A common refrain in the application security profession these days is to meet developers where they work by embedding security tools into the SDLC. But just how much effort does it take to do this? How confident can you be in recommending a course of action you have not tried? This talk details the path the speaker took in implementing and exercising free and open-source security tools, and will include a basic how-to as well as lessons learned so you can do the same (and yes, that means actual documentation). It will include what is sure to be an entertaining live demo.
Talk given at UMSA Secure360/Career360 (9-10 May 2023)