Using secure coding practices is essential to building security into the SDLC from the beginning. But far too often, a project is bogged down when the team delays security testing until as late as possible as dictated by policy and are surprised by hundreds of high-severity findings from SAST or DAST. Suddenly the team has several months’ more work and a missed deadline when they expected to go to production in a few weeks.
About Nathan Larson
Nathan Larson has led static analysis teams at two major financial institutions, pen-tested internet-connected industrial devices at Honeywell, performed code review at Boeing, and taught security and programming at UWRF and the University of St. Thomas. He has a master’s in software engineering, a bachelor’s in computer science, and a few security certifications, all of which show a proficiency in reading textbooks and passing exams. He wrote insecure code in several industries for two decades before catching the AppSec bug, from which he hasn’t recovered for about 10 years. He enjoys astronomy, cribbage, and finding silly mistakes in production code.