{"id":2037631,"date":"2024-11-26T10:24:43","date_gmt":"2024-11-26T15:24:43","guid":{"rendered":"http:\/\/securityboulevard.com\/?guid=7493c6691b1c90a2154843b3ec4a208a"},"modified":"2024-11-26T10:24:43","modified_gmt":"2024-11-26T15:24:43","slug":"the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore","status":"publish","type":"post","link":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/","title":{"rendered":"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&#8217;t Mean Anything Anymore"},"content":{"rendered":"<blockquote><p>&quot;A bunch of marketing teams for various vendors, got a hold of this [idea of shift left] and they changed its meaning to: if you buy my product, you&apos;ve shifted left and security is done&quot; &#8211; <strong>Tanya Janca, Founder  of WeHackPurple, and Head of Education and Community at Semgrep<\/strong><\/p><\/blockquote>\n<p><img decoding=\"async\" src=\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg\" alt=\"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&apos;t Mean Anything Anymore\"><\/p>\n<p>What happened to this revered idea of shifting left? What was once the principle of implementing security earlier in the SLDC has now become, as Tanya Janca explores, a mere marketing tactic to sell products. From her talk in Track 1 of this month&apos;s The Elephant In AppSec Conference, Tanya dives into what happened to shift left, what does it actually mean, and how can you actually adopt and optimize this idea in your company?<\/p>\n<p>If you&apos;re looking for the answers to these questions, this blog article will take you through the key highlights from her talk, which you can watch in full <a href=\"https:\/\/www.theelephantinappsec.com\/?ref=escape.tech#register-section\" rel=\"noreferrer\">here<\/a>.<\/p>\n<div class=\"kg-card kg-callout-card kg-callout-card-blue\">\n<div class=\"kg-callout-emoji\">&#x1F4A1;<\/div>\n<div class=\"kg-callout-text\"><a href=\"https:\/\/escape.tech\/blog\/tag\/shift-left\/\" rel=\"noreferrer\">What is shift left? Learn more through these blog posts.<\/a><\/div>\n<\/div>\n<p><!--kg-card-begin: html--><\/p>\n<div class=\"toc\"><\/div>\n<style>\n.toc:before {\n  content: \"The Elephant in AppSec Talk Highlight: Shifting Left Doesn't Mean Anything Anymore\";\n  display: block;\n  margin-bottom: 20px;\n  font-size: larger;\n  font-weight: bold;\n  border-bottom: 1px dashed #dadada;\n  padding-bottom: 10px;\n}\n.toc {\n  padding: 30px;\n  border: 1px solid #dadada;\n  border-radius: 5px;\n  background-color: #fafafa;\n}\na.toc-link {\n  font-size: 80%;\n  text-decoration: none;\n}\nli.toc-list-item {\n    margin-top: 0;\n}\n.toc-list .is-collapsible {\n  margin-left: 15px;\n  color: #666;\n}\n<\/style>\n<p><!--kg-card-end: html--><\/p>\n<h2 id=\"what-shifting-left-is-not\">What shifting left is not<\/h2>\n<figure class=\"kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Screenshot-2024-11-26-at-16.10.57-min.png\" class=\"kg-image\" alt=\"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&apos;t Mean Anything Anymore\" loading=\"lazy\" width=\"2000\" height=\"951\" srcset=\"https:\/\/escape.tech\/blog\/content\/images\/size\/w600\/2024\/11\/Screenshot-2024-11-26-at-16.10.57-min.png 600w, https:\/\/escape.tech\/blog\/content\/images\/size\/w1000\/2024\/11\/Screenshot-2024-11-26-at-16.10.57-min.png 1000w, https:\/\/escape.tech\/blog\/content\/images\/size\/w1600\/2024\/11\/Screenshot-2024-11-26-at-16.10.57-min.png 1600w, https:\/\/escape.tech\/blog\/content\/images\/size\/w2400\/2024\/11\/Screenshot-2024-11-26-at-16.10.57-min.png 2400w\" sizes=\"auto, (min-width: 720px) 720px\"><figcaption><span style=\"white-space: pre-wrap;\">Tanya&apos;s &apos;Resting AppSec Face&apos; in response to bad AppSec practices<\/span><\/figcaption><\/figure>\n<p>The concept of &quot;shift left&quot; emerged from the need to involve security teams at the beginning of the development process. Traditionally, security was an afterthought, often leading to last-minute panic before a product&apos;s release. By shifting security considerations to the left of the SDLC timeline, organizations can proactively manage risks and reduce vulnerabilities.