OWASP Developer Day 2024

In today's fast-paced software development environments, the feedback loop between code creation, security validation, and issue remediation is often cumbersome and inefficient. Developers face the challenge of addressing security vulnerabilities identified during automated Static Application Security Testing (SAST) scans, only to see lower-severity issues relegated to the dreaded backlog. This backlog, a repository of technical debt, grows unchecked as management prioritizes feature development over security maintenance.




When developers do venture into the backlog, they encounter a time-consuming process of reacquainting themselves with the context of the code of each SAST finding, hindering productivity. However, there's a solution: automated source code remediation. By seamlessly integrating automated fixes into the developer workflow, this approach not only addresses security vulnerabilities but also closes the feedback loop from Pull Request creation to SAST finding resolution.




In this talk, we'll demonstrate the influence of developers' context switching on the security of their organization, and on the whole security industry. We'll also introduce some easy and revolutionary ideas on how to cope with this challenge, to dramatically improve security and productivity.