Edwin Kwan
Head of Application Security and Advisory
Sydney, Australia
Actions
Edwin Kwan is a DevSecOps advocate and strong believer in having a developer focused approach towards embedding security into the software development life cycle. Trained as a software engineer, he transitioned into security 9 years ago and now heads up the application security and security advisory teams at an Australian financial services company.
Area of Expertise
Topics
Keeping track of Open Source Dependencies
Your applications are mostly made up of open source components and you need to have a way to keep track of them. This talk will cover how we can use Nexus Lifecycle to create our company's Bill of Materials.
It's Not Your Developers' Fault
The number of security incidents and data breaches are increasing. It feels like not a week goes by without hearing of another breach or compromise. Are we getting worse at doing security? In this talk I'll provide my opinion on this, from an application security perspective, by taking a look at how software development has changed over the years. As we move towards Cloud Native workloads, staying secure is harder; and it's not always your developers' fault.
Your Application is Mostly Written by Strangers
The software development and application security testing landscapes have changed significantly over the years. However, application security has not quite kept up and doing security is still an onerous and frustrating process; and security is still slowing development down.
I'll be sharing a different approach to doing application security, where we're shifting security further left and focusing on the application's supply chain.
Getting Started with Security Vulnerability Service Level Objectivies
So you've created security policies in lifecycle, but do you set it to fail the build or just warn? If you fail the build then security would be seen as slowing the development team. If you just warn, then security might be something that gets ignored.
With Security Vulnerabilitiy Service Level Objectives (SLOs), you do both. First warn when the vulnerability is discovered, then fail the build should the SLO be broken.
In this presentation, I'll show you an approach to doing this in Nexus lifecycle.
Keeping up with Security: An automated, self service approach
Over 85% of a modern application is built from open source components.. Not all of those open source components are created equal and there are security issues in open source components being discovered regularly.
Staying on top of those security issues is hard, especially when you are moving fast with DevSecOps.
This talk will cover our approach to making security an enabler, rather than a bottleneck. We created some tools around Nexus Lifecycle to allow security self-serve and automated time-based waivers.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top