Explore a comprehensive talk on integrating continuous security into Agile development processes without compromising velocity and innovation. Discover why security is becoming a crucial skill for Agile teams and learn practical tools, techniques, and processes for building secure software rapidly. Gain insights from real-world experiences in SCRUM team trenches, addressing common misconceptions about security measures like Web Application Firewalls and compliance. Delve into the principles of continuous security, including automation, accountability, integration, and scalability. Learn how to implement security personas, threat assessments, and design considerations throughout the development lifecycle. Acquire knowledge on defensive toolkits, SSL Labs, incident preparation, and fostering a safety-oriented culture within development teams. Equip yourself with actionable strategies to enhance your team's security practices while maintaining agility and innovation in software development.
Overview
Syllabus
Intro
Im not just a consultant
We are not perfect
Youre the wrong conference
Dream state
Security is really freaking hard
Why we became developers
Lets build the dream
People take security seriously
Youre in the wrong job
Whats in this talk
Common misconceptions
Web Application Firewall
Compliance
What is Continuous Security
What is Software
What is Security
Choose Your Own Adventure
Principles of Getting There
Boring jobs
Things to automate
Autonomous
accountability
integration
repeatable
work together
finally scalable
we need to take it
lets start with design
Security persona
Threat assessment
Design
Testing
Getting started
Things you can do
DevOps Defensive Toolkit
SSL Labs
What happens when your company gets this
Preparing for incidents
Safety
Questions
Taught by
NDC Conferences
