friday, September 24 • 5:00pm - 5:30pm
Achieving Security by Shifting Left in Agile

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
We owe it to ourselves to ingrain the application security in the software development life cycle (SDLC) to prevent breeches and loss of lives. Agile software development is prevalent in our industry. The backbone of the agile practice is a backlog of stories grouped as an epic which is subsequently implemented as a set of features and stories. A holistic approach to build a secure web application is to include security related personas (actors) and develop stories (use cases) with respect to these personas. A typical set of security persona is a hacker, a security engineer representing the functional security requirements, industry compliance such as PCI, local and federal Government standards as well as any international mandates like GDPR. Once identified, these stories are prioritized in the order of threat using the STRIDE method. They are then developed like any other stories (functional and UX) and validated at different stages using standard practices such as code review, static and dynamic code analysis and penetration testing. By enabling this approach, we are truly shifting the security left in the software development and raising the level of confidence.
Using a web application under development this paper will illustrate how to create application security stories related to the personas, develop acceptance criteria, establish test cases, identify different types of testing at various stages in the SDLC, and create and execute a test plan. It will also discuss the processes and the tools to achieve a high confidence secure application. The audience will learn:
1. How to create a set of stories for security-related personas
2. Build acceptance criteria, security controls, test cases including negative testing, and a test plan
3. Use of tools at different stages of life cycle and how to use the results from these tools to make testing even more efficient
4. Creating an overall more secure web application

avatar for BHUSHAN B GUPTA


Principal Consultant, Gupta Consulting LLC.
Bhushan Gupta, Principal consultant at Gupta Consulting LLC.Bhushan Gupta is passionate about development methods and tools that yield more secure web applications especially in the agile software development environment. He has keen interest in understanding and applying fundamental... Read More →

Friday September 24, 2021 5:00pm - 5:30pm EDT