Compliance as Code with InSpecMatt Ray
schedule 2 weeks agoSold Out!
InSpec is an open source testing framework that specifies compliance, security and policy requirements in a human-readable language. Compliance and security are the next steps in building your software-defined infrastructure, building resilience into your continuous delivery pipelines. InSpec makes it easy to incorporate existing standards and your own security requirements into simple, cross-platform tests. InSpec reduces the risk of new features and releases making unsafe changes to your infrastructure and helps eliminate the time lost to external audits. This talk will provide an overview of working with InSpec and how you can build "Compliance as Code" into your pipelines.
AppSec in a DevOps WorldPeter Chestna
schedule 3 weeks agoSold Out!
Security has typically been done at the end of the development cycle if it’s done at all. This has all of the same side effects as testing quality just before shipping namely surfacing work and risk at the worst possible time. DevOps is forcing development teams to re-think their accountability. Not only are they responsible for functional quality but now they must also operationalize their software. I assert that they should also be accountable for security. Software written without security in mind opens a company up to brand damage and the costs associated with breaches. This will reflect directly on the teams that built the software.
How can DevOps teams add security to DevOps without losing velocity? In this session, Peter Chestna, Director of Developer Engagement, discusses how security is typically bolted on to the development process as well as the pressures on DevOps teams. He will then provide practical strategies to integrate security successfully into the SDLC while maintaining the velocity necessary to realize the benefits of DevOps.
What you will learn:
- Why application security (AppSec) is important
- How AppSec is traditionally done
- How to do security in DevOps while maintaining velocity
- What to measure as leading indicators of success