Solving the other half of the code security problem

Most of us think of code security in terms of how the code behaves—runtime vulnerabilities like XSS and SQL injection—but as a category, those represent only about half the risk in our code.

The other half of the risk is the sensitive information in our code, the details of all the systems our code connects to, and the passwords and keys to get in.

Modern DevOps tools eliminate these risks with dynamic discovery and secure secret stores. And for many, this is an issue of code quality. But how do we measure that and make it actionable?

Join us to learn how developers are taking ownership of code quality and the practical solutions engineering leaders are using to normalize secure code quality for their teams—and enable deeper conversations about secure design patterns along the way!

Key takeaways will include:

• Hear from experts how developers and security teams can focus on code security to mitigate risks early in the development cycle.
• Discover how for the first time, consolidating both internal code-related risks with external dependency risks can deliver a more complete risk posture.
• Learn about a new category of tools that foster collaboration between development teams and AppSec teams to respond to security issues without disrupting developer workflows.

Our speaker this week will be Casey Bisson.

Casey is a product and DevRel leader at Docker. Casey has over 15 years of experience as an engineering and product leader in consumer and B2B SaaS and IaaS. This includes his work in hyper-scale public cloud infrastructure, where he helped drive a DevOps revolution for container infrastructure and continuous delivery. Casey has worked with open-source communities throughout his career and demonstrated continued focus on making tools and systems usable. Casey’s background in building tools and services that developers love and trust is well-aligned with our mission to democratize the tools and processes they need to secure their development workflows.

Location

This event will be held in person at Doppler headquarters: 215 2nd St, San Francisco, CA 94105, USA.

Join the Community!

If you haven't joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity

Sponsors

This month's sponsors are...

Snyk! The super-awesome, free-to-use developer security tool that scans your code, containers, and infrastructure for vulnerabilities and helps you fix them!

StepZen! StepZen lets you build clean, intuitive, consistent GraphQL declaratively - composing APIs from REST, database, and GraphQL building blocks. Your GraphQL runs as a managed service, is optimized and scales automatically - on StepZen's cloud, on your private cloud, or to a colocation data center - so that you have zero infrastructure to build or maintain

Doppler! Doppler enables developers and security teams to keep their secrets and app configuration in sync and secure across devices, environments, and team members. Goodbye .env files!