Your Security Tools Are Just a Stop-Gap to Secure DevOps

Explore a comprehensive approach to securing DevOps pipelines in this 43-minute LASCON conference talk. Learn why a tools-first approach often falls short and discover a risk-based methodology for enhancing application security. Understand the importance of considering business risks, threat models, and required security controls before selecting tools. Gain insights into essential security components for CD pipelines, strategies for building organizational momentum, and overcoming common challenges through industry case studies. Examine a high-level maturity model for setting goals and tracking progress in fast-paced application security programs. Delve into topics such as requirements interfaces, approval processes, security reference architectures, end-to-end testing, static analysis, and security test coverage to develop a more robust and effective DevOps security strategy.

Intro
Take a breath
Requirements interface
Approval process
Security reference architecture
Endtoend tests
Requirements tests
Static analysis
Security test coverage
Security requirements interface
Security maturity model