The Power of DevSecOps in Web3 and Blockchain

The presentation discusses the importance of threat modeling and testing in web3 organizations and the need for understanding code in web3.

• Threat modeling is important in web3 organizations and should be done iteratively starting with a contract or cloud infrastructure
• Writing tests is crucial in web3 organizations
• Learning to code is important for effective communication with developers in web3 organizations

The presenter gives an example of a web3 organization that only had two connections to the blockchain through contracts and the importance of focusing on web2 infrastructure weaknesses. They also emphasize the need to start with function-level threat modeling and to highlight the importance of cloud infrastructure to web3 organizations.

Web3 and blockchain are the next set of buzzwords and initiatives plaguing application security professionals, but fear not! All of your cloud and appsec skills can help you become a web3 blockchain security guru. Blockchain is an incredibly diverse space with a new eye towards security as a priority in software development. This security first mindset and support of the blockchain community coupled with the open source nature of decentralized software make it a very real candidate to see DevSecOps practices blossom. This talk will cover real world examples and techniques used in blockchain that make it a fertile ground for growing your devsecops skills, practices, and client base.