Rootconf Mini 2024 (on 22nd & 23rd Nov)

Geeking out on systems and security since 2012

Navin Govindarasu

Navin Govindarasu

@navingovind

Securing the SDLC with a Shift-Left Security Approach - The Thoughtworks Way

Submitted Oct 27, 2024

Abstract

In today’s fast-paced digital world, security must be a priority, not an afterthought. Adopting a “Shift-left” approach means integrating security early in the software development lifecycle (SDLC). This talk will discuss the importance of early security integration, the challenges organizations face, and how to implement security tools throughout the development process to improve application security.

We will share real-world case studies that illustrate the benefits of early security measures and provide practical tips on using shift-left security and automated tools to safeguard your applications and data. Additionally, we will talk about how an ideal path to production should look and introduce a selection of security tools that facilitate the shift-left approach.

Key Takeaways

  • Understanding the Shift-Left Approach: Discover why incorporating security early in the SDLC is crucial for reducing vulnerabilities.

  • Ideal Path to Production: Understand how an ideal path to production should look, including essential steps and considerations for security.

  • List of Security Tools: We will look at different security tools that help with the shift-left security approach, such as SAST, DAST, Software Composition Analysis (SCA), Software Bill of Materials (SBOM), Secrets Detection Tools, and Infrastructure as Code (IaC) Scanning Tools. I’ll also share which tools I like the most and when to use them in the CI/CD pipeline.

  • Real-World Challenges and Best Practices: Gain insights into common challenges teams encounter when integrating security early and explore strategies to overcome them.

  • Importance of Culture and Continuous Improvement: Understand that Shift-Left is more than just adding tools to the pipeline; it’s also about creating a strong security culture and continuously improving security practices in the development process and within the team.

Audience

  • Security Engineers and DevSecOps Practitioners

  • Engineering Leaders and Decision Makers

  • Developers and Software Engineers

  • Technically Curious Professionals

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

We care about site reliability, cloud costs, security and data privacy

Supported by

Platinum Sponsor

Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.

Platinum Sponsor

PhonePe was founded in December 2015 and has emerged as India’s largest payments app, enabling digital inclusion for consumers and merchants alike.

Silver Sponsor

The next-gen analytics engine for heavy workloads.

Sponsor

Community sponsor

Peak XV Partners (formerly Sequoia Capital India & SEA) is a leading venture capital firm investing across India, Southeast Asia and beyond.

Venue host - Rootconf workshops

Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation.

Community Partner

FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India. more

Community Partner

A community of Rust language contributors and end-users from Bangalore. We have presence on the following telegram channels https://t.me/RustIndia https://t.me/fpncr LinkedIn: https://www.linkedin.com/company/rust-india/ Twitter (not updated frequently): https://twitter.com/rustlangin more