The apparent cultural divide between application security engineers and developers has sparked great debate around the controversial topic of whether embedding security is a potential blocker to the software development lifecycle.

In this session, we explore the beauty of integrating agile methodologies with application security to effectively reduce the amount of software released with known vulnerabilities. Both these concepts initially require more of a cultural shift within any organisation before implementing processes and technology, understanding that security engineers are enablers and not blockers aiming to bake security into the SDLC process without affecting deployments negatively.

Most importantly, the goal is to effect each change and embed security in each of the SDLC phases in small bite chunks, making sure each step is well crafted, customised and perfected before moving on to the next step after all the whole process is a jungle gym and not a vertical ladder.