Presented by:

45667978e106a2e3aae5a7cf6e9c8148

Nadine Whitfield

from ThoughtWorks

Polyglot developer with an eye towards security, automation and quality.

No video of the event yet, sorry!

I will be sharing my learnings about security testing applications sooner and more often. Let's start a movement!

Topic: Security/InfoSec

Audience: Beginner to Intermediate

CI/CD has greatly reduced the time to market for releasing new software. Security and InfoSec are rapidly gaining importance and complexity, but unfortunately their supporting processes and tools have not benefited as much from automation and modernization as other processes and tools used by development teams.

Security testing is challenging or painful for most, so it often gets skipped or deferred until late in the development cycle. Most often, the security tests are executed by a team having a different mindset, bandwidth and cadence from the development team who wants to release the software.

These conditions often foment culture clashes, mistrust and dysfunction between different teams. Quality suffers, operations staff is stressed, deadlines missed and the customer does not get a fully tested product.

This should not be!

Security is everyone's responsibility; not just security or operations.

My short talk will focus on a prototype pipeline that demonstrates how to implement automation for basic security tests whenever developers change code. Said pipeline will be built using open source tools, one or more reference applications (SUTs) and be packaged in a way that makes it easy for attendees to replicate the results onsite in their own environments.

Attendees will come away with better understanding of - different types of security tests

  • what should be automated

  • what should not be automated

  • how security testing fits into the developer work flow as well as larger project

Any development team can become collaborators with their company's security and operations teams. This talk explores just one of many ways this could happen.

Date:
2019 November 16 - 14:45
Duration:
50 min
Room:
TALKS 3179
Conference:
SeaGL 2019 - A Prime Year for Free Software
Language:
Track:
Security/Infosec
Difficulty:
Easy

Happening at the same time:

  1. Bicycles as a Metaphor for FLOSS
  2. Start Time:
    2019 November 16 14:45

    Room:
    TALKS 3180

  3. Debian Software Management
  4. Start Time:
    2019 November 16 14:45

    Room:
    TALKS 3178

  5. Chaos in the system
  6. Start Time:
    2019 November 16 14:45

    Room:
    TALKS 3183

  7. Contending With Our Culture of Discouragement
  8. Start Time:
    2019 November 16 15:15

    Room:
    TALKS 3180