Upgrade your DevOps to SecDevOps at RootedCon

 | Continuum Blog, SecDevOps

Join our CTO Paul Santapau at RootedCon in Madrid, where he’ll be presenting a talk on implementing security in DevOps cultures.

Paul Santapau

Integrating security into agile development methodologies poses unique challenges to both the security and development teams. These are particularly striking in continuous delivery (CD) processes where the rate of code deploys and automated testing cycles are too rapid for manual techniques. DevOps practices have added another twist to the story by increasing communication and collaboration between different teams (Dev, Ops and Security) and reducing the time between code change to deployment in a live environment even more.

The aim of this talk is to demonstrate how we can embed security practices into modern DevOps software development environments. In order to do so, we’ll introduce concepts such as Agile Threat Modeling, Security Touch Points related to different phases of the SDLC and automating both security vulnerability testing and the verification of security controls using our open source BDD-Security testing framework.

Did you like this article?

YOU MAY ALSO LIKE
  • Web Application Security Checklists as Code
    Web Application Security Checklists as CodeThe problem Imagine ACME Web Development Company performs several tens, hundreds or even thousands of Web Application deployments a year and it has a typically small Application Security Team compared to the development and QA teams. How does ACME ensure that those applications have included a reasonable set of security countermeasures? How does ACME verify […]READ MORE
  • Launching IriusRisk ‘Community Edition’
    Launching IriusRisk ‘Community Edition’The scalable Threat Modeling and Risk Management solution for product development is now free to use. Developers, architects and technical teams, this is a call for you to contribute to building the first collaborative set of threat model templates licensed under Creative Commons and available to everyone. IriusRisk uses architectural risk patterns and templates to […]READ MORE
  • Scaling Threat Modeling with tools
    Scaling Threat Modeling with toolsAdam Shostack wrote an interesting blog post on the role of diagrams in threat modeling where he contrasts the benefits and trade-offs of using tooling vs. diagrams to build a threat model. One of the points is that the cost of getting a cross functional team together for a threat modeling activity can be high. […]READ MORE