Salman Khwaja
Salman, Khwaja. Implementing App Sec in Agile Teams.
Karachi, Pakistan
Actions
Salman, Khwaja has served professionally for over 10 years in Pakistani IT Industry as a Technical Content Writer / Author, Quality Assurance professional, Information Systems Auditor / Process Consultant and is now serving as a Manager Application Security in TPS Pakistan Pvt. Limited.
He has been implementing (SecDevOps) Security Automation in Financial Industry and has been the instrumental in providing
- Consultations in Application Security
- Vulnerability Assessments
- Systems Hardening
- Automation of VA / PT / Systems Hardening
- providing Technical Security Training
He is also leading the PA-DSS Assessments of TPS Products and providing the training for Secure Software Framework.
He can be reached on the following networks.
Twitter: https://twitter.com/SalmaanKhwaja
Linkedin: https://www.linkedin.com/in/salmaankhwaja/
Blog: http://salmankhwaja.wordpress.com/
Links
Area of Expertise
Topics
Story of ZAP Implementation in Pakistani Fintech
Ever since, we started our online journey of Application Security, we were thinking of which tool to try, which tool to implement in our Application Security Vulnerability Assessments. We tried many tools, which were available in the market for our scanning needs, authentication needs, and ultimately for our Security Automation needs. We tried many off the shelf marketed tools, but nobody, nobody comes as close to OWASP ZAP. Coupled with the option of doing premilimany scan whenever, an application is handed over to us, or complete Security Automation implementation.
We have now implemented OWASP ZAP into our CI CD Pipeline and our implementation team is now using OWASP ZAP as Security Automation tool. This session would be this story.
Story of Implementation of SecDevOps in Fin Tech Organization and beyond
In Financial industry, there is less importance given to Application Security, and more on compliance issues, until a Bank was hacked recently in Pakistan.
After that hack, all the Security Personnel, Information Security Assessment Companies were choked with their limited resources.
We decided, there couldn't be a better opportunity to Implement, and then market DevSecOps in our company, and in outer market.
We implemented the fundamentals of Application Security, starting from
- basics of Application Security Scanning (SAST / DAST)
- moved up to systems hardening
- then ultimately taken PA-DSS audits head on
We then started implementation of Automation every manual work we did in our Security efforts and we were quite successful.
Once we did that, we started marketing the things we automated in our technology community.
This talk would be that story.
ZAPCon Sessionize Event
2020 All Day DevOps Sessionize Event
Salman Khwaja
Salman, Khwaja. Implementing App Sec in Agile Teams.
Karachi, Pakistan
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top