Application Security/Software Assurance
3116 - DevOps Is Automation, DevSecOps Is People
Wednesday, October 10
8:30 AM - 9:30 AM
Location: Floor 2: Galerie 4
Successful appsec builds on DevOps tactics like feedback loops, automation and flexibility. These tactics emphasize process and tools. Appsec shouldn’t neglect the importance of working with others to build and maintain secure environments.
Practical appsec deals with constraints like time, budget and resources. Navigating these trade-offs requires building skills in collaboration and informed decision-making. On the technology side, we have containers, top 10 lists and tools. The techniques that make the social aspects of security successful deserve equal attention.
We build automation with apps. We build relationships with people. Using examples from pen testing to role-playing games, this presentation gives examples of using metrics and communication to drive positive behaviors.
Security is an integral part of DevOps. And, yes, it’s made of people.
- Distinguish constructive feedback from unproductive criticism.
- Create meaningful metrics for managing application vulnerabilities.
- List communication techniques for improving group collaboration.