logo

DSOMM from Theory to Enforcement

2022-11-17

Authors:   Chris Koehnecke


Summary

The presentation discusses the OWASP DevSecOps Maturity Model and how to practically apply security controls using open source tools for each requirement.
  • The OWASP DevSecOps Maturity Model provides a framework for companies to apply security in a cloud-native and fast-paced engineering world.
  • Whatever isn't automated is much more difficult to practically apply to systems.
  • Open source security tools have evolved and provide good coverage for many of the layers of the DSOMM model.
  • The presentation walks through the different security requirements in the DSOMM framework and does live code demos for each.
  • Prioritization of security issues can be done per each pull request.
  • The speaker shares their experience with implementing security processes in a startup environment.
  • Developers owning security is seen as the future of the security industry.
The speaker shares their experience working in a big four consulting firm where they realized that the processes they implemented stifled development velocity and didn't have a lasting impression. They then joined a startup where they prioritize security per each pull request and see developers owning security as the future of the industry.

Abstract

Like many of the OWASP projects, the OWASP DevSecOps Maturity Model provides an excellent framework and roadmap for companies looking to truly apply security in a cloud-native and fast-paced engineering world. However, like all things Dev+Ops related, whatever isn’t automated is much more difficult to practically apply to our systems. This is true from post-mortem learnings to security plans.Open source security tools have also evolved immensely over the years, and there are many excellent, well-maintained, and robust tools that provide very good coverage for many of the layers of the DSOMM model - many of them provided by OWASP. In this talk, we’d like to walk you through the different security requirements in the different stages of the DSOMM framework and do live code demos for each taking a deep dive into how to apply the relevant security control with great open source tools for each requirement.

Materials:

Post a comment

Related work

Authors: James Barclay, Roman Porter
2021-10-15

Authors: Katie Gamanji, Bill Mulligan
2023-04-19

Authors: Rob van der Veer, Spyros Gasteratos
2021-09-24

Authors: BHUSHAN B GUPTA
2021-09-24


Authors: Gary Robinson
2021-09-24