Presented at
Black Hat USA 2014,
Aug. 7, 2014, 2:15 p.m.
(60 minutes).
In the Age of Agile Development and continuous integration gaining massive popularity, where does security fit in? Most security testing happens in production driven by audit requirements. This does not fit well with teams who are pushing code faster and faster constantly changing the applications being tested. This roundtable will discuss the state of basic continuous delivery pipelines and how we can make sure security does not become an afterthought. Using a number of battle tested methodologies and open source tools, we will discuss how to be mean to our code before it ever sees the light of day in production. This discussion will allow us to find a way to adapt to the ways of DevOps but also foster a development lifecycle that creates software that is secure, reliable, and resilient.
Presenters:
-
Matt Johansen
- WhiteHat Security, Inc.
Matt Johansen is a Sr. Manager for the Threat Research Center at WhiteHat Security where he manages a team of Application Security Specialists, Engineers and Supervisors to prevent website security attacks and protect companies' and their customers' data. Before this he was an Application Security Engineer where he oversaw the continuous assessment of more than 35,000 web applications that WhiteHat has under contract for many Fortune 500 companies across a range of technologies. He was previously a security consultant, where he was responsible for performing network and web application penetration tests. Mr. Johansen has also been an instructor of Web Application Security at Adelphi University, where he received his Bachelor of Science in Computer Science, and San Jose State University. He has also been utilized by the SANS Institute as an industry expert for certification review. List of past talks including videos/slides - http://mattjay.github.io/talks/ (BlackHat, DEFCON, SXSW, RSA, Many BSides, etc.)
Links:
Similar Presentations: