DevOpsDays Chicago 2017 - Automating myself out of a job... by Jahmel Harris

38:58
 
Share
 

This series is archived ("HTTP Redirect" status)

Please note series archiving is a new, experimental, feature of Player FM with the aim of helping users understand how we fetch series and report on any issues.

When? This feed was archived on October 25, 2017 00:33 (). Last successful fetch was on October 21, 2017 07:04 ()

Why? HTTP Redirect status. The feed permanently redirected to another series.

What now? You might be able to find a more up-to-date version using the search function. This series will no longer be checked for updates. If you believe this to be in error, please check if the publisher's feed link below is valid and contact support to request the feed be restored or if you have any other concerns about this.

Manage episode 189933175 series 97406
Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.
DevOpsDays Chicago 2017 - Automating myself out of a job - A pentesters guide to left shifting security testing by Jahmel Harris The security industry works best with a waterfall approach to development and has not keep up with modern methodologies. This talk will look at tools and techniques to shift security testing left so software can be released early and often without increasing risk to the organisation. Security is big business. Between security companies trying to sell us security-in-a-box and infosec professionals charging a fortune to tell us “we’re doing it wrong”, is it any wonder security is still an area that often deprioritised? In this talk, we’ll look at what we should be doing to left shift security testing. By removing the fear and blame pushed by a lot of the security industry, we can start to see what can and should be automated and what really does need a security expert. We’ll look to understand that writing secure applications does not need to be costly and not all applications need to have the same level of security. By looking at real penetration test reports, we will look at the tools and techniques we can use to detect vulnerabilities automatically and early in the development lifecycle, ultimately allowing us to release software often and quickly while still having a good understanding of our application’s risk. The aim of this talk will be to understand why security has not kept current with modern development practices and give developers the ability to integrate security into the development pipeline.

902 episodes available. A new episode about every 2 days averaging 42 mins duration .