The path to agile DevSecOps – a holistic approach of automation, orchestration and correlation

Automation

Learn how to achieve agile DevSecOps through automation, orchestration, and correlation, ensuring secure software development and efficient feedback for developers.

Key takeaways
  • Defining policies is essential for secure software development, and it’s crucial to understand the risk level for individual software projects
  • Automation, orchestration, and correlation are key to a holistic approach to DevSecOps
  • Developers want feedback in minutes, not days, requiring efficient guidance on fixing vulnerabilities
  • Machine learning capabilities are essential for efficient security testing and remediation
  • Software composition analyzers (SCA) and open source analyzers are important tools for identifying vulnerabilities
  • Correlation between static and dynamic findings increases the confidence in the findings
  • Hybrid delivery involves external expertise to support development teams and make the process smooth and automated
  • Developers need training and enablement to understand secure coding practices and vulnerabilities
  • Intelligent remediation is crucial for efficient bug fixing
  • Rasp runtime application self-protection and interactive application security testing (IAST) are important technologies for secure software development
  • Monolithic architectures are giving way to microservices, requiring a complete rethink of security approaches
  • IT teams must be able to identify critical issues in their own code and open source components to ensure secure software development
  • Indexing and mapping polices with findings is important for prioritization and remediation
  • Gamified approaches to training can encourage developers to take ownership of secure coding practices
  • Technology choices should enable efficient synergies between different security testing approaches
  • Integration and automation are essential for a smooth and efficient DevSecOps process
  • Prioritization engines are necessary for efficient bug fixing
  • Security audits are no longer effective in the agile DevOps world, requiring a holistic approach to secure software development

More talks

Language: The next stronghold to be taken by AI

Playing Video Games One Frame at a Time - Ólafur Waage - NDC TechTown 2023

Andrei Stoian - Open-source Machine Learning on Encrypted Data | PyData Amsterdam 2024

Infrastructure as Code Programs: How to Test, Finally by Daniel Sokolowski and Guido Salvaneschi

Building Evolutionary Architectures • Rebecca Parsons, Neal Ford & James Lewis • GOTO 2023

Automated Accessibility Testing by Anna Maier

Distributed load testing with k6 - Thijs Feryn - NDC London 2024

Philipp Krenn - Open Policy Agent: security for cloud natives and everyone else