Achieving DevSecOps with Dev-First AppSec Tooling
As organisations adopt DevOps, AppSec tools and practices shift left in the pipeline, with development teams assuming responsibility for security tasks. While this is an imperative step toward achieving DevSecOps maturity, legacy application security testing tools were built for security professionals, not developers. They remain hard to use and continue to bury developers under a never-ending list of false security alerts.
Organizations need to ensure that development and security teams are able to address security as early as possible in the DevOps pipeline, without slowing down development.
In this session, we will explore:
- Key features in dev-first security tooling to enable your developers to take ownership of security
- How you can detect, prioritize and remediate security issues early, without slowing down development
- Reducing the noise of false positives to remove manual bottlenecks to shift left
- Achieving a culture of security testing automation as part of your CI/CD pipeline to test your applications and APIs
Oliver Moradov
Oliver Moradov is VP of NeuraLegion's developer focused DAST security testing platform, helping organisations and DevOps teams understand how they can run seamless, fast and accurate security tests on every build.Oliver works closely with security and engineering teams globally to help them ship secure software more efficiently and is passionate about automation, CI/CD and DevOps/DevSecOps.
Oliver has spoken at many conferences internationally and is a regular at developer and security related events and meetups.