Explore a conference talk from OWASP Global AppSec Tel Aviv that delves into Microsoft's approach to automating security in CI/CD pipelines. Learn about the tools and practices implemented to secure products and services during deployment, as well as valuable lessons learned along the way. Gain insights into various security aspects, including ransomware protection, red team guidelines, vulnerability discovery, credential management, antivirus measures, and phishing prevention. Discover the importance of open source software security, regular deployments, and static code scanning in maintaining a robust security posture. Presented by Sasha Rosenbaum, an Azure DevOps Program Manager at Microsoft, this 31-minute talk offers practical knowledge for enhancing security automation in software development and deployment processes.
Overview
Syllabus
Introduction
What is CICD
Ransomware
Michael Hayden
Security Practices
Red Team Guidelines
Capture the Flag
Vulnerability Discovery
Credentials
Antivirus
Phishing
Second Biggest Vulnerability
Open Source Software
Equifax
WhiteSource
Limitations
Isolation
Regular Deployments
Static Code Scanning
Taught by
OWASP Foundation
