Overview
Learn how to create a continuous, effective, and scalable DevSecOps pipeline using only free tools in this 55-minute conference talk from LASCON 2018. Discover how to implement Interactive Application Security Testing (IAST) for real-time vulnerability detection and Runtime Application Self-Protection (RASP) for production-level security. Explore techniques for integrating security vulnerability and attack telemetry into existing team tools, enabling real-time security feedback in IDEs, continuous analysis of libraries and frameworks, security integration in CI/CD processes, identification of application layer attacks, and prevention of exploitation in open source libraries. Gain practical knowledge to establish a DevSecOps pipeline immediately, adaptable to various tools and processes, including legacy applications and waterfall-style projects.
Syllabus
2018 - Practical DevSecOps – the simple free pipeline anyone can create - Jeff Williams
Taught by
LASCON