Name: Shifting Application Security Left: Where to Start
Start: 2019-09-03T09:00:00Z
End: 2019-09-03T09:34:00.000Z
Location: BrightTALK
Rating: 0

The webcasts in this channel will highlight trends and best practices for the application development lifecycle as well as how to make sure your application maintain a steady level of service.

DevOps is great, if you have the people, processes and tools to support it. In this session I’ll highlight the easiest ways for Java developers to work with their IT organizations and partners to deliver their code to the cloud, including the best ways to reliably make updates and maintain production cloud code. The focus is on real-world examples using Linux command line tools, open source tools including Jenkins, and other free SDKs and tools available on GitHub. The examples, tools and demos that I show are applicable to any cloud platform, and all are available on GitHub. I will show Microsoft Azure running the samples but will not be selling azure - this is a technical talk that will focus on the code.

DevOps for Java Shops

For competitive survival,  continuous improvement in product development capability is very important. DevSecOps and Agile development  are two very important framework for going in that direction though rolling out them may be fraught with challenges. There can be several reasons for that. This webinar will focus upon some of the best practices and lessons learnt from speaker’s past experience in multiple organizations and multiple products. This may benefit in making these transformations successful in your own organizations.

DevSecOps and Agile Transformation – Best Practices and Lessons Learnt

As COVID-19 shutdowns sent everyone working from home and close offices for a while, we took the opportunity to eliminate our physical infrastructure, network, domain, and servers and go completely virtual and cloud-based. In this session, we will cover:
What it takes to go virtual
What challenges we had to overcome
What benefits we achieved
What do we now that offices around the world are opening up
We will pay special attention in the session to the security aspects of this transition, both from an internal security administration standpoint and an external cybersecurity defense standpoint.
 
Attendees in this session should be interested in what it looks like to be 100% cloud-based and virtual, and what it takes to get there.

Thanks, COVID-19! Leaving Hybrid Behind To Go All Virtual

The cloud carries unique threats. The cloud Security Alliance  (CSA) is rapidly becoming the OWASP of cloud security standards. DevOps, containers, micro services, APIs, and orchestration are table stakes for effective cloud-native applications. Securing these software interfaces, configurations, and processes is NOT a trivial task. Furthermore, automation isn’t a panacea; in fact, it can mask critical security flaws that propagate. 
This session will describe the Top Threats to Cloud Computing (aka “the Egregious Eleven”), how to identify and mitigate these threats, and how they fit into a cloud-native security program.

The Egregious 11 — Defending Against the CSA Top Threats

When done right, cloud enables agility and speed, breakthrough innovation, economical business scalability, and security.  Cloud providers are rapidly expanding offerings and organizations are embracing these modern approaches.  Why are some organizations reaching new heights with the cloud while others face stormy weather?  In this presentation, you will learn approaches and tips to accelerate and secure a cloud-first strategy and cloud-native solutions.

Soar to New Heights in the Cloud: Tips to Accelerate and Secure

A rapid response time is critical to today’s digital business, pushing many organizations to adopt cloud-native, cloud-first approaches. Businesses must keep evolving to succeed in today’s fast-moving environment. Customers demand instant responses and businesses that can deliver are the ones gaining growth. Leveraging DevOps and instituting cloud platforms and modernized serverless strategies promote agility as well as provide a future approach for building cloud-native applications. This keynote session will share unique insights from current research on how business are adjusting to today’s customer demands and highlight the growth of agile methodologies to enable rapid application delivery. It will also explore how cloud-native technologies can provide an elastic, portable applications environment and how organizational maturity impacts heritage and cloud-native deployments.

The Future of Cloud-Native Applications

The changing needs of the business and evolution of DevOps are driving organizations to reexamine how they test.  Accelerating cycles, increasing need for flexibility, and the influx of DevOps and lean ideas require new thinking like Continuous Testing.  This shift has significant meaning for QA organizations and application testing.  
We will explore how automation, shifting left, ephemeral environments, and other DevOps/lean concepts are driving change into the IT value stream.  We will explore the idea of Continuous Testing and how it can help change your testing strategy to keep pace with tomorrow’s needs.

Continuous Testing: Bringing Continuous Flow to Application Testing

The role of the IT department has changed in recent years and is more aligned with the business than ever. In 2021, as DevOps becomes mainstream, what does this mean for the role of DevOps, automation and Agile in delivering business outcomes?

Join this panel as DevOps experts explore what opportunities - and challenges - DevOps and Agile can create for the business. Points of discussion will include:

- Are businesses investing enough in DevOps and IT teams to enable them to remain competitive in a landscape of accelerated Digital Transformation?
- How can businesses ensure that they reap the rewards of investments they do make?
- Improving cloud-native applications and how to unlock its full potential
- How to we take DevOps to the next level beyond just automation?

Improving DevOps Infrastructure in 2022

Cloud identity and access management resources such as AWS IAM are powerful infrastructure tools that are more akin to cloud-based networks. But the complex layers of cloud IAM configurations creates security challenges, and IAM misconfigurations are common in enterprise cloud environments. These vulnerabilities are now a primary attack vector for hackers and are often missed by compliance checks. 

