Jakub Kałużny

SecuRing.biz | Poland

BIO: Jakub is a security consultant at SecuRing focusing on DevSecOps and testing high-risk applications. Previously pentesting in Australia and Europe, working at European Space Agency and protecting instant wire transfers intermediary.

TALK: “Hey, wait for us. We can be agile too.” – [security folks]”‘>

Session level: beginner

I will introduce ideas of how to integrate security into an existing DevOps pipeline.
We will talk about:

    • designing abuser stories for each user story – getting rid of whole classes of security vulnerabilities with a bit of help from developers and testers
    • including some security scenarios in the functional tests plan
    • automating some security tasks with simple tools.

The presentation is based on real case studies of companies and their DevSecOps teams we have worked with.

Takeaways

      • The earlier you consider security, the cheaper it is. Shifting security left is inevitable.
      • Security can be agile. Applications can be secure. But it takes time and some adjustments in the processes.
      • Integration of security into SDLC, CI/CD and Agile processes is possible.