logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Automating Configuration and Permissions Testing for GitOps with OPA Conftest

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Eve Ben Ezra
2023-04-20

tldr - powered by Generative AI

The presentation discusses the importance of continuous feedback and policies in DevOps and cybersecurity using openconf test and Rego.
  • Continuous feedback is crucial in the development life cycle to ensure compliance and prevent drift from the declarative state.
  • Policies should be easy to access and start giving feedback early and continuously.
  • Openconf test and Rego can be used to write policies and enforce compliance.
  • An example policy is prohibiting the use of latest tags for container images in non-dev environments.
  • An anecdote is given about the difficulty of convincing developers to onboard a shared cluster if the process is too complicated.
Tags:
deployment
software development life cycle
New York Times
self-service platform
Developers

Achieving Security by Shifting Left in Agile

Conference:  OWASP 20th Anniversary Event
Authors: BHUSHAN B GUPTA
2021-09-24

tldr - powered by Generative AI

The main thesis of the conference presentation is to bring security elements into the agile development life cycle to catch problems earlier and mitigate risks. The speaker emphasizes the importance of including security stories in the backlog, conducting security risk assessments, and testing throughout the life cycle using both SASD and DST tools. The anecdote provided highlights the consequences of not addressing vulnerabilities early, such as breaches that can take up to 266 days to contain and cost a significant amount of money. The speaker also quotes technology evangelist Liz Rice and participant Gemanico to emphasize the importance of involving software engineers in security engineering early on.
  • Constant threat of hacking in all areas of life
  • Multiple areas of vulnerabilities being exploited
  • Penetration testing is not effective enough
  • Bring security elements into the agile development life cycle
  • Include security stories in the backlog
  • Conduct security risk assessments
  • Test throughout the life cycle using both SASD and DST tools
  • Prioritize high-risk stories
  • Chaos engineering can help prepare for release
  • Involving software engineers in security engineering early on
Tags:
Application Security
software development life cycle
agile software development
security personas
STRIDE method