We discuss recommendations and tools for credential and permission handling in your code running in AWS to facilitate least-access and least-privilege (including privilege bracketing), before looking into tools and techniques you can build into your CI/CD pipelines for code analysis, integrity assurance and penetration testing, and recommendations for how these pipelines can themselves have security checks incorporated in their automated build. We further examine some techniques used by AWS for modelling and formal verification of code, and how code builds and model validations can be synchronized.
remediate the open-source risks. Investing in industry-proven tools & leveraging the correct tools during the appropriate phases of the SDLC will allow an organization to implement a scalable and reliable open source governance framework, to reduce this risk and potential for compliance-related issues across the enterprise
This session will explore how a remote workforce has influenced enterprise adoption of DevSecOps from a people, process and automation perspective . The session will also be supported by data from DevOps Institute's 2021 Upskilling report.
Secure DevOps, DevSecOps, what do these words really mean for your organisation? As we evolve to DevOps processes and start to break down the silos between different tribes, where does security fit in and why is it important?
Recent supply chain attacks, along with the U.S. Executive Order on Cybersecurity, have raised the priority of software security. With all eyes on secure coding, how do you ensure proper depth and breadth of app sec testing? How do you meet development deadlines without slowing down for security? This talk will address how to best approach modern software security by automating your CI pipeline for simplicity, visibility, and control.