BREAKFAST SEMINAR - OSLO
SecDevOps: How to integrate security into DevOps
Learn how to make security an integral part of the development workflow without sacrificing speed or slowing down development.
DevOps teams are challenged to deliver solutions at a high speed, without compromising security, compliance, and quality of code. The concept of SecDevOps introduces a security-focused mindset and best practices into traditional DevOps processes.
In this seminar, mnemonic will present how you can integrate security controls within a DevOps pipeline. Furthermore, we will hear from Palo Alto Networks about securing the cloud from the inside out by providing their comprehensive cloud security solution, Prisma.
To wrap it all up, you will learn about Adversary, an online security training tool for developers with an emphasis on understanding software vulnerabilities.
See you there!
Registration and breakfast
Integrating security controls within a DevOps pipeline
Since 2009, DevOps has been adopted as the standard software development methodology by an ever-growing number of companies. The need for security in DevOps is of vital importance given the rapid changes the methodology entails.
Espen and Morten will present the principles of integrating Security as a part of your DevOps Pipeline, and mnemonic's take on how one should proceed in reaching this goal. In turn, they will wrap it up with a demo of Azure Pipelines, utilizing a variety of security controls.
After attending this presentation, you will understand the role of automated and integrated security controls in a DevOps Pipeline, the various categories of security controls, and in addition, being able to choose security controls that will provide quick wins.
Technical level: 4/5
Secure the cloud from the inside out
As enterprises modernise their software development pipelines and embrace cloud native architectures, they quickly discover a cloud security landscape fragmented with disparate approaches to security that lack consistency in controls across applications, data and infrastructure. The cloud security market is at an inflection point where a radical and unified approach to cloud security for applications, information and infrastructure will look current and relevant for enterprise customers.
In this presentation, Glenn will demonstrate how you can build, ship, and run securely with protection from Palo Alto’s comprehensive cloud native security platform, Prisma.
Technical level: 3/5
Adversary: play, hack and learn
Every field of information security deals with code one way or the other. Everybody uses software and platforms and interacts with tons of code each day without thinking about it. Which consequences does weak code actually have? What does it look like? How can it be leveraged for malicious purposes?
We have tested a new platform called Adversary, an interactive platform in CTF-style, designed to train professionals in analysing code and finding the weaknesses. This is useful for developers, pentesters, security analysts, or people just wanting to learn more about security.
In this presentation, you will get a rundown of the platform, and the insights we have learned while playing with it.