Agile Event Session

From DevOps to DevSecOps – Application security for a Lean/Agile/DevOps environment

This video content is for Agile Alliance members only

If you’re already an active member, please log in now.

To view this content, and gain access to many more valuable resources, conference discounts, and invitations to exclusive networking and learning events, please consider becoming an Agile Alliance member.

Abstract/Description

The bad guys don’t break in through the highly secure bank vault door; they attack the crumbly bricks and mortar of the vault walls. The same is true for application security. The vast majority of incidents don’t target security features like encryption, authentication, and authorization… the bank vault door. Rather, they target vulnerabilities in the “boring”, non-security parts of the code… the crumbly bricks and mortar of the vault walls.

The security function is still largely throw-it-over-the-wall at many organizations, but things are changing. There is growing awareness that you cannot prevent the vast majority of incidents with a bolt-on approach to security. You have to produce applications that are free of such vulnerabilities as they are being developed. In other words, you have to BUILD SECURITY IN.

Just like DevOps is a cultural transformation, to BUILD SECURITY IN we need a mindset shift and cultural change. We need DevSecOps.

This talk starts by introducing a DevSecOps manifesto and then a process model for achieving a “BUILD SECURITY IN” DevSecOps culture. The framework is designed to sit on top of any SDLC but it is particularly suited to Lean/Agile environments and even more so to a DevOps environment or in conjunction with an ongoing DevOps transformation.

Additional Resources

Add to Bookmarks Remove Bookmark
Add to Bookmarks Remove from Bookmarks
Add to Bookmarks Remove from Bookmarks

Speaker(s) may be willing to present this session at local group meetings and other events.

Agile2017
Slides, Video
Advancing

More Agile Event Session Videos

Principles of Self-Service Infrastructure
The management of development and test environments is major concern when trying to optimize the value stream of any software development project. In this context, implementing Self-Service Infrastructure may help your organization to simplify the ma…
Building evolutionary infrastructure
Infrastructure as code tools like Ansible, Chef, Puppet, Terraform, etc. can make it easy to build and manage infrastructure in the cloud. But as with any code, this can quickly devolve into a fragile monolith that is difficult and scary to change…
Principles of Self-Service Infrastructure
The management of development and test environments is major concern when trying to optimize the value stream of any software development project. In this context, implementing Self-Service Infrastructure may help your organization to simplify the ma…
Building evolutionary infrastructure
Infrastructure as code tools like Ansible, Chef, Puppet, Terraform, etc. can make it easy to build and manage infrastructure in the cloud. But as with any code, this can quickly devolve into a fragile monolith that is difficult and scary to change…

Have a comment? Join the conversation

Discover the many benefits of membership

Your membership enables Agile Alliance to offer a wealth of first-rate resources, present renowned international events, support global community groups, and more — all geared toward helping Agile practitioners reach their full potential and deliver innovative, Agile solutions.

IMPORTANT: We have transitioned to a new membership platform. If you have not already done so, you will need to set up an account on the new platform to establish your user profile.

When you see the login screen, choose “Set up Account” and follow the prompts to create your new account. You can choose to log in using your social credentials for either Google or Linkedin (recommended), or you can set up your account using an email address.

Not yet a member? Sign up now