Explore the critical intersection of development and security in this 44-minute conference talk from All Things Open 2022. Gain valuable insights into why developers should prioritize security, understand the consequences of neglecting it, and learn about practical tools to enhance software security. Discover the importance of managing dependencies, addressing vulnerabilities in package managers and Docker files, and responding quickly to security threats. Examine real-world examples like the SolarWinds incident and data breaches to grasp the significance of security in the software development lifecycle. Acquire knowledge about free and open-source security tools, including Frogbot and JFrog plugins, to bolster your developer's toolbox and code with confidence while improving overall software security.
Confessions of a Vulnerable Developer: What Developers Need to Know About Security
Overview
Syllabus
Intro
Meet Melissa McKay
Why should a developer care about security
We have some responsibility
Consequences
SolarWinds
Log for Shell
Data Breaches
DevOps
Security Training
Feeling Smart
Funny Points
Software Dependencies
Package Managers
Docker
The dependency confusion attack
Con contrived Docker files
Recap
Security usage report
Managing dependencies and artifacts
Where should we be concerned
Salsa
Respond Quickly
Review
Frogbot
JFrog
Persia
Decentralized Registry
Trivia
Persia Info
Jfrog Plugin
Taught by
All Things Open
