Hi [[ session.user.profile.firstName ]]

Taking Cloud-Native DevSecOps to the Next Level: A Case Study

As the microservices development environment becomes more and more popular in cloud-based companies, the CI/CD volume is getting bigger and bigger and is changing the way organizations such as LivePerson can integrate DevSecOps tools into their CI/CD processes.

Join Nir Koren, DevOps CI/CD Team Lead at LivePerson, as he discusses:

-Why it is crucial to enforce security scans from the get-go
-How LivePerson integrates security scans in their CI/CD for more than 300 microservices
-The tools LivePerson rely on in order to achieve DevSecOps
Recorded Oct 29 2020 53 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Nir Koren, DevOps CI/CD Team Lead at LivePerson
Presentation preview: Taking Cloud-Native DevSecOps to the Next Level: A Case Study

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Shifting Compliance & Security Left - Into the Hands of The Developers Dec 15 2020 6:00 pm UTC 58 mins
    Shiri Ivtsan, Director of Product Management at WhiteSource & Reza Alavi, Cyber Security Managing Consultant at Wipro
    The software world is alive with talk of shifting left - but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production.
    Shiri Ivtsan, Senior Product Manager at WhiteSource & Reza Alavi, Cyber Security Managing Consultant at Wipro will discuss how shift-left security capabilities rely heavily on an organization's ability to rapidly test and deliver to adopt a developer-friendly approach to continuous compliance & security.
  • The DevSecOps Showdown: How to Bridge the Gap Between Security & Developers Dec 10 2020 6:00 pm UTC 59 mins
    Jeff Martin, Associate VP Product Management and Rhys Arkins, Director of Product Management at WhiteSource
    DevSecOps requires processes and tools that enable weaving security throughout the DevOps pipeline. It is much more than a buzzword, and if you'd ask most organizations, well - they believe they are in the process of adopting DevSecOps tools and practices. But - are they?
    In order to deeply understand the state of DevSecOps implementation we need to learn more about the relationship between developers and security teams. After surveying more than 560 application security professionals and software developers we found several insights.
    Join Jeff Martin, Associate VP Product Management and Rhys Arkins, Director of Product Management at WhiteSource and learn:

    -The current challenges of the security and development teams when it comes to AppSec
    -The contradicting views & gaps between the teams on DevSecOps maturity
    -How to break the silos and advance towards DevSecOps maturity
  • The Developer’s New Normal: Quality and Security by Design Recorded: Nov 19 2020 60 mins
    Jeff Martin, AVP of Product Management @ WhiteSource and Marcus Merrell, Senior Director of Field Services @ Sauce Lab
    The shift left revolution is upon us. Developers’ roles are evolving as responsibility for application security expands into their domains so organizations can accelerate release velocity, increase productivity, and improve customer experience. The market is full of products offering to support these changes.

    How can digital leaders navigate through all of the noise and empower developers to level up their skills and embrace paradigm shifts?

    In this webinar, leading voices in the open source testing and security industries discuss strategies that DevOps leaders can use to help developers adopt the shift left movement.
    Join Jeffrey Martin, AVP of Product Management at WhiteSource, and Marcus Merrell, Senior Director of Field Services at Sauce Lab, as they discuss:

    -The importance of the cultural shift in modern DevOps teams and how to create systems that embrace these changes
    -Tips for breaking down traditional barriers between development and other teams in your organization to improve productivity, unify communication, and mitigate risk
    -How open source management technologies provide critical solutions and why digital organizations must not only leverage these tools, but also contribute to them
  • Application Modernization The Journey To The Cloud Using Open Source Recorded: Nov 17 2020 63 mins
    Mark Harrison, from Microsoft, Martin Callinan, from Source Code Control and Jason Hammond from WhiteSource
    Application modernization is a necessary part of cloud-centric business transformation. As Cloud adoption continues to grow, with migration to both public and private cloud infrastructure, enterprises need IT environments that enable them to drive product innovation. With the adoption of DevOps transformation it enables to leverage microservices, kubernetes, and containers, which helps remove huge dependencies within products and create smaller and independently deployable components. Organizations must simultaneously develop modernization strategies and adopt cloud native methods for application development.

