Sprint #3: Embracing laziness

Welcome back to the third sprint of OneHourAppSec.

Have you ever looked at your workload for a sprint and thought “I wish I had more to do” or perhaps completed a boring, repetitive job and thought “Yay! Let’s do that again”. 

I thought not.

While security is full of boring repetitive tasks (sorry), many of these can be achieved with some clever use of automation. Thankfully, as engineers, we were built for this!

This sprint, we will take a look at some of the repetitive, boring parts of keeping your applications secure and then show you ways to do less work.

Our goals for sprint three:

  • Explore the jobs to be done in application security, how frequently they need to be done and what’s involved.
  • To find ways to automate common, appsec jobs and make our lives easier

In a world where we are always too busy, this sprint we dedicate to doing less. Huzzah 👏


📽️ [VIDEO] Introducing Sprint 3 (5 minutes)

Welcome to sprint three, where engineering yourself out of a job is definitely encouraged.

📽️ [VIDEO] Introduction to AppSec jobs to be done (5 minutes)

You may have gathered by now that there is a lot to cover in appsec and that means a lot of work to be done. In this video we take a look at what jobs need to be done and the difference between scheduled and triggered activities.

📑 Build an AppSec Calendar and Automation Plan (40 minutes)

Want to get lots done and build automations to help you? Let’s make a plan. With this template you can take a look at all the appsec jobs to be done and help plan what you will automate and when.

📽️ [VIDEO] Preparing for Automation - Building your foundations (5 minutes)

Before we build a robot army, lets set up some foundations that will make co-ordinating our new appsec workforce a lot easier.

📽️ [VIDEO] Solving common challenges with security automations (5 minutes)

Building automations is easy for engineers right? So how could it go wrong and how can we make sure our automations don’t make our security worse?

Share the Post:


More Posts

Sprint #7: Getting on with an SBOM

This sprint, we’re going to build an artifact to support the work we did in sprints five and six. In the last two sprints, we looked at how we choose technologies to integrate into our software. In this sprint, we will learn about a common way to communicate this list of technologies – the SBOM (or Software Bill of Materials). Increasingly required for regulation, compliance, and even to sell to larger organizations, your SBOM may end up being more important than you realize.

Sprint #6: Looking after your libraries

This sprint we look at what happens to those libraries once we have them in place and what we need to do from a security perspective to keep them and us safe.

Understanding why 3rd party components can pose a risk to our software supply chain

Examining a 3rd party library from a security perspective and learning what to look for.

Putting a lightweight process in for accepting new components into your stack.

Start your free trial today

Sign up for a 14-day trial of our team plan and invite your whole team. 

No credit card required.