Security+Ambidexterity+Devops = FUN / Dependency Confusion

Welcome to another online OWASP Norway Chapter meetup. Today we will have two talks, presented by Espen Johansen from Visma and Ståle Pettersen from Schibsted.

I hope we soon will be able to meet again at Teknologihuset to enjoy a slice of pizza. But for now we will continue to host online meetups.

See you!

------------------------
Security+Ambidexterity+Devops = FUN - Espen Johansen (Visma)

I dette foredraget vil Espen snakke dypere om de tekniske valgene som er gjort hos Visma fra starten av DevOps transformasjonen fram til i dag. Han vil også demonstrere hvordan noen av systemene virker i praksis og gi salen mulighet til å styre han :-) Interaktivt foredrag med store muligheter til å få innsyn.

Experience sharing and storytelling from Visma`s work with integrating security into DevOps by means of Ambidexterity as method. Practical examples on choice of leaders, board composition, spices with technical choices made along the way.

Espen is a passionate Security DevOps-er with a flair for midlifecrisemanagement and enjoying life to it’s fullest. He serves as the Director of Security in Visma but is secretly passionate about gamification, UX, Democracy and Security. He loves difficult words and like to apply their meaning in agile teams.

------------------------
Dependency Confusion - Ståle Pettersen (Schibsted)

Are you confused about the Dependency Confusion attack? We will explain the bug class that compromised Apple, Microsoft and Tesla, and how you can defend yourself against it in the different package manager systems (npm, python, Java, Ruby and more). We will go through how the Product & Application Security team in Schibsted worked to mitigate this bug class in JFrog Artifactory. One part of our solution was the tool Artishock (https://github.com/schibsted/artishock).

Ståle Pettersen (@kozmic) is leading the Product & Application Security team within Schibsted. He has 10+ years experience as a developer and a security enthusiast and is a big fan of OWASP and doesn’t like to brag about himself :)