Talk DevSecOps and AppSec

Important things first

Food and beverages will be provided, to fuel our open discussions after our [hopefully interesting] talks ;-)

(Please do RSVP so we can plan accordingly)

Truly looking forward to seeing you there, and exchange!
Best,

fred

###

Shift security left : What to do to make DevSecOps real

Speaker: Fred Blaise - Kudelski Security

DevOps is the [new?] shiny object, or the promise of delivering infrastructure and/or software faster, better, stronger. It can look somewhat chaotic, especially in the eyes of people outside the bubble -- and unsafe.

What happens to security then? Is DevOps really unsafe? And is it plain simply at odds with security at large?

We'll be addressing some of the challenges that companies face today and have a shot at what can be done to include security in our organizations before injecting it into our CI/CD pipelines.

###

Including application security in your DevOps pipeline

Speaker: Jérémy Matos - Securing Apps

Application security is rarely addressed in the SDLC and hence not included in any DevOps pipelines.

We will have a glance at the OWASP Software Assurance Security Model listing various activities required to increase the security level. Some of them are easy and cheap to automate, making them very good candidates to start your appsec journey via your DevOps pipeline.

We will see why and how to address the 3 following quick wins with OpenSource tooling:

• SQL injection detection

• Cross Site scripting discovery

• Dependency management (aka SCA for Software Composition Analysis)