We are switching gears for this meetup. This talk is going to technical and a demo. Learning from few of the folks who has automated security in different organisations successfully.
DevOps initiated as a term defining Infrastructure Automation, traditionally focusing on integrating software development and software operations. Contrary to the traditional approach, introducing security to the CI/CD pipeline results in regulated and automated Secure Software delivery. Despite that, understanding of how and where security needs to hook onto CI/CD pipelines has become a big challenge for number of organisations. During this talk we will focus on this issue, particularly on automation of the security quality gates in the build pipeline, why we need the automation, its challenges, pros and cons. We will wrap-up our talk with a quick demo of the automated pipeline in Jenkins platform, and as parts of that we will discuss about aligning Static and Dynamic Security Controls into various stages which will give good idea of SAST and DAST practices as well.
Babanpreet Kaur (Application Security Consultant at PS&C Group)
Negar Shabab (Application Security Consultant at PS&C Group)
Ulisses Albuquerque (Principal Application Security Consultant at PS&C Group)