Overview
Explore the innovative concept of "Security As Code" in this 23-minute conference talk by Dr. Chenxi Wang, presented by the OWASP Foundation. Delve into the new model of achieving security at scale, focusing on Policy-As-Code as the future direction for security controls. Learn how security is moving towards code implementation, and discover the universal approach to parsing and implementing security targets. Examine the application of software engineering practices to security across deployment stages, including design, build, testing, deployment, and management. Understand the importance of an engineering pipeline for authoring, testing, deploying, and implementing security targets, emphasizing explicit exceptions and eliminating silent failures. Gain insights into industry trends and how Policy As Code serves as a starting point for this transformative approach to security.
Syllabus
Policy-As-Code The New Direction for Security Controls
Security Move to Code
Codify the target A universel way of persing and implementing Iterget Apply software engineering practices to target across deployment Design, build, testing, deployment, and management An engineering pipeline to author/test/deploy/implement (target)
No silent failures Explicit exceptions
Starting Point: Policy As Code
INDUSTRY TRENDS
Taught by
OWASP Foundation