How practical is “DevSecOps” really? – A field report | Maximiliane Zirm

Testing Security Automation

Discover the practical realities of implementing DevSecOps, with insights on the importance of automation, integration, education, and more for successful security implementation.

Key takeaways
  • Practical approach to DevSecOps is crucial for success
  • Integrate security tests into test suites and automate testing wherever possible
  • Educational efforts are essential to ensure developers understand security implications
  • Pragmatism is key when implementing security measures
  • Early introduction of security is vital, especially in complex projects
  • Automation is necessary for scalable security verification in agile processes
  • Documentation is vital for survival of security in projects
  • Tool integration is important, but not without proper configuration and testing
  • Security is a shared responsibility in DevSecOps and requires the cooperation of the whole team
  • Flexibility is necessary in terms of work approach and level
  • Integration of security into agile projects must be done naturally, without adding another team
  • Risk analysis and prioritization of results are crucial
  • Continually monitor and adjust the approach as the project evolves
  • Consider the complexity of the project and the resources available when implementing security measures

More talks

Haystack 2.0: the story of a rewrite [PyCon DE & PyData Berlin 2024]

Dublin Tech Summit 2022 : Prism Stage, From the Front Lines of the Disinformation Wars

Wired 2.0! Create your ultimate learning environment by Simone de Gijt

Adam Števko - Journey to Securing the Cloud: Detecting and Fixing Misconfigurations at Datadog

Open sourcing a library: how hard can that be? by Johan Hutting

Devoxx Greece 2024 - Lessons learned by closing the gap between Java and cloud-native ecosystems

Into the hive of eBPF! by Mohammed Aboullaite

37C3 - Finding Vulnerabilities in Internet-Connected Devices