December 26th, 2021

Privilege Management, Pipeline Building and Elements of Testing and Validation in AWS

We discuss recommendations and tools for credential and permission handling in your code running in AWS to facilitate least-access and least-privilege (including privilege bracketing), before looking into tools and techniques you can build into your CI/CD pipelines for code analysis, integrity assurance and penetration testing, and recommendations for how these pipelines can themselves have security checks incorporated in their automated build. We further examine some techniques used by AWS for modelling and formal verification of code, and how code builds and model validations can be synchronized.
December 23rd, 2021

Sensible Open Source Risk Management in Enterprises

remediate the open-source risks. Investing in industry-proven tools & leveraging the correct tools during the appropriate phases of the SDLC will allow an organization to implement a scalable and reliable open source governance framework, to reduce this risk and potential for compliance-related issues across the enterprise
November 11th, 2021

The role of app sec testing in securing your software supply chain

Recent supply chain attacks, along with the U.S. Executive Order on Cybersecurity, have raised the priority of software security. With all eyes on secure coding, how do you ensure proper depth and breadth of app sec testing? How do you meet development deadlines without slowing down for security? This talk will address how to best approach modern software security by automating your CI pipeline for simplicity, visibility, and control.