We spoke at DTX 2021

Earlier this year we were approached by the DTX organisers to present a quick introduction to DevSecOps and share our experiences enabling secure development for our clients.

Never one to shy away from a challenge, Daniel prepared a presentation which he delivered live to a much bigger audience than we expected!

Since DTX we’ve had some great engagement form organisations keen to build security into there existing application pipelines or to prevent security issues being deployed through the Infrastructure as Code deployments such as Terraform and Ansible. We held a webinar in October with some great networking at the end and even more great discussions.

The whole presentation is recorded and can be streamed on-demand from the bottom of this blog post.

Our audiences really liked our overview of the different types of tools, and how these might be integrated. You can get much more context to this in the video stream below but here is a quick summary:

• Secret scanning
  automatically detect and prevent secrets from being released
• Dependency scanning
  automatically detect and report known vulnerable dependencies
• Code reviews
  a holistic, manual code review by an experienced third party
• SAST
  automatically detect issues in the code using a rule based engine
• DAST
  automatically detect issues in the application using a live scanning tool against the running application
• IAST
  automatically detect issues in the application by tracing activity through the running application
• Container scanning
  automatically scan Docker and Kubernetes container images for vulnerabilities
• IaC
  deploy your applications and infrastructure from code, eliminating opportunity for human error
• RASP
  block attacks from exploiting the application with an in-application intrusion prevention capability
• WAF
  block attacks from reaching the application with an in-line Web Application Firewall

For more information, email us at [email protected] or call us on 0161 660 3545