|Zachary Jones, Sr. Mgr. Static Code Analysis

Zach Jones is a former golf professional who started his software development career with a Houston area startup photo-lab developing websites, workflow systems, and back office integrations. After three years as an all-purpose developer, he joined WhiteHat Security’s Threat Research Center where he learned the ropes of application security testing using both WhiteHat’s proprietary scanning technology and conducting manual assessments of customer websites. In late 2012, Zach joined WhiteHat’s research and development team to begin the operationalization of WhiteHat’s SAST offering, Sentinel Source. Since that time, he has been working with organizations of all sizes to integrate static code analysis into their security programs and software development processes.
SAST in the SDLC: Building a plan for “going left”
With the popularization of new development philosophies and methodologies such as Agile, CI/CD, and DevOps, organizations are hearing the call to integrate security testing into their development process, known commonly as “going left”. Unfortunately, hearing the call is not enough, many organizations struggle to develop an actionable plan for achieving success in this difficult and technically challenging goal. This presentation will discuss the challenges and best practices gleaned over four plus years of helping organizations both large and small integrate software security testing into their development process. It will cover, in detail, the three general concerns that an organization may want to address within their application security program, how those concerns affect the overall picture, and how they affect the deployment plan.
Schedule of Events