Agile + DevOps West 2023 - Security
Tuesday, June 6
Threat Modeling
If it seems as though attacks are always getting better, it’s because they are. Computers, apps, networks, and connected devices are all subject to different types of threats. Systems are facing new threats from things such as voice cloning and computational propaganda. Not to mention the growing importance of threats “at the human layer.” All of this can make it hard to keep up, let alone get ahead of potential threats. So isn’t it time that the threat modeling used by security pros, developers and systems managers evolve? Join Derrick and Tom as they shares their knowledge and experience...
Wednesday, June 7
.jpg%3Fitok=owdvb9yS&sc=99410af1980838bc65014bc2b12db659)
The Art of Defensive Programming
With every commit, the threat landscape increases. One single vulnerability is all a hacker needs. Vulnerabilities have multiple sources, and you must have a plan for securing each potential risk vector and identify vulnerabilities early. In this session, we will describe defensive coding techniques you can use as a daily practice and how you can build a security champion program. We will practically cover ways of identifying security vulnerabilities in your IDE using CodeQL as a Static Code Analysis tool. This is an important step in the pre-commit stage to identify security...
Shifting Left the Right Way–Improving DevSecOps
"Shift left" is the mantra of DevSecOps. The closer to our developers that we can move the prevention of a security vulnerability being introduced to our codebase, the cheaper and faster it is for our organization. However even in 2023 old vulnerabilities find their way into new pull requests and merges. We can't continue to "shift left" and hope for the best. Instead, our focus needs to turn to providing the right tools and resources to our developers at the right time. Proper techniques need to be as friction free as shortcuts, workflows integrated, and correction offered in clear...
Thursday, June 8
Balancing Agile and Cybersecurity Implementation
Over the past 25 years, software development has changed drastically due to evolving market demands. To respond to these needs, software development teams must reduce their time to market with releases that are more frequent. This has led the industry to move away from the waterfall methodology to agile development methodologies, thus enabling security to be engaged from inception instead of bolted on at the end of the process. While security methodologies rely more on a systematic and requirement-based approach to development much more conducive to the waterfall methodology, we must...