SecuRing.biz | Poland
BIO: Jakub is a security consultant at SecuRing focusing on DevSecOps and testing high-risk applications. Previously pentesting in Australia and Europe, working at European Space Agency and protecting instant wire transfers intermediary.
TALK: “Hey, wait for us. We can be agile too.” – [security folks]”‘>
Session level: beginner
I will introduce ideas of how to integrate security into an existing DevOps pipeline.
We will talk about:
- designing abuser stories for each user story – getting rid of whole classes of security vulnerabilities with a bit of help from developers and testers
- including some security scenarios in the functional tests plan
- automating some security tasks with simple tools.
The presentation is based on real case studies of companies and their DevSecOps teams we have worked with.
- The earlier you consider security, the cheaper it is. Shifting security left is inevitable.
- Security can be agile. Applications can be secure. But it takes time and some adjustments in the processes.
- Integration of security into SDLC, CI/CD and Agile processes is possible.