Overview
Explore the evolving landscape of system and application deployment in this 51-minute conference talk from AppSecEU 2014. Dive into the challenges faced by sys admins and security professionals as they adapt to agile development, continuous deployment, DevOps, and cloud technologies. Learn about Test Driven Security, a concept inspired by Test Driven Development, and discover how to architect security work to keep pace with rapid changes. Gain insights into agile methods for securing infrastructure, apps, APIs, and source code. Understand the importance of embracing change in today's fast-paced IT environment. Topics covered include Chef and Puppet for infrastructure management, vulnerability scanning, severity classification systems, and strategies for handling false positives. Benefit from real-world examples and key takeaways from the speaker's experience at Rackspace.
Syllabus
Intro
Who am I
DevOps
The problem
Traditional software
Making easy wins
Testdriven vs Agile
Its the time to mourn
Five stages of grief
Infrastructure
Chef Puppet
Cookbooks
Tags
Inspector
Agent
Vulnerability Scanning
Bugs vs Reports
Severity Classification System
Reports
Leveraging consistencies
Detailed findings
False positives
Hire and befriend
Rackspace
Veracode
Key takeaways
QA
Taught by
OWASP Foundation