How many times you heard people stating "its best practice"? How many times you successfully implemented ALL best practices for a large scale of products? This presentation takes you out of the comfort zone of the best practices and guides you through the day-to-day challenges to secure 100 products - while considering the procedural and technological challenges - such as working with diverse software architectures, multiple development languages/platforms, variety of development lifecycles, injecting security into continuous integration/delivery etc.
This presentation introduces solid approaches to cope with these challenges by scaling out the application security team's capabilities, putting the right security tools in place, and following newly introduced thumb rules to build a successful application security program. As result of this talk, you will be armed with the practical execution approach for securing a massive scale of products.
Nir Valtman heads the application security of the software solutions for NCR Corporation. Before the acquisition of Retalix by NCR, Nir lead the security of the R&D; in the company. As part of his previous positions, he was working in several application security, penetration testing and systems infrastructure security positions. Nir is a frequent speaker at leading conferences around the world, including Black Hat, Defcon, RSA, BSides, OWASP etc. Nir has a Bachelor of Science in Computer Science but his knowledge is mainly based on cowboy learning and information sharing with the techno- oriented communities, such as blogging and releasing open source tools (including AntiDef, Cloudefigo and SAPIA).