This talk is an introduction to shift up paradigm. Think of it as an extension of shift left, but a culture that only strives in production. Shift up enables an organization to identify remediate, insecure code and address any security gaps within infrastructural stack in a seal-healing and iterative manner. To achieve this end state, an organization needs to perform defensive dynamic security testing and test configuration as well as system failures against A/B units. These exercises helps validate effectiveness of production's layered protection, which is responsible to protect application code and most importantly customer's data.
Last, but not least, building capabilities to identify external-facing assets in continuous manner and monitor it through out its existence. Enabling an organization with a feedback loop between AST tools (SAST, DAST, IAST, MAST) and layered defenses in production. Further arming them with a protective shield against ever-evolving attacks and ultimately gaining IT utopia!
Swapnil Deshmukh, Senior Director, Visa