"Security as code" for automated development pipelines

Presented by

Andrey Pozhogin Senior Product Marketing Manager, Hybrid Cloud Security Kaspersky

About this talk

How to avoid letting supply chain attack compromise your most sensitive machines. Supply-chain attacks affecting software development when a malicious code is introduced into legitimate software through supply chain poisoning is an effective tool for cybercriminals. It has been used many times in the wild, successful attacks generating hundreds of thousands of downloads leading to successful pipeline compromise and backdoored software distribution. Such attacks tend to target the most sensitive production environments and are enabled and augmented by sub-par security practices and miscommunication between DevOps and InfoSec. The results are long-lasting, impacting the company image, relations and often bottom line. Let’s discuss how DevOps can introduce on-demand security to their CI/CD pipelines without hindering their KPIs.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (170)
Subscribers (14501)
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.