4 Barriers to DevSecOps Adoption

DevSecOps is a process that aims to build security in at the outset of software development. It ensures security audits and testing throughout the agile development process so that security is a priority – not an afterthought. A new survey of more than 1,000 security leaders conducted by Ponemon Research and security firm Reliaquest finds almost half (49%) of security leaders are enabling DevSecOps best practices in their organizations. That’s a promising number.

DevSecOps Road Trip Netherlands stop - Nanne Baars & Brian Vermeer

Session 1: From attack to writing code...what do you need to know as a developer? We will look at a concrete attack called: "XML external entity attack (XXE)" and see how we can trace it back to writing code. The described mitigations are simple: configure your parser securely, but is it this simple? We will focus on some examples and see if we can catch the attack with tests, code reviews, etc. Nanne Baars, Developer at Xebia and OWASP WebGoat Project lead

DevSecOps Road Trip UK stop - Andrew Martin & Lili Kastilio

Session 1: Threat Modelling Kubernetes Cloud native container and Kubernetes systems bring new threats and risks to our precious workloads. As cloud technologies undergo rapid innovation and new tools and techniques emerge, security can get left behind. The answer to this conveyor-belt of potential insecurity? Threat modelling!

Eliminate DevSecOps Friction with the Right Tools for Collaboration

An annual study that looks at the differences between organizations with mature DevSecOps practices and immature programs makes one thing clear: mature DevSecOps practices make developers happy. The survey, released annually by Sonatype, CloudBees, Signal Sciences, Twistlock and Carnegie Mellon’s Software Engineering Institute had 5,045 respondents from over 70 different countries in its most recent release.


ASOC series part 1: How application security orchestration and correlation can improve DevSecOps efficiency

Application security orchestration and correlation tools empower security teams to speed up the AppSec process without sacrificing quality. In its 2019 “Hype Cycle for Application Security” report, Gartner revealed a new, high-priority tool category called application security orchestration and correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability.


Overcome the Security and Compliance Challenges in DevSecOps

Organizations are under tremendous pressure to deliver innovative products and stick to tight release timelines. To keep up with the rapid release schedule, engineering teams are adopting the DevOps model for its increased efficiency and agility. It has changed the way that development teams think. As a result, continuously improving performance and delivering releases faster have become standard.