Nov 2024
18 Mon
19 Tue
20 Wed
21 Thu
22 Fri 09:00 AM – 05:10 PM IST
23 Sat
24 Sun
Navin Govindarasu
@navingovind
Securing the SDLC with a Shift-Left Security Approach - The Thoughtworks Way
Submitted Oct 27, 2024
Submission type:
40 min talk
Track in which your submission fits:
Security
Abstract
In today’s fast-paced digital world, security must be a priority, not an afterthought. Adopting a “Shift-left” approach means integrating security early in the software development lifecycle (SDLC). This talk will discuss the importance of early security integration, the challenges organizations face, and how to implement security tools throughout the development process to improve application security.
We will share real-world case studies that illustrate the benefits of early security measures and provide practical tips on using shift-left security and automated tools to safeguard your applications and data. Additionally, we will talk about how an ideal path to production should look and introduce a selection of security tools that facilitate the shift-left approach.
Key Takeaways
-
Understanding the Shift-Left Approach: Discover why incorporating security early in the SDLC is crucial for reducing vulnerabilities.
-
Ideal Path to Production: Understand how an ideal path to production should look, including essential steps and considerations for security.
-
List of Security Tools: We will look at different security tools that help with the shift-left security approach, such as SAST, DAST, Software Composition Analysis (SCA), Software Bill of Materials (SBOM), Secrets Detection Tools, and Infrastructure as Code (IaC) Scanning Tools. I’ll also share which tools I like the most and when to use them in the CI/CD pipeline.
-
Real-World Challenges and Best Practices: Gain insights into common challenges teams encounter when integrating security early and explore strategies to overcome them.
-
Importance of Culture and Continuous Improvement: Understand that Shift-Left is more than just adding tools to the pipeline; it’s also about creating a strong security culture and continuously improving security practices in the development process and within the team.
Audience
-
Security Engineers and DevSecOps Practitioners
-
Engineering Leaders and Decision Makers
-
Developers and Software Engineers
-
Technically Curious Professionals
Comments
Hybrid Access Ticket
Hosted by
We care about site reliability, cloud costs, security and data privacy
Supported by
Platinum Sponsor
Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.
Platinum Sponsor
PhonePe was founded in December 2015 and has emerged as India’s largest payments app, enabling digital inclusion for consumers and merchants alike.
Community sponsor
Peak XV Partners (formerly Sequoia Capital India & SEA) is a leading venture capital firm investing across India, Southeast Asia and beyond.
Venue host - Rootconf workshops
Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation.
Community Partner
FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India.
more
Community Partner
A community of Rust language contributors and end-users from Bangalore. We have presence on the following telegram channels https://t.me/RustIndia https://t.me/fpncr LinkedIn: https://www.linkedin.com/company/rust-india/ Twitter (not updated frequently): https://twitter.com/rustlangin
more
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}