The Implementation and Practice of DevSecOps

Explore a comprehensive conference talk on implementing DevSecOps practices and integrating cybersecurity into the DevOps process. Learn about the DevSecOps program initiated in 2018 to shift security mindsets left in development teams. Discover various DevSecOps tools, including SAST, DAST, IAST, and FOSS, and their integration into CI/CD pipelines for automated vulnerability detection. Gain insights into three different approaches for providing cybersecurity training to development teams. Examine the DevSecOps maturity model used to measure and assess teams' security capabilities. Understand how this model can simplify security assessments and accelerate delivery. Ideal for those interested in DevOps transformation and integrating cybersecurity into the development process, this talk covers topics such as Static Application Security Testing, Dynamic Application Security Testing, Interactive Application Security Testing, DevSecOps implementation and operating models, and security coding competitions.

Introduction
What is DevSecOps
DevSecOps Current Status
Challenge
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Interactive Application Security Testing (IAST)
DevSecOps Implementation Model
DevSecOps Operating Model
Automate DevSecOps Tools into CICD Pipeline
FOSS - Sonatype Neuxs IQ Server
Cyber Security Event - Security Coding Competition