Session Name: DevSecOps in Practice, What Can and Can’t Be Automated
Application Security is a critical part of DevSecOps that isn’t well represented in many projects. This talk will explain how to factor application security into short feedback cycles so that teams aren’t overwhelmed by application security issues or practices at the end of a release or at any time.
One of the challenges we have in using Application Security practices is where to start, and how to get value. The world is being driven more and more by network-connected applications and services that are constantly under attack from the curious and malicious.
What should you do If you aren’t involved with AppSec and still want to get started using AppSec practices? By adding steps to your daily practices and building pipelines, you can iteratively add AppSec practices to your process and increase the security of your software.
Join Tom as he lays out a plan for AppSec: where to start, how to achieve success, and build on it. We will also talk about what to do next, how you should introduce AppSec in your development process, and where AppSec should go in your build pipeline. Finally, we will discuss what can be accomplished with tools and what still needs to be done by a person.
As CTO of Coveros, Tom is responsible for the oversight of all technical projects and integrating new technologies and testing practices into software development projects. Recently, Tom has been focusing on how to incorporate DevSecOps and agile best practices into projects and how to achieve a balance between team productivity and cost while mitigating project risks. One of the best risk mitigation techniques Tom has found is leveraging DevSecOps and agile testing practices in all aspects of projects. Previously, as a managing architect at Digital Focus, Thomas was involved in agile development and found that agile is the only methodology that makes the business reality of constant change central to the process.