In this session, Fugue co-founder Josh Stella will simplify how to think critically about IAM security in your cloud infrastructure environment. You’ll understand how to identify dangerous and overly-permissive IAM misconfigurations—and how hackers leverage these vulnerabilities to access your environment, discover resources, move laterally, and extract data without detection. 

Attendees will walk away with a clear understanding of:

How cloud IAM resources work and how to simplify your approach to IAM security 
How to spot dangerous IAM misconfiguration vulnerabilities in your cloud environment
Where compliance often misses with IAM security and how hackers exploit it

Locking Down the Security Of IAM

DevOps is quickly becoming a key to IT and business success.   The rapid pace of business change requires more nimble, flexible, and lean approaches like DevOps to meet tomorrow demands.  DevOps has evolved through multiple generations and is pushing towards Continuous Flow requiring technical, process, and people evolution to keep pace.  We will explore how DevOps has evolved and the impact to technologies, processes, and beyond.  We will explore ways to chart your path forward in this brave, new world.

NextGen DevOps: The Evolving DevOps Journey

As many organizations continue to evolve over time adopting new practices and procedures to enhance either their core product base or growth through a diverse set of offerings it is increasingly more critical to evaluate if the tools and culture that you grew up with fits your actual strategic direction. Often as an application or platform is imagined, designed, and then developed, the strategy focuses on the timeline and the features without considering the organizational culture as a challenge to optimal delivery. We will examine how GitOps differs from traditional DevSecOps and how adopting its collaborative practices and automation tooling can help to assure success in achieving a successful strategy for an organization.

Elevating an Organizations Road to Success Through Strategic Adoption of GitOps

DevSecOps is the push for security to fit into the success DevOps has created. Since 2015 we’ve been working with 100s of companies on the integration of DevSecOps into software development processes and have seen the troubles, the successes, and the same patterns coming up again and again. Therefore we have collected and are now sharing a Top 10 list of challenges that DevSecOps will need to overcome to truly fulfil its promise and make our lives simpler.
 
Let’s all repeat to ourselves: “DevSecOps isn’t simple. DevSecOps isn’t hooking in a few APIs into CI/CD. DevSecOps is about giving precise, usable security data, when and where it’s needed.”
 
Note that in this presentation we very much focus on DevSecOps achieving the same promise as DevOps, i.e. the ability to deliver usable, actionable security within the DevOps or CI/CD pipelines such that the risk to the business is reduced. This means the ‘Sec’ in DevSecOps needs to provide value within the operation and timeframe that DevOps works at. This is a common problem seen in many DevSecOps rollouts.

Navigating the Top 10 Challenges for DevSecOps

Kubernetes allows a lot. After discovering its features, it’s easy to think it can magically transform your application deployment process into a painless no-event. For Hello World applications, that is the case. Unfortunately, not many of us do deploy such applications day-to-day because we need to handle state. Though it would be much easier to have stateless apps, and despite our best efforts in this direction, state is found in (at least) two places: sessions and databases.

You need to think about keeping the state while stopping and starting application nodes. In this talk, I’ll demo how to update a Spring Boot app deployed on a Kubernetes cluster with a non-trivial database schema change with the help of Hazelcast, while keeping the service up during the entire update process.

Zero-downtime deployment on Kubernetes

When as a startup founder, you have the inspiration and Idea for your next venture, but you are often caught up in below questions:

- How do I ensure that my startup succeeds?
- How many features I should build for my clients and investors?
- Should I build the complete product before hitting the market?
- How will I get to know the user feedback and how to incorporate that in my product?
- What is a MVP, that all investors keep talking about? How to define and build a MVP?

Welcome to our webinar on "Idea to MVP in 12 weeks". Here, we address all these questions and much more.
We explain the framework of building a Minimum Viable Product (MVP) in 12 weeks to ensure your startup success.

Product Management Skills to take your Software Idea to MVP in 12 Weeks

In this presentation, Gleb will show how every commit and every pull request can run the full set
of realistic end-to-end tests, ensuring the web application is going to work for the user. He will look at
the modern CI setup, benefits of clean data environments, and parallelization speed-ups. Anyone looking
to learn how awesome the modern automated testing pipeline can be would benefit from this presentation.

Testing Web Apps on Every Commit, No Excuses

The demands of modern software development and the rise of DevOps are shifting security left into the early phases of the development lifecycle. Companies that navigate this significant cultural, organizational, and technological change well are outpacing their competitors. But where to begin?

In this session, we will describe five essential steps for shifting security left:

1) Make security autonomous from day one.
2) Integrate as you code.
3) Avoid false alarms.
4) Create security champions.
5) Maintain operational visibility.

Equipped with this guidance you can begin to make the changes that will transform application security into a responsibility that is shared by development and security and that continues once applications are in production and operation. By shifting security left, you unburden your security team, empower your developers to write better code from the start, and deliver stronger, better applications than your competitors.

This session is part of Veracode's "Your AppSec Game Plan" Summit.

Shifting Application Security Left: Where to Start

Application Security

DevOps

DevSecOps

Automation

Risk Management

Software Development

Security Culture

Secure Development

Cyber Security

visibility

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Shifting Application Security Left: Where to Start

Presented by

About this talk

More from this channel