DevSecOps: What, Why and How presented at BlackHatAsia2019 2019

by Anant Shrivastava,

Summary : Security is often added towards the end of a typical DevOps cycle, through manual/automated review. In DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. Having a DevSecOps pipeline enables an organisation to:Create a security culture amongst the already integrated “DevOps” teamFind and fix security bugs as early as possible in the SDLCPromote the philosophy “security is everyone’s problem” by creating Security champions within the organisationIntegrate all security software centrally and utilize the results more effectivelyMeasure and shrink the attack surfaceIn this talk, we focus on how a DevOps pipeline can easily be metamorphosed into DevSecOps, and we will identify the accompanying benefits . The talk will discuss a number of open source tools and also the cultural changes needed to implement DevSecOps. The talk will also present various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.