DevSecOps - Automating Security in DevOps

As part of this workshop attendees will receive a state-of-the-art DevSecOps tool-chest comprising of various open-source tools and scripts to help the DevOps engineers in automating security within the CI/CD pipeline. While the workshop uses Java/J2EE framework, the workshop is language agnostic and similar tools can be used against other application development frameworks.

Security is often added towards the end, in a typical DevOps cycle through a manual/automated review. However, in DevSecOps, security can be injected at every stage of a DevOps pipeline in an automated fashion. Having a DevSecOps pipeline enables an organization to

  • Create a security culture amongst the already integrated “DevOps” team.
  • Find and fix security bugs as early as possible in the SDLC.
  • Promote the philosophy “security is everyone’s problem” by creating Security champions within the organization.
  • Integrate all security software centrally and utilize the results more effectively.
  • Measure and shrink the attack surface.

In this workshop, we shall focus on how a DevOps pipeline can easily be metamorphosed into a DevSecOps and the benefits which can be achieved with this. The workshop will discuss a number of open-source tools and also the cultural changes needed to implement DevSecOps. The workshop will also present various case studies on how critical bugs and security breaches affecting popular software and applications could have been prevented using a simple DevSecOps approach.



Anand Tiwari

Anand Tiwari is an information security professional with nearly 6 years of experience in offensive security, with expertise in Mobile and Web Application Security. He has authored Archery—open source ...