STAREAST 2022 - Security
Customize your STAREAST 2022 experience with sessions covering security for software developers and testers.
Thursday, April 28
Raiders of the Lost AppSec
Remember the Indiana Jones movies? For those in infosec and security trying to navigate these days seems a lot like those movies. For instance, right from the very start of the series, we are shown how defense-in-depth is not enough - or have you forgotten that Indy escaped with the idol? Or how about how many of us, trying to keep up with threats, can relate to Indy, when going after a truck, said “I don’t know, I’m making this up as I go!”? And can't we ALL relate to trying to find the Security Holy Grail to help manage and mitigate risk – and felt the pain and scars from someone...
Embracing Collaborative Chaos: Running Chaos Days on Large Platforms
Chaos Engineering reduces the impact of component failure. Chaos Days (aka Game Days) are one practice within this field, whereby controlled failures are used to learn and improve system and team response. We will describe how to run a Chaos Day on a large microservices platform, using our experience of doing this across 60 teams, 1000 microservices. The session will explore why you’d run a Chaos Day, and how to know when you and your platform are ready to do so. We’ll share our learnings of the actual mechanics of running one: how do you plan, execute and retrospect a Chaos Day. We’ll...
Enhance AppSec Maturity and Outcomes Using DevSecOps Metrics
Building a mature AppSec program is critical to the success of any product in managing the most vulnerable areas of the application. How can we ensure that the DevSecOps pipeline implemented is working effectively? The paper answers them by highlighting the key measures for every CISO to monitor and track the effectiveness of the AppSec maturity. The effective outcomes were measured by tracking 6 key metrics to validate if DevSecOps is successfully implemented. When done right, DevSecOps goes well beyond “shifting security left” to “shifting security everywhere” ensuring application is...