<\/p>\n<p>However, Tanya highlights how marketing incentives can be &quot;perverse&quot; to security ones, with the goal of grabbing attention and using &quot;fear, uncertainty, and doubt&quot; to convince you that all buying a certain product equates to shifting left. <\/p>\n<p>This is just one of the ways Tanya highlights the idea of shifting left has been warped. Here are two other things shifting left <strong>is not:<\/strong><\/p>\n<p><strong>Making devs do all the work:<\/strong> Shift left is definitely not the idea that developers can handle everything themselves. By shifting left you don&apos;t eliminate the need to provide developers with training, support, guidance, or oversight. <\/p>\n<p><strong>Only doing security in pipelines: <\/strong>Security cannot just be restricted to the Continuous Integration (CI) part of the pipeline. While tools that help you threat model are very useful and can help you start security even earlier, they cannot be all that you use so security only stays in the pipeline.<\/p>\n<h2 id=\"security-must-be-a-constant-consideration\">Security must be a constant consideration<\/h2>\n<figure class=\"kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Screenshot-2024-11-26-at-16.16.49-min.png\" class=\"kg-image\" alt=\"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&apos;t Mean Anything Anymore\" loading=\"lazy\" width=\"2000\" height=\"942\" srcset=\"https:\/\/escape.tech\/blog\/content\/images\/size\/w600\/2024\/11\/Screenshot-2024-11-26-at-16.16.49-min.png 600w, https:\/\/escape.tech\/blog\/content\/images\/size\/w1000\/2024\/11\/Screenshot-2024-11-26-at-16.16.49-min.png 1000w, https:\/\/escape.tech\/blog\/content\/images\/size\/w1600\/2024\/11\/Screenshot-2024-11-26-at-16.16.49-min.png 1600w, https:\/\/escape.tech\/blog\/content\/images\/size\/w2400\/2024\/11\/Screenshot-2024-11-26-at-16.16.49-min.png 2400w\" sizes=\"auto, (min-width: 720px) 720px\"><figcaption><span style=\"white-space: pre-wrap;\">The job of security engineers is ultimately reducing organizational risk<\/span><\/figcaption><\/figure>\n<p>These oversimplifications undermine the comprehensive nature of true security integration, which involves continuous engagement throughout the development process.<\/p>\n<p>Authentic &quot;shift left&quot; practices involve embedding security from the project&apos;s inception and maintaining it through to decommissioning. <\/p>\n<blockquote><p>&quot;Reducing organizational risk is our number one priority [as security teams], everything else is bonus. Everything else is gravy.&quot; &#8211; <strong>Tanya Janca<\/strong><\/p><\/blockquote>\n<p>This means security professionals should be present at project kickoff meetings, ensuring that security requirements are made clear from the very beginning, and integrated into every phase of development. You don&apos;t want to just fix bugs; you want to prevent them in the first place. <\/p>\n<p>Tanya discusses how she sees a <strong>big hole in operational security for software<\/strong> and it <strong>needs to included even after the release<\/strong>. But how do you do this?<\/p>\n<h3 id=\"you-have-to-work-with-developers\">You have to work with developers<\/h3>\n<blockquote><p>It does not matter if you buy the world&apos;s most perfect tool, if you have no processes to support it, if you don&apos;t show anyone how to use it, and you don&apos;t deploy it properly. &#8211; <strong>Tanya Janca<\/strong><\/p><\/blockquote>\n<p>Tools have to work <em>with <\/em>developers and their processes. So, these security tools must integrate with developers&apos; own tools. If they make developers&apos; lives harder, they just won&apos;t be used and that is a lose-lose for everyone. This also means security, wherever possible, must do more than just deploy the tools. You have to support developers, teach them how to effectively use the tools, and help socialize them to <strong>create a culture of security<\/strong> within the enterprise. <\/p>\n<p>Therefore, you have to deploy tools that developers approve, and Tanya recognizes that this does create more work up-front, but she emphasizes that it will result in much less work in the long run because these tools will then be effectively used and implemented by development teams, spreading your security throughout the SLDC just as you need. <\/p>\n<figure