YoVDO

Your Security Tools Are Just a Stop-Gap to Secure DevOps

Offered By: LASCON via YouTube

Tags

LASCON Courses Application Security Courses CI/CD Pipelines Courses Security Testing Courses Static Analysis Courses Threat Models Courses

Course Description

Overview

Explore a comprehensive approach to securing DevOps pipelines in this 43-minute LASCON conference talk. Learn why a tools-first approach often falls short and discover a risk-based methodology for enhancing application security. Understand the importance of considering business risks, threat models, and required security controls before selecting tools. Gain insights into essential security components for CD pipelines, strategies for building organizational momentum, and overcoming common challenges through industry case studies. Examine a high-level maturity model for setting goals and tracking progress in fast-paced application security programs. Delve into topics such as requirements interfaces, approval processes, security reference architectures, end-to-end testing, static analysis, and security test coverage to develop a more robust and effective DevOps security strategy.

Syllabus

Intro
Take a breath
Requirements interface
Approval process
Security reference architecture
Endtoend tests
Requirements tests
Static analysis
Security test coverage
Security requirements interface
Security maturity model


Taught by

LASCON

Related Courses

Web and Mobile Testing with Selenium
University of Minnesota via Coursera
DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX
Programming Foundations: Software Testing/QA
LinkedIn Learning
Security Assessment and Testing for CISSP®

Pluralsight
EU Panel: The Joys of Integrating Security Testing into Your Pipeline
Pluralsight