THIS TUTORIAL HAS REQUIREMENTS AND INSTRUCTIONS LISTED BELOW
Everyone knows that we need to harden our code before it goes into production, but very few actually test for security flaws in their delivery pipeline. We will show a basic continuous delivery pipeline that should be familiar to anyone who has worked with continuous integration, and then proceed to add steps to identify security issues in a typical web application stack. We’ll demonstrate how to:
We’ll also talk about practical considerations; like when to block the pipeline and when to just alert someone to the potential danger, and how to prevent your build time going through the roof.
Attendees will be able to follow along either online or by building the pipeline locally on their own computers. All of the source code will be open source and available for people to use for testing their own applications after the conference. We’ll use a range of open source technology including OWASP ZAP, Gauntlt, Jenkins, Vagrant, and more.
At the end, the attendee will:
TUTORIAL REQUIREMENTS AND INSTRUCTIONS FOR ATTENDEES
Attendees will need:
* a GitHub account
* a Travis CI account
* a computer with a web browser
QUESTIONS for the speaker?: Use the “Leave a Comment or Question” section at the bottom to address them.
James is involved in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud. He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapid-growth startups. From his work at Mentor Graphics, James helped launch four cloud based-products for the Embedded Software Division.
James is a dynamic speaker on topics in cloud computing, cloud security and Rugged DevOps. He is the creator and founder of the Lonestar Application Security Conference which is the largest annual security conference in Austin, TX. He holds the following security certifications: CISSP, GWAPT, GCFW, GSEC and CCSK.
I’m a professional and experienced software developer based in
Cambridge, UK. By day I work for the UK Government fixing the internet. By night I curate the devops weekly email newsletter, hack on various open source projects, organise local meetups in London and write tutorials or articles about software development and web
Comments on this page are now closed.
For exhibition and sponsorship opportunities, contact Gloria Lombardo at email@example.com
For information on trade opportunities with O'Reilly conferences contact firstname.lastname@example.org
For media-related inquiries, contact Maureen Jennings at email@example.com
View a complete list of Velocity contacts