The Developer's Field Guide to Software Security

Explore a comprehensive guide for enhancing software security in a DevOps environment through this 57-minute conference talk from NDC Oslo 2020. Discover how to integrate security measures without compromising deployment speed, as Jennifer Janesko presents a step-by-step approach to improving your software security posture. Learn about the timeline and costs of security breaches, vulnerability detection and fixing, and the importance of speaking the language of security. Gain insights into various security tools and practices, including code and architecture reviews, secure software development life cycles, dynamic and static application security testing, software composition analysis, and cloud configuration tools. Find out how to build alliances within your organization and organize a security-focused movement while using data to guide your efforts and manage your time effectively.

Intro
Timeline of a Software Breach
Cost of a Software Breach
Timeline of a Detected Vulnerability Adversary
Timeline of a Vulnerability Fix
Speak the Language...
Language Lessons: Internal, Online SSG Resource
Language Lessons: Internal PD Platforms...
Language Lessons: Find External Resources Read
Code & Architecture Review!!
(Secure) Software Development Life Cycle
Dynamic Application Security Testing (DAST)
Static Application Security Testing (SAST)
Software Composition Analysis (SCA)
Self-Made Unit Tests
Security Linters
Cloud Configuration Tools, Container Scanning...
Find Allies: Check with your Software Security Grou
Find Allies & Organize a Movement: Think Horizonta
Pace yourself! Let data guide you...
Find the Time...