Channel | Publish Date | Thumbnail & View Count | Download Video |
---|---|---|---|
Publish Date not found | 0 Views |
This playbook is divided into five different subject areas:
1. Development environment
2. Source code management
3. Continuous integration/deployment and other automation
4. Deployment environments
5. Organization
The DevSecOps playbooks distribute controls evenly across these 5 domains and emphasize that this is a group responsibility. There is also an appendix for compliance frameworks and how these map to the tasks and controls listed in the playbook.
In this talk, I will outline these 5 areas and talk about the different controls and tasks in each area. I will also give examples of how to implement each feature. Each task has a priority and a level of difficulty. The priority is a number from one to three, with one being the most important tasks and three being the last tasks you should do. For example:
The difficulty level indicates how difficult a particular step is. For example, using a credential store instead of .env files has priority one but difficulty two. This shows that the task should be prioritized, but at the same time shows that it is not a trivial matter.
By the end of this talk, my audience should be familiar with many specific security tasks that they can use in their own SDLC processes and have seen concrete examples of how to implement each task.
Moderator: Paul McCarty, SecureStack, Founder
(Apiiro Room, Day 1, Session 1)
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.