Deep-Dive into the DevSecOps Framework

Presented by

Eric Sheridan, Chief Scientist, WhiteHat Security

About this talk

Finely-tuned DevOps provides many benefits to an enterprise, including speed of development, improved deployment frequency, better collaboration between Development and Operations teams, lower failure rates of new releases, and faster times to market. But DevOps software development also presents a fundamental challenge to traditional software security practices. Application security often runs at the end of the software life cycle (SLC), and isn’t in DevOps’ hands. The issue then becomes: how to secure DevOps and make it DevSecOps? As application development within Agile environments has increased, the need to bring security into the DevOps equation and enable developers has also grown. Software development is much quicker in an Agile environment. Without proper security or software composition analysis, the breadth of undetected security vulnerabilities can grow farther and faster. With more entryways vulnerable to attack (due to more functionality being introduced in applications), the frequency of attacks has also increased. Thus, the term DevSecOps looks to integrate and open cross-functional organizational structures / communications to include application security throughout the SLC and post-release lifespan. Just as DevOps sought to lower the failure rate of the product, DevSecOps seeks to lower the number of vulnerabilities and increase efficiency for detection of the time-to-fix rate. Join WhiteHat Security’s Chief Scientist, Eric Sheridan, as he discusses the DevSecOps framework from development, build, to deployment.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (59)
Subscribers (19736)
NTT Application Security is driving the future of application security. For nearly 20 years, organizations around the globe have relied on NTT Application Security to secure their business’ digital footprint in an increasingly application-driven world. Bolstered by its award-winning, cloud-based application security testing platform, NTT Application Security delivers industry-leading accuracy by combining artificial and human intelligence to help security teams quickly identify and remediate potential vulnerabilities. Formerly WhiteHat Security, the company is an independent, wholly-owned subsidiary of NTT Ltd. and is part of NTT’s security services portfolio. NTT Application Security is headquartered in San Jose, Calif., with regional offices in Houston and Belfast. For more information, visit