Security in the Delivery Pipeline

Explore security integration in the software delivery pipeline through this GOTO Amsterdam 2017 conference talk. Discover modern approaches to security testing that challenge the status quo of relegating security to the end of the development process. Learn about continuous delivery, rugged software, and the concept of "push to time." Examine the challenges of security versus compliance and DevOps, and understand why traditional security measures can be ineffective and expensive. Dive into the SEI CD Pipeline and various security tools like RetireJS, Zette attack proxy, and Breakman. Investigate the importance of runtime security, attack detection, and bug bounties. Gain insights on separating duties and implementing attack-driven defense strategies. Walk away with three key lessons to improve your approach to security in software delivery.

Intro
Summary
CICD Journey
Continuous Delivery
Push to Time
Rugged Software
Gauntlet Project
Agile
Presentation of Velocity
Presentation of DevOps
Ratio of developers to operations
Culture
Moon
ComplianceDriven Security
Security Challenges
Security vs Compliance
Security vs DevOps
Security company flyer
Securitys ineffective
Security is expensive
SEI CD Pipeline
Security in the Delivery Pipeline
Other Security Tools
RetireJS
Vulnerabilities
Security Tools
Gauntlet Call
Gauntlet Code
Garland
Workshop
Labs
Feedback loops
Docker containers
Zette attack proxy
Breakman
Chef
Cloud Providers
Run Time
Am I under attack
Detect what matters
Bug bounties
Bug bounty sites
Separation of duties
We are not people
Three lessons
Attackdriven defense
Recap