Agile + DevOps Virtual 2020 - DevOps

Performance issues can be difficult to resolve when found late in the software development lifecycle. Using an open-source tool like JMeter to develop, manage, and execute load and performance tests while the code is being developed, is an inexpensive way to help find performance issues. Executing these performance tests as part of your CI/CD pipeline enables users to find and resolve performance issues as soon as they are introduced. This hands-on workshop will help attendees develop a foundational understanding of JMeter, while engaging them in creating and running performance tests...

You've got agile and lean questions, and Mary and Tom Poppendieck want to answer them for you. They won't really be sitting by the fire, but they will be on hand to talk about all things lean and agile. Mary has been a programmer, IT manager, and product champion and is well known for the Lean Software Development books that she wrote with her husband, Tom. Tom has been in computing for 25 years, working with health care, logistics, mortgage banking, and travel services, and he holds a Ph.D. in physics. Bring your questions and be ready for a lively, interactive discussion.

The speed and scale of complex system operations within cloud-driven architectures make them extremely difficult for humans to mentally model their behavior. This often results in unpredictable and catastrophic outcomes that become costly when unexpected security incidents occur. There is a need to realign the actual state of operational security measures in order to maintain an acceptable level of confidence that our security actually works when we need it to. As an alternative to simply reacting to failures, the security industry has been overlooking valuable chances to further...

DevSecOps creates more effective security by moving the traditional gate earlier instead of the end of the pipeline, where it’s too late to effectively fix security issues. Static code analysis is the best way to move security as far left as possible by using both early detection checkers for common issues like tainted data as well as secure-by-design coding patterns that harden the code against todays common attacks. However, static analysis has a reputation for being noisy and causing extra work. We will explore tips and tricks to make sure your static analysis is delivering security...

Traditional approaches to application security create unacceptable drag and scaling problems for DevOps, while expert staffing and tooling requirements to support “more code, faster” create untenable economics. This presentation will discuss the transformative impact of embedding application security into applications themselves. Embedded AppSec removes friction, enables security to be seamlessly woven into DevOps, and provides a continuous and unified approach across the SDLC that empowers Dev, Security, QA/Test, Ops, and other stakeholders to collaborate and realize the benefits of...

As we embrace DevOps to optimize our Agility, we need to move away from slow, manually intensive processes into more of a continuous flow of software into production. Whether we are doing true "Continuous Deployment" straight to production or not, we no longer have time for slow, manual, late-lifecycle security assessments to determine if our code is going to put us on the front page of the newspaper (for the wrong reasons). What we need is the visibility to know that our code is secure enough to pass muster every day. What we need is continuous security.

The DevSecOps movement is...