Rootconf Pune edition

In today’s fast paced software development world, we have seen teams facing difficulties keeping up with security requirements. Regular security breach in news highlights how a simple security miss can result into big financial and reputation loss.

To solve this problem, we tried to integrate security as an agile engineering practice, similar to pairing or TDD at ThoughtWorks.

In this talk we will speak about challenges teams face to include security as a practice. We will share some of the lessons learned, tools and techniques to help teams build a continuous delivery pipeline which has security at its core. We will also talk about how a continuously evolving threat model helps team to bake security in the product instead of bloating on in later.

Outline

• Mindset required to have security at the core of delivery pipeline
• Tools and techniques to be included in your development and delivery workflow to help build security in.
• Continuous threat modeling
• How having a continuously evolving threat-model can help mitigate security risks.

Requirements

Speaker bio

Shirish Padalkar is currently working as a lead consultant in ThoughtWorks. He regularly reads and writes code in different languages including Java, Scala, JavaScript, etc. When not coding, he tries to find vulnerabilities in web applications, and preach about secure coding practices to developers. He regularly speaks at Agile, Developer, Security and Testing conferences or meet-ups.

Links

• Slides - https://speakerdeck.com/shirishp/building-a-continuous-secure-delivery-pipeline
• Presented in another conference (GeeCON 2019 in Poland) - https://2019.geecon.org/speakers/info.html?id=504

Slides

https://speakerdeck.com/shirishp/building-a-continuous-secure-delivery-pipeline