class=\"kg-card kg-image-card kg-card-hascaption\"><img decoding=\"async\" src=\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Screenshot-2024-11-26-at-16.13.55-min.png\" class=\"kg-image\" alt=\"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&apos;t Mean Anything Anymore\" loading=\"lazy\" width=\"2000\" height=\"950\" srcset=\"https:\/\/escape.tech\/blog\/content\/images\/size\/w600\/2024\/11\/Screenshot-2024-11-26-at-16.13.55-min.png 600w, https:\/\/escape.tech\/blog\/content\/images\/size\/w1000\/2024\/11\/Screenshot-2024-11-26-at-16.13.55-min.png 1000w, https:\/\/escape.tech\/blog\/content\/images\/size\/w1600\/2024\/11\/Screenshot-2024-11-26-at-16.13.55-min.png 1600w, https:\/\/escape.tech\/blog\/content\/images\/size\/w2400\/2024\/11\/Screenshot-2024-11-26-at-16.13.55-min.png 2400w\" sizes=\"auto, (min-width: 720px) 720px\"><figcaption><span style=\"white-space: pre-wrap;\">You have to use tools your developers will get behind<\/span><\/figcaption><\/figure>\n<h3 id=\"select-program-goals-and-measure-against-them\">Select program goals and measure against them<\/h3>\n<p>You need to have quantifiable goals. Tanya underlines the need to select a framework or create your own; you can equally choose the parts of a framework like OWASP that you like and that mold to your organization. The key here is to select goals for your program, and these goals should be measurable so that you can track progress and ensure that security efforts are impactful. <\/p>\n<p>Therefore, to effectively reduce organizational risk, security programs must be data-driven and goal-oriented. This can equally contribute to the culture of security and awareness and shared responsibility when the company is united under achieving these shared goals.<\/p>\n<div class=\"kg-card kg-callout-card kg-callout-card-blue\">\n<div class=\"kg-callout-emoji\">&#x1F4A1;<\/div>\n<div class=\"kg-callout-text\"><a href=\"https:\/\/escape.tech\/blog\/the-elephant-in-appsec-conference-4-key-takeaways\/\" rel=\"noreferrer\">Find out how to create this culture from our conference key takeaways<\/a><\/div>\n<\/div>\n<h3 id=\"beyond-shift-left-a-holistic-approach\">Beyond Shift Left: A Holistic Approach<\/h3>\n<p>While shifting left is crucial, it is not sufficient on its own. Security must be pervasive, extending beyond the development phase to include operational security and maintenance. This comprehensive approach ensures that applications remain secure throughout their lifecycle, not just at launch.<\/p>\n<h2 id=\"conclusion\">Conclusion<\/h2>\n<p>Although the concept of shift left may be getting lost in all the noise, Tanya&apos;s talk shows us how we can still draw valuable lessons about the importance of involving and implementing security right from the very beginning of every project. Crucially, security practices then have to be maintained throughout the entire SDLC, from conception to decommissioning. <\/p>\n<p>This requires a cultural shift within organizations, moving away from viewing security as a checkbox to seeing it as an integral part of the development process. By fostering collaboration with developers and setting measurable goals, organizations can achieve a more secure and resilient software environment, filling this hole we see in operational security. <\/p>\n<p>Want to find out more on how to do this in detail?<\/p>\n<div class=\"kg-card kg-button-card kg-align-center\"><a href=\"https:\/\/www.theelephantinappsec.com\/?ref=escape.tech\" class=\"kg-btn kg-btn-accent\">Watch the recordings<\/a><\/div>\n<hr>\n<p><strong>&#x1F4A1; Want to discover more?<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/www.youtube.com\/channel\/UCu2vcMyF-dFjQV-4x63PPZw?ref=escape.tech\" rel=\"noreferrer\">Discover the Elephant in AppSec Podcast on YouTube, Spotify, and Apple Podcasts<\/a><\/li>\n<li><a href=\"https:\/\/escape.tech\/blog\/the-elephant-in-appsec-talks-highlight-reinventing-api-security\/\" rel=\"noreferrer\">The Elephant in AppSec Talks Highlight: Reinventing API Security<\/a><\/li>\n<li><a href=\"https:\/\/escape.tech\/blog\/the-elephant-in-appsec-conference-talk-highlight-ai-in-appsec-why-we-need-to-prioritize-security\/\" rel=\"noreferrer\">The Elephant in AppSec Panel Highlight: Why scaling AppSec is harder