In an Agile, fast-paced environment with frequent and multiple product releases, security code reviews & testing is usually considered to be a delaying factor that conflicts with success. presented at OWASPAppSecEU 2013

by Dave Wichers,

Summary : Is it possible to keep up with the high-end demands of continuous integration and deployment without abandoning security best practices?
When we started this journey, we were seeking for a way to reduce the friction, risk and cost driven from identifying vulnerabilities in Production. After a long way and with many lessons learned, we have successfully added an in-depth security coverage to more than 20 SCRUMS (up to 1 MLOC), and are happy to share our insights, tips and experience.
LivePerson is a provider of SaaS based technology for real-time interaction between customers and online businesses. Over 1.5 billion web-visitors are monitored by the platform on a monthly basis. The R&D includes hundreds of developers who have adopted Agile and Scrum-based methods, closely tied with our Secure Software Development Lifecycle.