DevOps East 2017 - Security
Thursday, November 9
DevSecOps Manifesto and Process Model for Secure Applications
The bad guys don't break in through the highly secure bank vault door; they attack the crumbly bricks and mortar of the vault walls. The same is true for application security. The vast majority of incidents don't target security features like encryption, authentication, and authorization. Rather, the target is vulnerabilities in the boring, non-secure parts of the code. In many organizations, the security function is still largely thrown-over-the-wall, but things are changing. Larry Maccherone believes we cannot prevent the vast majority of incidents with a bolt-on approach to security. We...
Discover Your Team’s Values with LEGO® Serious Play®
Creating a cohesive team doesn’t require knowledge of dark arts or forbidden rituals. In fact, under the right circumstances, it can even be fun! Using exercises built around the LEGO® Serious Play® (LSP) methodologies, Paul Wynia explores techniques that ensure full team engagement and collaboration resulting in more meaningful discussions. Working as teams, discover Team Values using a series of individual and collaborative LSP builds. Once the Team Values are defined, use them to guide your team’s behaviors. These are finally turned into the Team Working Agreement, a powerful tool for...
Implement Practical and Proven Encryption Practices
PreviewFrom its earliest times, software development has featured commercial and government-grade encryption libraries. Encryption libraries make it possible for organizations to protect data with the highest level of security. Gene Chorba says that despite a big push in the past few years to use encryption to combat security breaches, lack of expertise among developers and overly complex libraries have led to widespread implementation failures in business applications. Although any developers believe they know how to implement crypto, they haven't had any specific training in...