SecAppDev 2020 Lecture Details

A practical view of security toolchains in DevSecOps

Abhay Bhargav
Wednesday March 11, 16:00 - 17:30
Short description

You wanted to know about DevSecOps Pipelines, but didnt know whom to ask? This anecdotal, demo-filled talk delves into DevSecOps with strategies for tool orchestration, vulnerability management and more. Best yet, you can do all this for $0

Abstract

Several organizations are seeing the need to embed security into their Software Development Lifecycle. This has largely been necessitated by Agile and DevOps transformation projects within engineering teams. However, there are several challenges with DevSecOps implementations in the real-world.

This talk will explore different types of DevSecOps toolchains. The talk is based on real-world projects, from which we will identify patterns that work. Throughout the talk, we use demos to demonstrate pipelines and tool orchestration possibilities (including parameterized DAST and IAST).

Key takeaway

Different DevSecOps pipelines, other than typical Jenkins variant(s), DAST tool integration and security regressions, vulnerability management

Content level

Deep-dive

Target audience

DevOps pros, Application Security Pros, Cloud (Security) Pros, Pentesters

Prerequisites

A basic knowledge of devops, application security vulnerabilities and vulnerability assessment techniques.


Abhay Bhargav

Abhay Bhargav

CEO, we45

Abhay Bhargav is the Founder of we45, a focused Application Security Company. He is the Chief Architect of ÔÇťOrchestron"", a leading Application Vulnerability Correlation and Orchestration Framework. Abhay is a speaker and trainer at major industry events including DEF CON, BlackHat, OWASP AppSecUSA, EU and AppSecCali. His trainings have been sold-out events at conferences like AppSecUSA, EU, AppSecDay Melbourne, CodeBlue (Japan), BlackHat USA 2019, SHACK and so on.

Full speaker profile


Related devops security sessions

Trust Management in SCONE

Lecture by Christof Fetzer

This session presents SCONE, a platform that uses Trusted Execution Environments (TEEs) to enable the delegation of operations to an untrusted provider while guaranteeing data confidentiality.

DevOps Security Friday March 13, 14:00 - 15:30

The hitchhikers guide to secrets for cloud environments

Lecture by Abhay Bhargav

From API Keys to encryption keys, the number of secrets an average app requires is increasing. The talk will focus on secrets management for Kubernetes, AWS and Azure environments with some gotchas and implementation nuances

DevOps Security Friday March 13, 11:00 - 12:30

Lessons from the Node.js ecosystem bug bounty

Lecture by Marcin Hoppe

The Node.js ecosystem bug bounty program allows us to dive deep into the most prevalent JavaScript vulnerabilities, take a look at the state of open source security research, and learn about responsible disclosure at scale.

DevOps Security Friday March 13, 14:00 - 15:30