    Successful application modernization is essential to digital transformation. In order to empower business agility and maintain competitive advantage, organizations must focus on adopting cloud native tools to improve their customer experiences. To start your modernization journey, you must understand the approaches and goals that are right for you organization

    We will discuss:
    - The business benefits of application modernization
    - Why open source software is an essential tool for organizations to modernize legacy application
    - Industry best practices and standards for continuous management of security and compliance of applications as they are moved to the cloud
  • How To Ship Secure Code With Confidence Recorded: Nov 11 2020 38 mins
    Matias Madou, CTO, Secure Code Warrior
    It is estimated that, globally, 111 billion lines of code is produced every single year. In a rapidly digitizing world, that number is only set to grow larger… along with the potential for more security issues. We are facing an uphill battle against a general AppSec skills shortage, the need for production at the speed of company innovation, and siloed teams not working to the same application security goals. With over 4 billion records stolen as a result of data breaches in 2019 alone, this has to change.

    Security awareness programmes remain a powerful, yet underutilised tool to inspire organizations to stay security-focused and engage teams to do their part in the fight against vulnerable code. With the right security awareness programme, you can effectively bridge the gap between the AppSec and dev cohorts, fostering a positive and collaborative culture to achieve common goals and create a better standard of software.
  • Code Security: Let’s Put Fears Aside and Learn Cool Things Recorded: Nov 5 2020 27 mins
    Nicolas Bontoux, VP Marketing at SonarSource
    Fears.. It’s like if they sometimes rule the security market.. If you don’t follow secure development practices, then your users’ personal data might get stolen… If you don’t do ‘DevSecOps’, then your app will be vulnerable and might get hacked… No doubt Application Security is an important topic, but is bringing up risks and fears really the best way to get development teams to care about secure coding practices?

    In this talk we will go through a different approach, a more powerful one: empowering developers. Developers love learning best-practices, they constantly seek to improve their code. By tightly coupling security tooling with developers’ workflow, you can get more than just mitigating risks and fears: you’re giving an opportunity for your development team to be more engaged, to truly understand the security of their code, and to continuously get better at keeping it secure.

    As you join this session, leave fears on the side, and come feel the good vibes of developer-led code security! It’s about developers learning and growing, it’s about teams maximizing their impact.
  • Taking Cloud-Native DevSecOps to the Next Level: A Case Study Recorded: Oct 29 2020 53 mins
    Nir Koren, DevOps CI/CD Team Lead at LivePerson
    As the microservices development environment becomes more and more popular in cloud-based companies, the CI/CD volume is getting bigger and bigger and is changing the way organizations such as LivePerson can integrate DevSecOps tools into their CI/CD processes.

    Join Nir Koren, DevOps CI/CD Team Lead at LivePerson, as he discusses:

    -Why it is crucial to enforce security scans from the get-go
    -How LivePerson integrates security scans in their CI/CD for more than 300 microservices
    -The tools LivePerson rely on in order to achieve DevSecOps
  • Optimising Threat Modeling to Meet Your Business Needs Recorded: Oct 27 2020 26 mins
    Simone Curzi, Principal Consultant, Cyber, Microsoft Consulting Services
    Threat Modeling is one of the best tools for Security and has been adopted successfully by various Companies around the globe, including Microsoft. Even if it has demonstrated to be a very effective approach, it has not shone for efficiency and has improved only so much compared to other development methodologies over the last years.

    All those problems have been reason enough to limit its adoption. It is past due time for change. It is time to make Threat Modeling the flexible, integrated, automated and customizable process you need. Please meet Threat Modeling vNext!
  • Secure Coding Best Practices Recorded: Oct 19 2020 57 mins
    Matthew Butler, Principal Engineer
    Computer systems are under siege 24 hours a day, day in and day out. The critical security infrastructure designed to protect those systems, won’t. The other side has the best security hardware and software systems other people’s money can buy and they have all the time in the world to find creative ways to defeat them. Meltdown and Spectre are prime examples of security vulnerabilities that have lurked dormant for decades. Or have they? If your systems are in any way connected to the outside world, the other side will get inside the wire on you. Know that going in.

    Whether you write applications, libraries or work in kernel code, the line of code you write today may very well be the vulnerability someone else finds tomorrow. By nature, every code base contains hundreds of attack surfaces and it only takes one serious vulnerability to compromise your system.

    In this talk we’ll see:

    -How hackers think and how they identify weaknesses in our systems.
    -How to identify hidden attack surfaces, attack vectors and vulnerabilities in critical systems.
    -Where the most common vulnerabilities in Modern software development are and how to avoid them.
    -Why common guidelines and static analysis tools often fail to find vulnerabilities.
    -How to use Threat Modeling to analyze complex systems and built security into our systems at design time.
    -How to use Trust Boundaries to protect critical infrastructure.
    -Why open source and third-party libraries are fast becoming hidden liabilities in our software and how to protect ourselves against their vulnerabilities.
    -What the best practices for protecting our code from attack are.


    The critical security infrastructure designed to protect your systems is largely out of your control. The one thing you can control is the next line of code you write. This talk is for anyone writes kernel, applications, or libraries that run in the real-world and that face real-world attacks.

    In today’s world, that’s all of us.
  • Deep Dive Container Security - Policies, Access Control & Managing Sensitive Dat Recorded: Oct 13 2020 26 mins
    Michael Hausenblas, Product Developer Advocate, AWS container service team
    In this hands-on sessions we dive deep into three areas of container security that deserve special attention, namely policies and their enforcements (Kubernetes network policies and OPA), access control (RBAC and general purpose IAM), as well as options how to deal with sensitive data (Kubernetes secrets, AWS Secrets Manager, Vault).
  • Myth-busting in Application Security Recorded: Oct 5 2020 59 mins
    Jennifer Czaplewski, Director, Product Security - Target
    There are a lot of myths in application security. By partnering with developers, Target has busted several common security myths and proved that an effective security program can take a different approach. This session will describe how to successfully implement a “credit score” to security measurement practices, build an exclusive security champions program, and stop “scanning all the things.”
  • Introduction to Cloud Native Security with Containers Recorded: Sep 28 2020 31 mins
    Michael Hausenblas, Product Developer Advocate, AWS container service team
    In this session we will review the pillars of cloud native security in the context of containerized workloads. We will cover topics such as securely building container images, runtime security, authentication and access control in Kubernetes, network traffic control, and secrets.
  • How Comcast Sped Up Development Without Compromising on Security Recorded: Sep 23 2020 60 mins
    Leo Zhadanovsky, AWS, Rhys Arkins, WhiteSource, Larry Maccherone, Comcast
    Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve.
    What's needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach that reinforces the DevOps culture and process changes. DevSecOps requires empowering security specialists to become self-service toolsmiths and advisors across the software development lifecycle (SDLC).
    Learn how making the necessary mindset shift and achieving an effective DevSecOps culture enabled Comcast to speed up development without having to compromise on security.

    In This Webinar, You'll Learn:
    •About the characteristics of security tools compatible with DevOps
    •A process model to accomplish the necessary mindset shift and achieve an effective DevSecOps culture
    •How to shift open source security left by managing vulnerabilities earlier in the SDLC
  • Attacking and Defending Cloud Native Infrastructure Recorded: Sep 15 2020 60 mins
    Andrew Martin, CEO and Co-Founder, Control Plane
    Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
    This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
    See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
  • The Open Source Licensing World Today and Where It's Heading Recorded: Sep 8 2020 61 mins
    Matt Asay, Head of Open Source Strategy and Marketing at AWS
    The known open source core model had many challenges which led several companies to try and find a better licensing model.

    Join Matt Asay, Head of Open Source Strategy and Marketing at AWS, as he discusses innovative companies like Cloudera, Redis Labs, MongoDB and RackN, and their solutions to problems like competing with cloud providers on add-on service selling and increasing their code contribution.

    Matt Asay will also be discussing the future of open source licensing models and why this doesn't need to be a zero sum game.
  • How Secure is Secure Enough? Driving Security Value with Threat Modeling Recorded: Aug 27 2020 31 mins
    Avi Douglen, Founder and CEO at Bounce Security
    We’ve all been there – we’ve each spent too much time and resources on security, but 3 months later we still get breached anyway. “But we followed all the ‘Best Practices’!” your developers cry.



