Explore security best practices throughout the software development lifecycle in this 51-minute conference talk from Devoxx Poland 2021. Delve into topics such as OWASP, CIS Benchmarks, Trivy, Distroless, Sops, and Kubernetes as Radek Grebski, Co-Founder and CTO of Stepwise.pl, shares insights on implementing security measures from design to deployment and maintenance. Learn about Secure Software Development Lifecycle (SSDL), threat modeling, and practical tools like kube-bench, detect-secrets, and Starboard. Gain valuable knowledge on reducing vulnerabilities, securing code and databases, and conducting effective attack surface analysis to enhance your software development process.
Overview
Syllabus
Intro
Why "Security in Software Development Process"?
Software Development Lifecycle (SDL)
Secure Software Development Lifecycle (SSDL)
Requirement Analysis
Threat Modeling
OWASP Top 10 Proactive Controls
OWASP Application Security Verification Standard (ASVS)
Web Application Firewall (WAF)
Securing Database
Attack Surface Analysis
Deployment Environment Design
Implementation
Securing Code
Secrets OperationS (SOPS)
Trivy alternatives
Verification / Testing
Release
Starboard
Summary
Taught by
Devoxx Poland
Related Courses
-
Application Security for Developers
-
Application Security for Developers and DevOps Professionals
-
DevSecOps Fundamentals
-
The Path of Secure Software Development - AppSec EU 2017
-
Leveraging the ASVS in the Secure Software Development Lifecycle
-
Iterative Threat Modelling - Security in Agile Development
