Have you ever caught your development team in the situation when the very first app release is coming, but it lacks security completely? In my talk, I will raise the problem of postponing security-related tasks in favor of development speed. Building a secure application is “a tradeoff game” – the security level should be enough for the product and company’s business goals. Luckily, the security industry has standards, best practices and guidelines. And creativity will help us leverage feature development and security. The audience will learn how secure coding is different from secure architecture, why security can't be a single person's responsibility, and how the team can work together on making more secure software. Secure architecture is about the process: it is not enough to build a system you consider safe; you need to maintain it and periodically reevaluate risks and threats. I'll also raise the topic of incorporating SSDLC during the active development stage, suggesting the first steps for small projects and companies with no dedicated security experts.
Julia is a Security Software Engineer at Cossack Labs, building convenient and affordable data security and encryption solutions. With background experience in mobile application development, she helps customers to choose and implement security controls for their products. Julia is passionate about local tech communities. She is a Security Lead at Women Who Code Kyiv and a Leader of the OWASP Zhytomyr Chapter.