Bubble gum, wire, and duct tape hold together the hull of the modern application security rocket ship. Many things have changed in twenty years, but too many have stayed the same. The contemporary application has grown from a series of files stashed on a web server into a containerized, orchestrated, and expressed infrastructure-as-code. But has application security kept up with the rocket ship the modern application has become?

Application Security is old enough for a postmortem. It is time to consider what works, what does not, and how to put the broken pieces back in the box. As an industry, we’ve screwed up many times along the way, and it’s time to call out those failures and discuss how to move forward in a positive and actionable way. Take all this in through the eyes of an industry practitioner who is not afraid to speak the truth, identify successful and unsuccessful practices, and express strategies to fix the broken.

Without hope, there is no future. The AppSec future state explores what the rocket needs to address the challenges of the past – ten honest, future-looking approaches that will impact the industry and your application security programs.

Those who build applications and products need to hear this talk. Those that claim to lead the industry need to hear this talk. Those using security tools to support those applications must listen to this talk. Everyone needs to know where we’ve been to ensure we don’t end up in the same place in ten years.

The future is now, and the end is application security. So, grab onto the side of the rocket ship for a wild ride.

Learning Objectives:

• Analyze the evolution of application security over the past twenty years, noting the transition from basic web servers to complex containerized and orchestrated infrastructures, and evaluate if current security measures have evolved at a similar pace
• Assess the historical shortcomings and failures of application security practices, discuss their impact on the industry, and identify actionable strategies to address and rectify these issues
• Explore ten forward-looking approaches to application security that aim to prevent past mistakes and significantly improve security for modern applications, focusing on practical application and industry-wide impact