OWASP Global AppSec US 2021 has ended
Back To Schedule
Friday, November 12 • 1:00pm - 2:00pm
Scaling Security through Context Based Security Assessments

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Most product security teams in hyper-growth organizations struggle with scaling both security assessments, and providing relevant, timely feedback at scale. Integrating scan tools into CI has been the most common pattern for scaling application security assessments. However there are massive productivity gains that could be achieved by simply streamlining processes and through workflow automation for security assessments. There are not a lot of tools that solve the scaling problem through workflow automation because processes and workflow are unique to each organization.

However there are common problems multiple product security teams face in a mid-large sized company: Wouldn’t it be amazing for both Product Security and engineering teams if there was a magical funnel that is able to receive information about all product changes being made in their organizations and automatically determine, based on product context the type of security assessment workflow it needs to go through? The goal of this talk is to demonstrate how we scale security assurance at Splunk by capturing the context of each product and creating custom assessment workflows based on security impact. Not only do we capture the context once, we retain and build on this context for future assessments so that engineering teams don’t have to provide the same information to security teams over and over again.

avatar for Sanjeev Reddy

Sanjeev Reddy

Product Security Tooling Engineer, Splunk
Sanjeev is a Product Security tooling engineer at Splunk by day and a hands-on hobbyist by night. Some of his favorite time sinks include sketching, clay sculpting, resin casting, mechanical keyboards, and running out of shelf space to store his growing collection of Legos. Prior... Read More →
avatar for Teja Myneedu

Teja Myneedu

Teja Myneedu is a tinkerer who loves learning about technology, science, and security. Current interests include: blockchains, DLT, and dad-jokes. Professionally Teja is the Senior Engineering Manager of Product Security at Splunk. Previously Teja was a Principal Engineer at Splunk... Read More →
avatar for Andrew Lien

Andrew Lien

Andrew Lien has over 5 years of software engineering experience within the realms of cyber security, big data analytics, data and developer infrastructure, and recently, tooling and automation. An avid hiker and eagle scout, Andrew spends many weekends checking out new hiking trails... Read More →

Friday November 12, 2021 1:00pm - 2:00pm PST