Gurpreet Sachdeva

Session Overview

Cyber crime in its various forms is expected to cost the world more than US$6 trillion per year by 2021. There are nearly 1 Million Viruses and Malware created daily. With increased usage of open source and third-party components, it becomes challenging to insure these externally developed components do not introduce security vulnerabilities into the final product. While adoption of Agile practices leads to continuous software release but security checks get pushed towards the end of the release cycle. This more often than not leads to uncomfortable situations. Many times it leads to delays also. With higher code velocity comes the challenge of making sure every change is secure.

Security can no longer remain an after-thought, it has to be integrated at every stage of the software delivery life-cycle (design for security, secure coding, security testing, penetration testing in staging, and security monitoring in production). These controls can be tightly integrated in DevOps pipeline and become operational much like monitoring tools. Engineering teams have to continuously test for security at Development, QA and Staging phases. This session will explore how to integrate the ecosystem of technologies to build security checks in all phases of software development like Architecture, Design and Implementation in order to create a true DevSecOps practice.

Key Takeaways

• What is the impact of Lean and Agile practices on Security verification?
• How does adoption of Opensource and third party software increase the challenges of keeping our products secure?
• How can you perform Security testing continuously in different phases of Agile software development?
• How can adoption of DevSecOps practices lead to a culture of Continuous Security testing?
• How to integrate tools and technologies to perform security checks in all phases of software development?