Training: 8–9 November 2016
Tutorials & Conference: 9–11 November 2016
Amsterdam, NL

Continuous security

Stein Inge Morisbak (Bekk Consulting AS), Erlend Oftedal (Blank Oslo)
14:10–14:50 Thursday, 10 November, 2016
Bridging business and security
Location: G106/107 Level: Intermediate
Average rating: ***..
(3.50, 2 ratings)

What you'll learn

  • Learn how to integrate security into continuous delivery

Description

In a world of continuous everything, each discipline has to find ways to provide value fast and reliably. Business people need to be able to adapt to an ever-changing world, developers need to deliver software many times per day, and operations need to provide high-availability infrastructure in an instant. Stein Inge Morisbak and Erlend Oftedal explore how to integrate security into this work stream.

Reviewing every code change quickly becomes impractical. Integrating security tools into the development and security cycles is hard when you need to focus on security without introducing any noise. Automation as close as possible to when code is written is key to prevent vulnerabilities before they are shipped. But how does one go about automating security? And even when you have done your best effort of not introducing vulnerabilities into production, you are only halfway there.

Development, test, and QA are not hostile environments when it comes to security. The real test happens after you have hit production. Stein Inge and Erlend present experiences with security work on a team delivering continuously, explain the state of continuous delivery and how this affects working with security together, and offer some recommendations for the future.

Photo of Stein Inge Morisbak

Stein Inge Morisbak

Bekk Consulting AS

Stein Inge Morisbak is Manager and Head of Bekk Consulting’s commitment to Continuous Delivery, DevOps and Cloud. He considers himself a cross disciplinary technologist and has 20 years of experience both contributing to and helping others become better at producing excellent software together. He is also an experienced speaker at conferences, organizer of DevOpsDays Oslo and the founder of DevOps Norway Meetup.

Photo of Erlend Oftedal

Erlend Oftedal

Blank Oslo

Erlend Oftedal is an experienced security consultant and developer currently working as CTO at Blank Oslo. He has worked as a developer and secure coder for over 10 years. He is an experienced speaker and the OWASP Norway chapter lead.