Overview
Explore key insights from DevOps practices and their application to Application Security in this 45-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into the challenges of traditional software development and learn how to adapt AppSec methodologies for the modern era. Discover the Three Ways of DevOps and how they can be applied to create an effective AppSec Pipeline. Examine key features and goals of an AppSec Pipeline, including intake processes, visibility, workflow optimization, and improved feedback mechanisms. Learn strategies for embracing failure, automating processes, and integrating security findings directly into bug tracking systems. Gain practical knowledge on implementing configuration management tools and post-employment hooks to enhance security practices. Understand how to leverage DevOps principles to transform vulnerability management and streamline AppSec workflows for more efficient and effective security outcomes.
Syllabus
Intro
About Matt
About OWASP
Whats the problem
Traditional software
Adapt
Its time to bury traditional AppSec
The old way
Waterfall
DevOps
Bend
Three Ways of DevOps
Workflow
AppSec Pipeline
Key Features of AppSec Pipeline
Optimizing is an Illusion
Key Goals
Intake
Pipeline End
Pipeline Visibility
Work Flow
Retest
Practice
Localization
Improved Feedback
Embracing Failure
Findings Directly Into Bugs
SLA
Puppetsible
Configuration Management Tools
Post Employment Hook
Turning Vulnerabilities And Its Head
Automate
Gauntlet
Taught by
OWASP Foundation