EVENT

Open Source North

5 Open Source Security Tools All Developers Should Know About

Our Talk: 5 Open Source Security Tools All Developers Should Know About

The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls built - and the great part? It’s easily achievable through open source tooling.

In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools, including: Bandit or SEMGrep for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets & dependency checks (SCA), KICS for infrastructure as code (IaC) and OWASP’s ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing your applications from the first line of code, that will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that comes with time, as well as increased experience with your deployments, stacks, and security posture.

Code examples & demos will be showcased as part of this session.

‍

St. Paul, MN

May 24, 2022

Booth#

Meet the Team:

David Melamed

Co-founder and CTO

No items found.

Agenda

14:15 - 14:40

When Infra IS Code - Operations in a Serverless World

David Melamed

Co-founder and CTO

You cannot detach engineering processes and culture from the infrastructure.In this talk we will share from our experience of supporting and managing serverless production environments. We will discuss the not-so-obvious way it differs from managing other more common modern infrastructures and the impact it has on the operations methodology. we will discuss how it influences the developers day to day work and lessons learned.

DevOpsDays Tel Aviv

October 11, 2024; 1:30 AM-2:00 AM ET

Changing the Mindset: Security is QUALITY

David Melamed

Co-founder and CTO

Let's face it - now that we're a few years past the whole "shift left" trend, we can honestly say it has largely failed when considering security debt. Instead of solving issues earlier in the cycle, which was at the premise of the “shift left” promise, we mostly shifted the problem left. To date, security has largely been a source of friction between development and security teams––and fostering a proactive security culture among developers is still the holy grail a lot of companies are dreaming about without really managing to reach it. That's because this mindset needs a hard reset. We need to look at security completely differently. Security should not and cannot be decoupled from product quality - notably because developers are measured on code quality and velocity and not on how secure their code is. In the same way that our product's usability is a first-order engineering concern, security should be regarded in the exact same way. In this talk, I'll share some lessons learned and the way to bridge the gap between security and engineering, by changing the way it is viewed and implemented in current processes.

All Day DevOps