Presented by:

45667978e106a2e3aae5a7cf6e9c8148

Nadine Whitfield

from ThoughtWorks

Polyglot developer with an eye towards security, automation and quality.

No video of the event yet, sorry!

A Proof-of-concept project demonstrating automated security tests for developers (ie shifted left)

Topic: Security/InfoSec

Audience: Beginner to Intermediate

CI/CD has greatly reduced the time to market for releasing new software. Security and InfoSec are rapidly gaining importance and complexity, but unfortunately their supporting processes and tools have not benefited as much from automation and modernization as other processes and tools used by development teams.

Security testing is challenging or painful for most, so it often gets skipped or deferred until late in the development cycle. Most often, the security tests are executed by a team having a different mindset, bandwidth and cadence from the development team who wants to release the software.

These conditions often foment culture clashes, mistrust and dysfunction between different teams. Quality suffers, operations staff is stressed, deadlines missed and the customer does not get a fully tested product.

This should not be!

Security is everyone's responsibility; not just security or operations.

My short talk will focus on a prototype pipeline that demonstrates how to implement automation for basic security tests whenever developers change code. Said pipeline will be built using open source tools, one or more reference applications (SUTs) and be packaged in a way that makes it easy for attendees to replicate the results onsite in their own environments.

Attendees will come away with better understanding of - different types of security tests

  • what should be automated

  • what should not be automated

  • how security testing fits into the developer work flow as well as larger project

Any development team can become collaborators with their company's security and operations teams. This talk explores just one of many ways this could happen.

Date:
2019 November 15 - 16:45
Duration:
20 min
Room:
Room 1
Conference:
seagl2019
Language:
Track:
Security/Infosec
Difficulty:
Easy

Happening at the same time:

  1. 25+ Years of FreeBSD and Why You Should Get Involved!
  2. Start Time:
    2019 November 15 16:45

    Room:
    Room 2

  3. "Technical"ly Incorrect
  4. Start Time:
    2019 November 15 16:45

    Room:
    Room 4

  5. Controlling your model trains with your computer and free software
  6. Start Time:
    2019 November 15 16:45

    Room:
    Room 3