Security Automation in DevOps
Technical capability: INTERMEDIATE
Integrating security into DevOps is possible without sacrificing flexibility or agility. This is a strategic approach that will extend the culture change again, and it needs buy-in and advocating from your IT leaders to be implemented successfully.
As DevOps is becoming more entrenched globally, it is imperative to have simple but effective means to implement and maintain security on an ongoing basis. This presentation will deliver advanced techniques and discuss the need to secure the entire DevOps stack.
Items covered in this presentation are:
• Integrating security within DevOps
• Understanding the DevOps layers and the full stack security approach.
• The critical importance of continuous monitoring.
• Minimising third party library exposure – the supply chain problem.
• Multiple opportunities to address defects – shifting left.
• Security Scanning across the Service Delivery Lifecycle.
• Static & Dynamic Analysis integrated with Build and Integration processes.
• Network Layer Vulnerability Management across Dev, Test and Production.
This presentation will provide tangible techniques to improve the security of agile development practices that can be rapidly adopted for quick wins, and longer term strategic solutions for end-to-end security.
Speaker: Michael McKinnon - Sense of Security
What is DevOps?
DevOps is a term used to refer to a set of practices that emphasizes the collaboration and communication of both software developers and Information Technology Infrastructure professionals. It aims at establishing a culture and environment where building, testing, and releasing software can happen rapidly, frequently, and more reliably.
AISA members: Please sign in to register for this event
Non AISA members: If you are a non AISA member please email firstname.lastname@example.org to attend this event.
Many thanks to our sponsors
AISA also thanks Enterprize Co-Working Space for providing the venue for this meeting