than you think<\/a><\/li>\n<li><a href=\"https:\/\/escape.tech\/blog\/fortune-1000-at-risk-30k-exposed-apis-100k-vulnerabilities\/\" rel=\"noreferrer\">Fortune 1000 at risk: how we discovered 100k API vulnerabilities in the world&apos;s largest organizations<\/a><\/li>\n<\/ul>\n\n<p class=\"syndicated-attribution\">*** This is a Security Bloggers Network syndicated blog from <a href=\"https:\/\/escape.tech\/blog\/\">Escape - The API Security Blog<\/a> authored by <a href=\"https:\/\/securityboulevard.com\/author\/0\/\" title=\"Read other posts by Sanjana Iyer\">Sanjana Iyer<\/a>. Read the original post at: <a href=\"https:\/\/escape.tech\/blog\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/\">https:\/\/escape.tech\/blog\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/<\/a> <\/p>","protected":false},"excerpt":{"rendered":"<p>Discover key highlights from Tanya Janca&#8217;s talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle.<\/p>\n","protected":false},"author":22086,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[590,5],"tags":[13397,47481,99932],"class_list":["post-2037631","post","type-post","status-publish","format-standard","hentry","category-application-security","category-sbn","tag-application-security","tag-shift-left","tag-the-elephant-in-appsec"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.9 (Yoast SEO v23.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Elephant in AppSec Talks Highlight: Shifting Left Doesn&#039;t Mean Anything Anymore - Security Boulevard<\/title>\n<meta name=\"description\" content=\"Discover key highlights from Tanya Janca&#039;s talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&#039;t Mean Anything Anymore\" \/>\n<meta property=\"og:description\" content=\"Discover key highlights from Tanya Janca&#039;s talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Boulevard\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/groups\/24445075146\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-26T15:24:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg\" \/>\n<meta name=\"author\" content=\"Sanjana Iyer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@securityblvd\" \/>\n<meta name=\"twitter:site\" content=\"@securityblvd\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/\",\"url\":\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/\",\"name\":\"The Elephant in AppSec Talks Highlight: Shifting Left Doesn't Mean Anything Anymore - Security Boulevard\",\"isPartOf\":{\"@id\":\"https:\/\/securityboulevard.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg\",\"datePublished\":\"2024-11-26T15:24:43+00:00\",\"dateModified\":\"2024-11-26T15:24:43+00:00\",\"author\":{\"@id\":\"https:\/\/securityboulevard.com\/#\/schema\/person\/e366fd94b7296539e61ce988e595fde0\"},\"description\":\"Discover key highlights from Tanya Janca's talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle.\",\"breadcrumb\":{\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#primaryimage\",\"url\":\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg\",\"contentUrl\":\"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityboulevard.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/securityboulevard.com\/category\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Application Security\",\"item\":\"https:\/\/securityboulevard.com\/category\/blogs\/application-security\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&#8217;t Mean Anything Anymore\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityboulevard.com\/#website\",\"url\":\"https:\/\/securityboulevard.com\/\",\"name\":\"Security Boulevard\",\"description\":\"The Home of the Security Bloggers Network\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityboulevard.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityboulevard.com\/#\/schema\/person\/e366fd94b7296539e61ce988e595fde0\",\"name\":\"Sanjana Iyer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityboulevard.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/870fc0b2052cb7d52571d03b84190a52?