    In this flash intro to secure software design, AviD will show why every software development process should start with Threat Modeling, and how to efficiently get security to contribute to the bottom line.
  • The Evil Internet: Vulnerability Prioritization Through the Eyes of Hackers Recorded: Aug 20 2020 58 mins
    David Habusha, VP Product at WhiteSource & Paulo Shakarian, CEO at CYR3CON
    It’s a fact: software development teams are constantly bombarded with an increasingly high number of security alerts. Since fixing all vulnerabilities is unrealistic, it’s imperative that teams find a method to zero in on the security vulnerabilities that matter.
    The key: prioritization.
    But, there’s a big question: Which is the best way to prioritize? There are certainly multiple ways teams can determine what to remediate first, but which are the best practices? And how does this correlate with the hacker community’s choices?
    We’ve looked at the data - and it’s certainly not what you think.
    Join David Habusha, VP Product at WhiteSource & Paulo Shakarian, CEO at CYR3CON, as they discuss:
    - The top 5 most common ways organizations prioritize security vulnerabilities
    - How each approach correlates with the perspective of the hacker community
    - The 2 best vulnerability prioritization approaches
  • Dependency Health: Removing the Barriers to Keeping Projects in Shape Recorded: Aug 13 2020 57 mins
    David Habusha, VP Product and Rhys Arkins, Director of Product Management
    Enterprises and Developers already know the importance of managing vulnerabilities and dependencies, so why do so many still fall behind? Like maintaining good physical health, software projects require more than just good intentions - there needs to be sensible and achievable process that developers want to follow, and the rewards must outweigh the demands.
    In this webinar, David Habusha and Rhys Arkins from WhiteSource will discuss some of today's challenges that hold enterprises back from having great Open Source dependency management, and identify what the missing pieces are for a future in which updates and vulnerability patches can be applied intelligently, safely, and in many cases even automatically.
  • The Security Phoenix: A Modern Approach to DevSecOps Focus on People Recorded: Jul 28 2020 58 mins
    Francesco Cipollone, Head of Cloud Security Alliance, Director of NSC42
    DevSecOps is usually a tool or fast speed approach to the organization. This talk, however, will take you through a different approach.

    With a holistic view of the organization, the security phoenix methodology takes into account a large organization with assessment, maturity matrix, scoring system and measurement options. We will walk through the problem of Build and Test (DEV/TEST) and how they relate to Design and Operate in a modern approach to SDLC.

    Why is the metric important and how to measure progress? The talk is aimed at specialists that want a holistic approach of DevSecOps, a practitioner that wonders where an architect or ops guy fits in this brave new world.

    The talk will give a real-life example, stories, as well as use cases to take the fluff talk out of the DevSecOps phrase! We talk real numbers and cases here, so tune in.
  • What Going All-Remote Taught Us About AppSec and Testing Shortfalls Recorded: Jul 23 2020 49 mins
    Rhys Arkins, Director of Product Management at WhiteSource and Gleb Bahmutov, VP of Engineering at Cypress
    The Covid-19 pandemic led to a lot of tech companies converting to remote teams almost overnight, and for some this may even become the norm.

    While conferencing such as Zoom are widely known for substituting for face-to-face meetings, it's much less appreciated how the disruption has increased asynchronous communication approaches as people are not always available online at the same time.

    Shifting to asynchronous communication has shown up some weaknesses companies may have had, particularly when it came to security and testing.

    If a company's approach to these had been more manual and revolved around the relevant people being co-located or in constant direct communication, then this lack of process or automation can result in increased risk.

    So as we adjust to new ways of working, how do you ensure that your appsec procedures are designed to withstand any changes in your team dynamics ?

    Join this session and leave with insights on:
    -What did going involuntarily remote reveal to us about existing security and testing weaknesses?
    -Practical examples of ad-hoc or manual security vs automation
    -What should change forever even if/once we go back to "normal"?
An open source security and licenses management solution
WhiteSource allows engineering, security and compliance officers to effortlessly secure and manage the use of open source components in their software, allowing developers to focus on building great products. WhiteSource fully automates all open source management processes: component detection; security vulnerability alerts and fixes; license risk and compliance analysis along with policy enforcement; quality review, and new version alerts. It offers a complete suite of control, reporting and management to help software teams manage open source truly effortlessly. For more information about WhiteSource, visit http://www.whitesourcesoftware.com or follow us on twitter: @whitesourcesoft

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Taking Cloud-Native DevSecOps to the Next Level: A Case Study
  • Live at: Oct 29 2020 5:00 pm
  • Presented by: Nir Koren, DevOps CI/CD Team Lead at LivePerson
  • From:
Your email has been sent.
or close