Loading…
Attending this event?
We have been working hard to secure the world through challenges and discovery. And now, it’s time to celebrate! Many of you have played a crucial role in the Foundation’s enduring history, and we encourage you to participate in the celebration coming this September! Our theme, Securing the Next 20 Years, is encouraging and exciting as we look ahead to the next 20 years!

Join us for FREE at this live 24-hour global event as we honor the past, celebrate the present, and embrace the future of OWASP and cybersecurity. Hear from world-renowned keynotes and special speakers, and network with your peers. It is FREE to attend, however, registration IS required, so please register today!

Back To Schedule
Friday, September 24 • 6:30am - 7:00am
Feedback loop in DevSecOps - mature security process and dev cooperation

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Abstract:
Having Security testing in the pipeline is getting more and more popular, I would say it is becoming a standard! But what we are doing with findings? What are we automating and how are using the automation?

The presentation will cover security-as-a-code practices to integrate security testing into the CI and CD pipelines, but in addition - I will discuss the part of the testing that cannot be automated, which is penetration testing. How do you connect it with your automation testing and what is the role of penetration testing in monitoring? I will show how it affects next round of the process and what the process should look like.
During the presentation I will discuss real use cases from different pipelines and security tools, showing pros and cons, advantages and challenges. Demo will include GitHub Actions and open-source tools like OWASP ZAP and examples will be provided with pipeline-as-a-code and security-as-a-code. Real life use cases and examples with step-by-step instruction how the development process in mature state of DevSecOps should look like.

Speakers
avatar for Daniel Krasnokucki

Daniel Krasnokucki

Product Security Manager, Equinix
Security freak, pentester, programmer, and day-to-day also a manager of Product Security team @ Equinix. Leader of OWASP Poland with a strong focus on building security controls and improving different areas in a very techy company. Privately likes board games, football (soccer) and... Read More →


Friday September 24, 2021 6:30am - 7:00am EDT
On-Line
Feedback form isn't open yet.