Submitted by Neelu Tripathy (@br3akp0int) on Monday, 18 March 2019
Technical level: Intermediate Section: Birds Of Feather (BOF) Session
DevSecOps is becoming increasingly relevant with changing requirements and rapid product development becoming the norm. Through this Birds of Feather session we plan to discover various approaches of integrating end to end security in the DevOps cycle.
Who should attend:
1.DevSecOps Enthusiasts, Practitioners, Agile Development Teams,
2.All Developers,QAs, DevOps practitioners
3.Anyone interested in DevSecOps
Key Takeaways for Audience:
1.Understanding of holistic practices of DevSecOps: what role people, process and technology play in DevSecOps
2.Basic building blocks if establishing DevSecOps from scratch(metrics)
3.Ways in which security can catch up with really fast paced DevOps
4.Amount of tooling that is optimal for your pipeline
5.Key aspects of environment security to consider in the age of containerization & cloud
We are looking to bring forth the following issues:
1.Challenges in integrating security in a fast paced DevOps Cycle
2.Current Practices being followed for DevSecOps in Organizations
3.Solving People and Proces challenges around DevSecOps to bring about a security mindset
4.Best Practices to prevent over-tooling in Pipelines
5.Embedding Security in the Pipeline and Automation
6.Culture shift required when transitioning from On-Premise to Containers and Cloud infra
This being a Birds of a Feather session, we expect people to call out questions you may have or challenges faced when choosing, establishing or maintaining the idea of DevSecOps in your organisation. We encourage you to share your experiences or analysis around automation and culture shifts needed for your DevSecOps journey, during this discussion. The general idea is to see what’s new in the DevSecOps space including optimisations and learn from inputs from practitioners solving problems on a daily basis. We will try to keep discussions to pointers and suggestions at a high level.
She is working as principal consultant for AppSec at Thoughtworks. Her array of experience includes Penetration testing and Vulnerability Assessments, Threat Modeling and Design Reviews of web applications & APIs, Source Code Reviews, Configuration reviews, Social Engineering engagements and Red Teaming. She loves building and execution of various threat cases & bending business logic. Currently She is focussed on integrating security in fast paced Agile development lifecycles and delivering security by building it into the product.
He is the founder and primary author of the IronWASP project and various other appsec focussed tools such as Ravan, JS-Recon, Imposter, etc. His products helps developers and admins discover security issues in their websites. He is also a security researcher with notable security advisories to his name.