Getting More “Sec” out of DevSecOps Pipelines

DevSecOps pipelines are transformative, yet outcomes for application security testing in pipelines remain variable. This session will provide an overview of the current state of application security automation, pipelines, and best practices and will focus on tradeoffs between testing depth, time, and automation coverage to help attendees maximize application security coverage of their pipeline. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion, and remind attendees that no comment attribution or recording of any sort should take place. Pre-Requisites: Participants should have a background in application security with exposure to DevOps and CI/CD pipeline concepts. Working knowledge of major application security vulnerability scanning technologies such as SAST/DAST/IAST/SCA will help the participants have deeper discussions with the facilitator and peers. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate.