We spoke at DTX 2021

Dan and Simon at the entrance to DTX at the eXcel centre in London
Dan and Simon at the entrance to DTX at the eXcel centre in London

Daniel was invited to present a 30 minute talk on DevSecOps at DTX in London.

It was a fantastic experience and you can stream the presentation here.

Earlier this year we were approached by the DTX organisers to present a quick introduction to DevSecOps and share our experiences enabling secure development for our clients.

Never one to shy away from a challenge, Daniel prepared a presentation which he delivered live to a much bigger audience than we expected!

Since DTX we’ve had some great engagement form organisations keen to build security into there existing application pipelines or to prevent security issues being deployed through the Infrastructure as Code deployments such as Terraform and Ansible. We held a webinar in October with some great networking at the end and even more great discussions.

The whole presentation is recorded and can be streamed on-demand from the bottom of this blog post.

Our audiences really liked our overview of the different types of tools, and how these might be integrated. You can get much more context to this in the video stream below but here is a quick summary:

  • Secret scanning
    automatically detect and prevent secrets from being released
  • Dependency scanning
    automatically detect and report known vulnerable dependencies
  • Code reviews
    a holistic, manual code review by an experienced third party
  • SAST
    automatically detect issues in the code using a rule based engine
  • DAST
    automatically detect issues in the application using a live scanning tool against the running application
  • IAST
    automatically detect issues in the application by tracing activity through the running application
  • Container scanning
    automatically scan Docker and Kubernetes container images for vulnerabilities
  • IaC
    deploy your applications and infrastructure from code, eliminating opportunity for human error
  • RASP
    block attacks from exploiting the application with an in-application intrusion prevention capability
  • WAF
    block attacks from reaching the application with an in-line Web Application Firewall
For more information, email us at [email protected] or call us on 0161 660 3545

A recording of our talk for those who couldn't make it.


Simon Gurney

- CTO -

Simon is one of the Punk Security Directors and has over 17 years experience working within IT, primarily focused on automation and InfoSec.

read more