从代码到云：使用 AWS 构建应用安全计划.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.S E C 2 2 2From Code to Cloud:Building AppSec Programs with AWSDaniel BegimherSenior Security EngineerGlobal Services SecurityAWSPatrick GawPrincipal Security Engine

2、erGlobal Services SecurityAWS 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AgendaThe What and the Why of Application Security(AppSec)Principles of an AppSec programAppSec roadmap(Plan,Prepare,Execute,Scale)Session summary 2025,Amazon Web Services,Inc.or its affiliates.All right

3、s reserved.What is Application Security(AppSec)?AppSec is the set of people,practices and technologies designed to evaluate the security properties of applications during all phases of the software development lifecycle(SDLC).2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Why is

4、AppSec important?Increased VelocityAn effective AppSec program increases the speed of getting features in the hands of customers,while maintaining the security bar for the organizationReduced CostsAddressing issues earlier(shifting left)reduces the cost of delivery while reducing risk.Effective AppS

5、ec practices provide opportunity for improvements in how software is designed,developed,and operated;reducing administrative burden.Operational Efficiency 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Apply these key principles to your programAutomationMetricsTraining&communitie

6、sOrganizationClear Expectations 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Practical AppSec RoadmapPlanPrepareExecuteScaleIdentify and engage stakeholdersUnderstand high-level risksEstablish clear goals and me