Get your 2024 Plan for API Security

Download Now

Get your 2024 Plan for API Security

Download Now

Get your 2024 Plan for API Security

Download Now





Roadmap to DevSecOps Adoption with OWASP Bay Area

Oct 19, 2023 at 6:45 PM

DevSecOps talk
DevSecOps talk
DevSecOps talk

Roadmap to DevSecOps Adoption with Case Studies: 45-Minute Talk

Event Details:

  • Date: Oct 19, 2023

  • Time: Thursday, Oct 19, 6:45pm PDT to 7:30pm

  • Duration: 45 mins

  • Location: Semgrep Office

  • Format: Interactive talk

  • Drinks and Food provided at the venue: Yes

Introduction (5 minutes)

  • Brief on traditional DevOps.

  • The rising need for security: Introducing DevSecOps.

  • The benefits of integrating security into the CI/CD pipeline.

Key Principles of DevSecOps (5 minutes)

  • DevSecOps vs. traditional security models.

  • The continuous nature of DevSecOps: Continuous Integration, Continuous Delivery, Continuous Security.

  • "Shift Left" philosophy: Implementing security in the early stages.

  • Automation: Making security checks automated and integral to the pipeline.

  • Collaboration: Breaking silos between Dev, Ops, and Security teams.

Starting the Journey - Cultural Shift (5 minutes)

  • Building a collaborative culture: Communication and training.

  • Security as everyone's responsibility.

Setting up Your Toolchain (15 minutes)

  • Identifying the right tools for:

    • Static Application Security Testing (SAST)

    • Dynamic Application Security Testing (DAST)

    • Interactive Application Security Testing (IAST)

  • Integrating these tools into the CI/CD pipeline.

  • Continuous monitoring and real-time feedback loops.

Key Challenges in DevSecOps Adoption (10 minutes)

  • Resistance to change.

  • Addressing false positives in automated security checks.

  • Balancing speed with security.

  • Continuous training and staying updated with evolving threats.

Best Practices (7 minutes)

  • Regularly updating and patching tools and systems.

  • Collaborative threat modeling.

  • Continuous feedback loop: Learning from security incidents.

  • Prioritizing security debts alongside other technical debts.

Measuring Success (3 minutes)

  • Key Performance Indicators (KPIs) for DevSecOps.

    • Reduced number of security incidents.

    • Faster incident response time.

    • Number of vulnerabilities detected and addressed in the early stages.

Learn more about Akto's API Security Roadshow


Ankita Gupta

Ankita Gupta

CEO & Co-Founder at Akto

Ankush Jain

Ankush Jain

CTO & Co-Founder at Akto