Building a continuous secure delivery pipeline
In today’s fast paced software development world, we have seen teams facing difficulties keeping up with security requirements. Regular security breach in news highlights how a simple security miss can result into big financial and reputation loss.
To solve this problem, we tried to integrate security as an agile engineering practice, similar to pairing or TDD at ThoughtWorks.
In this talk we will speak about challenges teams face to include security as a practice. We will share some of the lessons learned, tools and techniques to help teams build a continuous delivery pipeline which has security at its core. We will also talk about how a continuously evolving threat model helps team to bake security in the product instead of bloating on in later.
- Mindset required to have security at the core of delivery pipeline
- Tools and techniques to be included in your development and delivery workflow to help build security in.
- Continuous threat modeling
- How having a continuously evolving threat-model can help mitigate security risks.
- Slides - https://speakerdeck.com/shirishp/building-a-continuous-secure-delivery-pipeline
- Presented in another conference (GeeCON 2019 in Poland) - https://2019.geecon.org/speakers/info.html?id=504