This session will focus on the security testing requirements which have been derived from the NIST 800-64 Standard. It will also tie in requirements from the OWASP Testing Guide v4 and Industry Best Practices. Through each of the phases of the SDLC, the control gates, entry and exit criteria, as well as the short and long term goals for implementing a mature security testing process as part of the SDLC will be included. The purpose is to provide an overall security testing process an organization can implement that focuses on conducting security testing through the SDLC. This trend has been surfacing over the past few years and is also referred to as embedding security testing into the SDLC or also known as the “Shift Left” approach.
About Felicia Nicastro
Felicia is an Operations Manager at SQS, responsible for the Security Testing practice globally. Felicia has been focusing on Information Security since 1998. Before SQS, she worked for 13 years at BT, holding various roles, and was lastly the US Practice Director for BT’s security practice. She has experience managing and delivering revenue within a business unit, driving and achieving sales through new and existing customer relationships, and implementing standards for driving efficiency and quality for all activities. Felicia is also a published author, having written two books on Security Patch Management, as well as a number of whitepapers and contributing to other books in the information security field. She also holds numerous certifications such as CISSP, and CISA.