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/870fc0b2052cb7d52571d03b84190a52?s=96&d=mm&r=g\",\"caption\":\"Sanjana Iyer\"},\"sameAs\":[\"https:\/\/escape.tech\/blog\/\"],\"url\":\"https:\/\/securityboulevard.com\/author\/sanjana-iyer\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The Elephant in AppSec Talks Highlight: Shifting Left Doesn't Mean Anything Anymore - Security Boulevard","description":"Discover key highlights from Tanya Janca's talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/","og_locale":"en_US","og_type":"article","og_title":"The Elephant in AppSec Talks Highlight: Shifting Left Doesn't Mean Anything Anymore","og_description":"Discover key highlights from Tanya Janca's talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle.","og_url":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/","og_site_name":"Security Boulevard","article_publisher":"https:\/\/www.facebook.com\/groups\/24445075146\/","article_published_time":"2024-11-26T15:24:43+00:00","og_image":[{"url":"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg"}],"author":"Sanjana Iyer","twitter_card":"summary_large_image","twitter_creator":"@securityblvd","twitter_site":"@securityblvd","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/","url":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/","name":"The Elephant in AppSec Talks Highlight: Shifting Left Doesn't Mean Anything Anymore - Security Boulevard","isPartOf":{"@id":"https:\/\/securityboulevard.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#primaryimage"},"image":{"@id":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#primaryimage"},"thumbnailUrl":"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg","datePublished":"2024-11-26T15:24:43+00:00","dateModified":"2024-11-26T15:24:43+00:00","author":{"@id":"https:\/\/securityboulevard.com\/#\/schema\/person\/e366fd94b7296539e61ce988e595fde0"},"description":"Discover key highlights from Tanya Janca's talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle.","breadcrumb":{"@id":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#primaryimage","url":"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg","contentUrl":"https:\/\/escape.tech\/blog\/content\/images\/2024\/11\/Templates---BLOG--3---1-.svg"},{"@type":"BreadcrumbList","@id":"https:\/\/securityboulevard.com\/2024\/11\/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityboulevard.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/securityboulevard.com\/category\/blogs\/"},{"@type":"ListItem","position":3,"name":"Application Security","item":"https:\/\/securityboulevard.com\/category\/blogs\/application-security\/"},{"@type":"ListItem","position":4,"name":"The Elephant in AppSec Talks Highlight: Shifting Left Doesn&#8217;t Mean Anything Anymore"}]},{"@type":"WebSite","@id":"https:\/\/securityboulevard.com\/#website","url":"https:\/\/securityboulevard.com\/","name":"Security Boulevard","description":"The Home of the Security Bloggers Network","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityboulevard.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/securityboulevard.com\/#\/schema\/person\/e366fd94b7296539e61ce988e595fde0","name":"Sanjana Iyer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityboulevard.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/870fc0b2052cb7d52571d03b84190a52?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/870fc0b2052cb7d52571d03b84190a52?s=96&d=mm&r=g","caption":"Sanjana Iyer"},"sameAs":["https:\/\/escape.tech\/blog\/"],"url":"https:\/\/securityboulevard.com\/author\/sanjana-iyer\/"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p91vu9-8y51","_links":{"self":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts\/2037631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/users\/22086"}],"replies":[{"embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/comments?post=2037631"}],"version-history":[{"count":1,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts\/2037631\/revisions"}],"predecessor-version":[{"id":2037632,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/posts\/2037631\/revisions\/2037632"}],"wp:attachment":[{"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/media?parent=2037631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/categories?post=2037631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityboulevard.com\/wp-json\/wp\/v2\/tags?post=2037631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}