More than just pipelines: DevSecOps

Presented at Diana Initiative 2020 Virtual, Aug. 21, 2020, 1 p.m. (60 minutes).

Although DevSecOps is currently a favourite industry buzzword many of us have limited knowledge on how to “do” it. Most vendors are selling mini versions of their tools meant to squish into your already crowded pipeline and calling it a day. This talk will define DevSecOps then discuss several strategies (high level ideas) and tactics (hands on keyboard) for fast and effective application security practices in a DevOps environment, all of which will take place OUTSIDE your pipeline. When AppSec professionals operate in a DevOps environment they need to respect ‘the 3 ways’ (efficiency of the entire system, fast feedback and continuous learning), while ensuring they consistently release secure software. The current trend in this area is to add mini or partial versions of traditional security tools into your pipeline, breaking builds and/or slowing developers down immensely. For a change of perspective, this talk will detail how to implement a complete application security program without heavy reliance on pipelines.

Presenters:

  • Tanya Janca - We Hack Purple
    Tanya Janca, also known as SheHacksPurple, is the author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and weekly podcast that revolves around creating secure software. Tanya has been coding and working in IT for over twenty years, won numerous awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, CEO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives Founder: We Hack Purple (Academy, Community and Podcast), WoSEC International (Women of Security), OWASP DevSlop, OWASP Victoria, #CyberMentoringMonday

Links:

Similar Presentations: