The path to agile DevSecOps – a holistic approach of automation, orchestration and correlation

Automation

Learn how to achieve agile DevSecOps through automation, orchestration, and correlation, ensuring secure software development and efficient feedback for developers.

Key takeaways
  • Defining policies is essential for secure software development, and it’s crucial to understand the risk level for individual software projects
  • Automation, orchestration, and correlation are key to a holistic approach to DevSecOps
  • Developers want feedback in minutes, not days, requiring efficient guidance on fixing vulnerabilities
  • Machine learning capabilities are essential for efficient security testing and remediation
  • Software composition analyzers (SCA) and open source analyzers are important tools for identifying vulnerabilities
  • Correlation between static and dynamic findings increases the confidence in the findings
  • Hybrid delivery involves external expertise to support development teams and make the process smooth and automated
  • Developers need training and enablement to understand secure coding practices and vulnerabilities
  • Intelligent remediation is crucial for efficient bug fixing
  • Rasp runtime application self-protection and interactive application security testing (IAST) are important technologies for secure software development
  • Monolithic architectures are giving way to microservices, requiring a complete rethink of security approaches
  • IT teams must be able to identify critical issues in their own code and open source components to ensure secure software development
  • Indexing and mapping polices with findings is important for prioritization and remediation
  • Gamified approaches to training can encourage developers to take ownership of secure coding practices
  • Technology choices should enable efficient synergies between different security testing approaches
  • Integration and automation are essential for a smooth and efficient DevSecOps process
  • Prioritization engines are necessary for efficient bug fixing
  • Security audits are no longer effective in the agile DevOps world, requiring a holistic approach to secure software development

More talks

Beyond GenAI: What’s Next for the Enterprise? • Andrew Turner • GOTO 2023

SAINTCON 2023 - Christopher Forte - Full Stack for "Hackers"

How a Hybrid Document Management API Brought Back Peaceful Sleep (DeveloperWeek Global 2020)

The Future of Software Engineering – Mary Poppendieck

Jamstack Conf Virtual 2020 Keynote, Matt Biilmann of Netlify

How sand and Java are used to create the world’s most powerful chips by Johan Janssen

Adam Števko - Journey to Securing the Cloud: Detecting and Fixing Misconfigurations at Datadog

API World Conference: Building the Nervous System of the Enterprise