Introducing Veracode DevOps Penetration Testing

Logo
Presented by

Tom Eston, Manager, Penetration Testing at Veracode & Jamie Rougvie, Principal Penetration Tester, Veracode

About this talk

DevOps can be challenging for many organizations when thinking about all the different areas of the DevOps process that require security testing. Organizations that begin to “shift left” often find significant gaps in the security of infrastructure and operational components that are now integrated into the development process. Many of the technologies being used in DevOps are also very new to most organizations and are more recently starting to become “mainstream”. Containers like Docker, orchestration technology like Kubernetes, cloud storage like Amazon S3 and MongoDB instances, not to mention existing cloud infrastructure which can all be misconfigured or have vulnerabilities that have led to countless data leaks and breaches in the news. But we also can’t forget about the developers either. What can be found being discussed on GitHub, Stack Overflow or other online sources about your applications through Open Source Intelligence (OSINT)? While there is no question that automating security testing in your DevOps process is a requirement, there still is a need for penetration testing, which provides more than just finding and exploiting vulnerabilities, but also a look into the attacker perspective. In this webinar you’ll learn about: •The challenges organizations face when “shifting left” from a security testing perspective •How vulnerabilities in DevOps infrastructure, operations, and the developers themselves are leveraged by attackers to compromise applications •How Veracode’s DevOps Penetration Testing offering can be part of your DevOps process for security testing and compliance
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (396)
Subscribers (31055)
Veracode is intelligent software security. The Veracode Software Security Platform continuously finds flaws and vulnerabilities at every stage of the modern software development lifecycle. Prompted by powerful AI trained by trillions of lines of code, Veracode customers fix flaws faster with high accuracy. Trusted by security teams, developers, and business leaders from thousands of the world’s leading organizations, Veracode is the pioneer, continuing to redefine what intelligent software security means. Learn more at www.veracode.com