Fadzayi Moyo
Team Lead & Senior Application Security Consultant @ CyberCX, Podcast co-host @ WestCoast Cyber
Actions
Fadzayi is a Team Lead and Senior Application Security Consultant and Penetration Tester at CyberCX in Perth Australia. She is also a co-host of the WestCoast Cyber podcast. She comes from a software engineering background in which she specialised in FinTech for close to a decade, assisting financial institutions to build user experience-driven software. In 2018, Fadzayi Founded DIV:A Initiative, a non-profit initiative dedicated to empowering young girls between the ages of 8 and 18 years from South Africa's disadvantaged communities with coding skills, in order to address the industry’s gender imbalance.
Links
Kilo-Vulnerabilities: From Panic to Patching
Third-party dependencies play a significant role in the development process. They provide ready-made solutions while saving valuable time and resources, enabling developers to focus on the application's bespoke functionality.
While upgrading dependencies is often seen as a no-brainer and is usually recommended as a 'silver bullet' solution to mitigate against threats such as supply-chain attacks, what happens when 1000 vulnerabilities are identified on that initial SAST scan, sending panic across the dev and security teams? It is essential to recognise that blindly embracing every update may not always be the best course of action. In the same breath, neglecting to upgrade third-party dependencies will, without a doubt, introduce risks, as outdated dependencies will most likely contain known vulnerabilities.
This session explores processes development teams can follow to prioritise, triage, and remediate identified security issues.
The "A" in AppSec stands for Agile
The apparent cultural divide between application security engineers and developers has sparked great debate around the controversial topic of whether embedding security is a potential blocker to the software development lifecycle.
In this session, we explore the beauty of integrating agile methodologies with application security to effectively reduce the amount of software released with known vulnerabilities. Both these concepts initially require more of a cultural shift within any organisation before implementing processes and technology, understanding that security engineers are enablers and not blockers aiming to bake security into the SDLC process without affecting deployments negatively.
Most importantly, the goal is to effect each change and embed security in each of the SDLC phases in small bite chunks, making sure each step is well crafted, customised and perfected before moving on to the next step after all the whole process is a jungle gym and not a vertical ladder.
Fadzayi Moyo
Team Lead & Senior Application Security Consultant @ CyberCX, Podcast co-host @ WestCoast Cyber
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top