We spoke at DTX 2021
Daniel was invited to present a 30 minute talk on DevSecOps at DTX in London.
It was a fantastic experience and you can stream the presentation here.
Earlier this year we were approached by the DTX organisers to present a quick introduction to DevSecOps and share our experiences enabling secure development for our clients.
Never one to shy away from a challenge, Daniel prepared a presentation which he delivered live to a much bigger audience than we expected!
Since DTX we’ve had some great engagement form organisations keen to build security into there existing application pipelines or to prevent security issues being deployed through the Infrastructure as Code deployments such as Terraform and Ansible. We held a webinar in October with some great networking at the end and even more great discussions.
The whole presentation is recorded and can be streamed on-demand from the bottom of this blog post.
Our audiences really liked our overview of the different types of tools, and how these might be integrated. You can get much more context to this in the video stream below but here is a quick summary:
- Secret scanning
automatically detect and prevent secrets from being released
- Dependency scanning
automatically detect and report known vulnerable dependencies
- Code reviews
a holistic, manual code review by an experienced third party
automatically detect issues in the code using a rule based engine
automatically detect issues in the application using a live scanning tool against the running application
automatically detect issues in the application by tracing activity through the running application
- Container scanning
automatically scan Docker and Kubernetes container images for vulnerabilities
deploy your applications and infrastructure from code, eliminating opportunity for human error
block attacks from exploiting the application with an in-application intrusion prevention capability
block attacks from reaching the application with an in-line Web Application Firewall