Completed
500 devs != 5 security engs
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
How DevOps Becomes DevOpsSec - Chris Raethke, Bugcrowd Webinar
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 bugcrowd
- 3 why are we here?
- 4 Fast forward to 2015 CLOUD / SAAS MOBILE / BYOD
- 5 Move security as close as possible to the code and the data
- 6 DevOps as a double edged sword
- 7 DevOps rapid changes moar bugs/vulns faster
- 8 start simple, take small steps easy wins
- 9 developers have to care about their code
- 10 Code is the team's baby At least Peer Code Reviews
- 11 code style/quality reviews
- 12 everyone has to care about process
- 13 Decreasing friction between Dev and Sec
- 14 500 devs != 5 security engs
- 15 protect sales/marketing and admin staff from phishing
- 16 because.. people are the new automation
- 17 Lotsa bugs, best dev training
- 18 which types of issues, in which parts, of which applications
- 19 Accelerate Security ROI
- 20 reproduceable & testable production server configurations
- 21 deliberate small "simulated" fires
- 22 The best indicator of the next bug is the last bug.
- 23 + Small steps mean easy wins * Developers have to care about code * Security is a process, not a product Don't wait for a fire to hire fire fighters * Crowd sourcing can augment your team