Security Tooling in Your DevOps Pipeline

30-minute Talk

Manual security assessments have become a bottleneck or have been ignored and left for the end of the SDLC. New ideas are needed to integrate security assessments into agile development practices.

Virtual Pass session

Timetable

4:30 p.m. – 5:10 p.m. Thursday 12th

Audience

Testers, developers and managers who are part of a DevOps or Agile team.

Key-Learnings

  • Where in the pipeline and when security assessments are prescribed
  • Open-source and commercial tools that can help perform these assessments
  • How these testing and automation efforts can greatly help your compliance efforts

In this quest to be first to market, DevOps has been a strategy of choice to improve agility in development teams. As these teams push code to production faster and faster, slow and manual security assessments need to be replaced with new ways for application security assessments. We’ll learn about dealing with security considerations with demos of tools and integrations in action.

During this talk, we will explore how we can use tooling and automation to include security early on and throughout a continuous integration/continuous delivery (CI/CD) pipeline. Scanning the platform for vulnerabilities and the code for 3rd-party components with known vulnerabilities, using static code analysis and performing dynamic security testing are some of the strategies we will use to ensure that security can catch up and keep up with the speed of DevOps.

Related Sessions

Wed, Nov 11 • 2:25 p.m. – 5:25 p.m.

Combo-Session: 30-minute Talk & 150-minute Workshop

Virtual Pass session
Wed, Nov 11 • 9:10 a.m. – 10:00 a.m.

45-minute Keynote

Tue, Nov 10 • 4:40 p.m. – 5:20 p.m.

30-minute Talk

Thu, Nov 12 • 1:45 p.m. – 2:25 p.m.

30-minute Talk