Sort by:  

Authors: Tanya Janca

tldr - powered by Generative AI

The presentation discusses resources and strategies for maintaining secure legacy applications in DevOps.
  • Encourages joining the Open Web Application Security Project and local chapters
  • Provides a PDF summary of the presentation
  • Offers free online community called We Hack Purple with training courses and podcasts
  • Suggests regular communication with software developers and security champions through lunch and learns and presentations
  • Emphasizes the importance of feedback and addressing issues promptly
Authors: Altaz Valani

tldr - powered by Generative AI

The importance of threat modeling in cybersecurity and the need for developers to prioritize security in their projects
  • Developers often prioritize functional aspects over security in their projects, but security should be given equal importance
  • Threat modeling is a continuous learning experience that requires effort and investment
  • Developers should use the search modeling approach to understand potential risks and prevent attacks
  • Experience is fundamental in threat modeling and developers should apply it to real-life scenarios
  • Investing in security allows for the reduction of potential losses as a result of a compromise of the solution
Authors: Kirti Apte, Steve Watkins

tldr - powered by Generative AI

The presentation discusses the use of open source tools and templates to create a supply chain for DevOps workflows, with a focus on security and compliance.
  • The presentation demonstrates a live demo of a basic GitOps workflow using open source tools such as Flux CD, Tecton, and K-PAX.
  • The use of templates allows for flexibility in tool selection and easy swapping of tools.
  • Security and compliance are embedded into the supply chain through signing images, scanning for vulnerabilities, and generating S-bombs for auditing purposes.
  • The centralized metadata store allows for easy querying of results and sharing with developers and auditors.