Rebooting (secure) software development with continuous deployment

Presented at AppSec USA 2012, Oct. 25, 2012, 3 p.m. (45 minutes).

If we are ever going to get ahead of the whack-a-mole security vulnerability game, we, as security professionals need to start getting involved more in the development of software. Let's review the origins of the traditional software development, and what assumptions are made. Then we'll review if those assumptions still hold for modern web applications, and what problems they cause, especially for security. Continuous deployment helps address these problems and allows for faster, more secure development. It's more than just "pushing code a lot", when done correctly it can be transformative to the organization. We'll discuss what continuous deployment is, how to get started, and what components are needed to make it successful, and secure.


Presenters:

  • Nick Galbreath - Owner - Client9
    Nick Galbreath is Vice President of Engineering at IPONWEB, a world leader in the development of online advertising exchanges and media trading platforms. Prior to IPONWEB, his role was Director of Engineering at Etsy, overseeing groups handling security, fraud, security, authentication and other enterprise features. Prior to Etsy, Nick has held leadership positions in number of social and e-commerce companies, including Right Media, UPromise, Friendster, and Open Market. He is the author of "Cryptography for Internet and Database Applications" (Wiley). Previous speaking engagements have been at Black Hat, Def Con, DevOpsDays and OWASP events. He holds a master's degree in mathematics from Boston University and currently resides in Tokyo, Japan.

Links:

Similar Presentations: