SecAppDev 2020 Lecture Details
A practical view of security toolchains in DevSecOps
Wednesday March 11, 16:00 - 17:30
You wanted to know about DevSecOps Pipelines, but didnt know whom to ask? This anecdotal, demo-filled talk delves into DevSecOps with strategies for tool orchestration, vulnerability management and more. Best yet, you can do all this for $0
Several organizations are seeing the need to embed security into their Software Development Lifecycle. This has largely been necessitated by Agile and DevOps transformation projects within engineering teams. However, there are several challenges with DevSecOps implementations in the real-world.
This talk will explore different types of DevSecOps toolchains. The talk is based on real-world projects, from which we will identify patterns that work. Throughout the talk, we use demos to demonstrate pipelines and tool orchestration possibilities (including parameterized DAST and IAST).
Different DevSecOps pipelines, other than typical Jenkins variant(s), DAST tool integration and security regressions, vulnerability management
DevOps pros, Application Security Pros, Cloud (Security) Pros, Pentesters
A basic knowledge of devops, application security vulnerabilities and vulnerability assessment techniques.
Abhay Bhargav is the Founder of we45, a focused Application Security Company. He is the Chief Architect of “Orchestron"", a leading Application Vulnerability Correlation and Orchestration Framework. Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA 2019, SHACK and so on.
Related devops security sessions
The hitchhikers guide to secrets for cloud environments
Lecture by Abhay Bhargav
From API Keys to encryption keys, the number of secrets an average app requires is increasing. The talk will focus on secrets management for Kubernetes, AWS and Azure environments with some gotchas and implementation nuances
DevOps Security Friday March 13, 11:00 - 12:30
Lessons from the Node.js ecosystem bug bounty
Lecture by Marcin Hoppe
DevOps Security Friday March 13, 14:00 - 15:30