How to Move Mountains: Building an AppSec Program in a DevOps Environment

September 12, 2017

 

Pentesters are tired of breaking things, writing a report, and walking away. Security teams are caught in a backlog that prevents them from ever staying ahead. Developers curse security for slowing them down. How can we address these seemingly incompatible and insurmountable issues in an organization, especially at scale?

The answer to this may be found in DevOps Security, which has been gaining momentum in large organizations that need to move fast and ensure a high level of security across their applications and operations. It is a practice that attempts to address all of these issues through two core principles: automation and education.

Our Senior Security Researcher, Aaron Hnatiw, recently spoke at ToorCon 19 about these issues. Using experience gained from working with several large Fortune 500 companies, his talk covered the basics of DevOps Security, and dove into specific tools and processes that organizations of any size can implement to immediately improve their speed of delivery while maintaining a strong and measurable security baseline.

Watch the video and follow along with the slides below.

[embed]https://www.slideshare.net/AaronHnatiw/how-to-move-mountains-toorcon-2017[/embed]

Follow Aaron on Twitter @insp3ctre

 

 

Previous Article
How to Handle Complex Non-Functional Requirements in Agile Projects
How to Handle Complex Non-Functional Requirements in Agile Projects

Development teams rarely define specific software security requirements. This is not surprising: many softw...

Next Article
DevOps & Software Security: Turning unplanned work into planned work
DevOps & Software Security: Turning unplanned work into planned work

Every IT worker I’ve met has heard me rave about The Phoenix Project. The book uses an all-too-realistic fi...