DevSecOps & Enterprise Security
Tuesday, December 7, 2021
It is very important nowadays to stay up to date with all of the cyber threats that are posing all over the world. It is widely known that there are not enough resources to be found to fill up every Security Operation Center (i.e. SOC). Therefore, many organizations struggle with coping with the massive amount of new type of attacks and generated alerts from their tooling.During this session, you will learn how to hunt (and automate your hunt) for active cyber threats in your environment and contain them using integrated connections to network, endpoint, and cloud products. This session is targeted at SOC management, cyber security engineers, threat hunters, and analysts. It will touch on threat detection, investigation and response. All the code will be made available after the session.
Penetration tests can give developers invaluable information on what issues slip past their reviews. Not only that, they can give clues on big-picture questions like “Do we have a wider design problem with user authorization?” or “Are we making repeat mistakes from one test to the next? Why?”
Rather than a lengthy to-do list, findings from a penetration test can be a collection of metrics you can track to improve the quality of your code, and the performance of your team. In this session, I’ll walk you through the most common metrics in penetration test reports, and map them to the questions they can help answer: from finding the bug, to fixing and preventing it.
“We’ll build it ourselves!”
We’ve all heard it, seen it, and likely been directly impacted by the decision to build a custom, in-house solution rather than use an existing one.
Whether it’s a CI/CD tool, artifact management solution, or even the entire DevOps tech stack, it’s a common misconception that building it internally is easier, cheaper, and faster. When, in fact, the complete opposite is true!
Modern development processes demand high levels of availability and performance, so building a custom system that provides both of these isn’t a trivial undertaking.
So why, then do enterprises continue to build in-house? And what exactly are the benefits of purchasing an existing solution? And how does this impact the quality of their overall organization?
Join Cloudsmith’s Dan McKinney in this session as he answers all of these questions while helping attendees understand the true difference between building and buying DevOps solutions, how to make the best decision for your organization, and the benefits of an existing solution made to solve the problems you face.
APIs are the data fabrics connecting modern applications. While it is a powerful tool for Dev and DevOps, it has also become a new attack surface for bad actors to gain access to sensitive data. Many existing API security solutions today are so inflexible and rule driven that they risk slowing down the development process. Lebin Cheng, Imperva’s Head of API Security, will help you navigate through the API Security noise with insights on:DevSecOps does not mean Dev and Sec need to slow each other down. How automated SecOps can speed up Dev and DevOps? What is the right DevSecOps approach to implement API Security?First hand insight into how a DigitalFirst organization took the first steps towards DevSecOps API Security, and how you can too?Other DevSecOps best practices.
Cloud engineers need tools that help them check that the infrastructure as code templates they’re developing adhere with all applicable industry compliance standards and custom security policies. And the organization needs to ensure their developers are using those tools, and that they’re using the correct policies.In this session, Josh Stella will talk about how to establish effective, efficient, and consistent IaC security, which is critical to preventing cloud misconfiguration vulnerabilities from reaching the runtime without slowing teams down. But if teams are using a completely different system and set of policies for checking the runtime for security and compliance, things start to fall apart. He will review: -How to prevent Critical vulnerabilities from slipping through the cracks -How to use policies to govern your cloud environment -Suggestions on how to prioritize and remediate issues
Ever wonder where your organization's DevSecOps effort stands relative to your peers? GitLab's fourth annual survey of developers provides insight into the maturity of DevSecOps and reveals key trends. We'll cover key takeaways to take your program to the next level.
This session will include information about how popular open source has become and how it is driving innovation for enterprises in today's market. Open source allows enterprises to get value to market faster, and ensure the survival of many businesses. But open source software (OSS) has recently been an attack vector and focus for cybercrime syndicates. How can you protect yourself? What are you up against? We will also cover how the Struts2 vulnerability, a common java OSS component, led to the attack and breach of several financial institutions. In this workshop, we will set up the Struts2 application and walk through not only how to exploit it, but also how to protect yourself from this attack.