Roadmap to DevSecOps Adoption with OWASP Bay Area

Roadmap to DevSecOps Adoption with Case Studies: 45-Minute Talk

Event Details:

• Date: Oct 19, 2023

• Time: Thursday, Oct 19, 6:45pm PDT to 7:30pm

• Duration: 45 mins

• Location: Semgrep Office

• Format: Interactive talk

• Drinks and Food provided at the venue: Yes

Introduction (5 minutes)

• Brief on traditional DevOps.

• The rising need for security: Introducing DevSecOps.

• The benefits of integrating security into the CI/CD pipeline.

Key Principles of DevSecOps (5 minutes)

• DevSecOps vs. traditional security models.

• The continuous nature of DevSecOps: Continuous Integration, Continuous Delivery, Continuous Security.

• "Shift Left" philosophy: Implementing security in the early stages.

• Automation: Making security checks automated and integral to the pipeline.

• Collaboration: Breaking silos between Dev, Ops, and Security teams.

Starting the Journey - Cultural Shift (5 minutes)

• Building a collaborative culture: Communication and training.

• Security as everyone's responsibility.

Setting up Your Toolchain (15 minutes)

• Identifying the right tools for:

  • Static Application Security Testing (SAST)

  • Dynamic Application Security Testing (DAST)

  • Interactive Application Security Testing (IAST)

• Integrating these tools into the CI/CD pipeline.

• Continuous monitoring and real-time feedback loops.

Key Challenges in DevSecOps Adoption (10 minutes)

• Resistance to change.

• Addressing false positives in automated security checks.

• Balancing speed with security.

• Continuous training and staying updated with evolving threats.

Best Practices (7 minutes)

• Regularly updating and patching tools and systems.

• Collaborative threat modeling.

• Continuous feedback loop: Learning from security incidents.

• Prioritizing security debts alongside other technical debts.

Measuring Success (3 minutes)

• Key Performance Indicators (KPIs) for DevSecOps.

  • Reduced number of security incidents.

  • Faster incident response time.

  • Number of vulnerabilities detected and addressed in the early stages.

Learn more about Akto's API Security Roadshow