AppSecEU08 Security framework is not in the code

The speech will focus on how a Security management framework effects the life-cycle of a web application and how to put developers and functional analysts in control of a security risk management framework. In the first part there will be a quick overview of what a Security management framework is, best practice on how to deal with it and the role played in the architectural design phase, the development phase, the test phase and the enhancement phase. The second part is more about tools and behaviours that could lead to a set of data that can be evaluated to fulfill a security risk management in web application development. The objective is to demonstrate that security management can be plugged in in both classical and agile development life-cycle in a unintrusive manner.