File:Fortify-bjenkins-AppSecStrategy-20070906.pdf

Over the past decade, the Department of Defense in general, and the US Air Force in particular, has transformed itself to better deal with 21st century warfare. The Air Force in fact has modified its stated mission to include cyberspace as one of the domains in which it will “fly and fight.” This type of shift in strategic thinking is critical for any organization to properly acknowledge and manage real-world threats against one of its most valuable assets: data.

Despite modernized mission statements and mindsets, organizations continue to have difficulty implementing a course of action for dealing with the threats against software systems serving up their data. It is easy to talk about buying and implementing software security tools for developers, QA testers and post-deployment operators; however, schedules and budgets quickly go bust without consideration of the common obstacles.

This presentation describes an application security strategy for large enterprise systems—what to look out for, and what you must do to ensure the successful rollout of the tools and services necessary to counter the dark side of cyberspace.