DevOpsDays NYC 2016 - Beyond Testing: Application Security in the Age of DevOps by Tim Jarett

Channel:
United States Confreaks
Subscribers:
42,400
Published on ● Video Link: https://www.youtube.com/watch?v=ohtSRvWivDE


Duration: 26:04
125 views
0

DevOpsDays NYC 2016 - Beyond Testing: Application Security in the Age of DevOps by Tim Jarett

It's a common question from security practitioners in any development practice: how do I secure the code my development team is building? The challenge of answering this question in DevOps: the time between developer check-in and deployment is measured in minutes, not days or weeks. But focusing only on speed without understanding the goals of DevOps can lead to undesirable trade-offs, like unnecessarily shutting down the build pipeline. In this presentation, we establish five principles for securing DevOps development (Automate Security In, Integrate to Fail Quickly, No False Alarms, Build Security Champions, Keep Operational Visibility). We review the state of the art of application security practices and talk about ways to leverage the principles and practices of DevOps, such as quick feedback loops and feature toggling, to create more secure code. And we look at organizational, process, and technology innovations to secure applications in ways that incorporate, but go beyond, testing for vulnerabilities, by looking at what developers can do before checking in code and what application security looks like in production.



Other Videos By Confreaks


2016-11-04DevOpsDays KC 2016 - Secure Your Containers! What Network Administrators Should Know..
2016-11-04DevOpsDays KC 2016 - Human Factors and DevOps by Kevin O'Brien
2016-11-04DevOpsDays KC 2016 - Docker Container Lifecycles – Problem or Opportunity? by Baruch Sadogursky
2016-11-04DevOpsDays KC 2016 - Building a DevOps Enterprise Community Across 10 Businesses by Pauly Comtois
2016-10-24DevOpsDays NYC 2016 - Don't Believe the Data! Data VS Intuition in Decision Making by Aaron Atwell
2016-10-24DevOpsDays NYC 2016 - Things I learned about engineering from being a chef by Jason Yee
2016-10-24DevOpsDays NYC 2016 - Pioneers, Settlers, and Town Planners of Catan by Bridget Kromhout
2016-10-24DevOpsDays NYC 2016 - Empathetic communication... by Sharon Steed
2016-10-24DevOpsDays NYC 2016 - SRE: An incomplete guide to cultural Narnia by Anthony Caiafa
2016-10-24DevOpsDays NYC 2016 - How Can You Scale It If You Don't Trust It? by David Blank-Edelman
2016-10-24DevOpsDays NYC 2016 - Beyond Testing: Application Security in the Age of DevOps by Tim Jarett
2016-10-24DevOpsDays NYC 2016 - Moving Fast Together: Test-Driven Infrastructure by Victoria Jeffery
2016-10-24DevOpsDays NYC 2016 - Programming your Infrastructure by Dave Long
2016-10-24DevOpsDays NYC 2016 - Post-Quantum DevOps by Nick Doiron
2016-10-24DevOpsDays NYC 2016 - The Benefit of A Systems Lens... by Jason Hand
2016-10-24DevOpsDays NYC 2016 - From Amazon Mom to Amazon Lambdas by Natacha Springer
2016-10-24DevOpsDays NYC 2016 - 3AM, a Survey by Eric Sigler
2016-10-24DevOpsDays NYC 2016 - Blue Grass in a Brown Field... by Nivia Henry
2016-10-24DevOpsDays NYC 2016 - Learning How to Dev in an Ops World by Frank Mitchell
2016-10-24DevOpsDays NYC 2016 - Eliminating Unconscious Bias Through UX Design by Marcus Finley & Rakia Finley
2016-10-20CodeDaze 2016 - Keynote Day 2- Richard Dylan and Eamond Leonard