Overview
Explore the evolving landscape of system and application deployment in this 45-minute LASCON conference talk. Learn how traditional sys admin and security processes are adapting to the rapid pace of change brought on by agile development, continuous deployment, DevOps, and cloud technologies. Discover the concept of Test Driven Security and how it can be implemented to keep up with today's fast-paced IT environment. Gain insights into securing infrastructure, apps, APIs, and source code using agile methods. Understand the challenges faced by security professionals in this new era and learn strategies to overcome them. Examine real-world examples from Rackspace and acquire practical takeaways to architect your security work for maximum agility and effectiveness.
Syllabus
Who am I
DevOps
Cycle Time
The Problems
Testing
Maximize what you have
Testdriven security
Its a time to mourn
The 5 Stages of Grief
Securing Infrastructure
Cookbooks
Inspector
Agent
Vulnerability Management
Securing APIs
Reporting Findings
Turn Findings into Templates
Leverage Existing Dependencies
API Documentation to Basic Test Harness
Security Output Parsing
Securing Code
APIs
False positives
Requirements not implementation
Demo
Production Workflow
Takeaways
Taught by
LASCON