Security by Design in a Continuous Deployment Shop, Nathan Gibson, Alex Hart, presented at BSidesIOWA 2015

by Nick Starke,

Summary : Continuous deployment is a practice used in software development to automate and improve the process of software delivery. Maintaining, analyzing, confirming, and reporting on the status of required information security, compliance, and privacy controls is a difficult and significant task for software and security engineers. This talk discusses real world applications and examples for integrating Security by Design with your Continuous Deployment environment. Tools include the use of Jenkins, Chef, Metasploit, Fuzzers, vulnerability scanning (Nexpose), test driven development and system hardening.