Security as Code: A DevSecOps Approach (EN)

Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization. In this session, we will
review lessons learned from DevOps to implement a thriving DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code. We will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.

Speaker

  • Joseph Katsioloudes
    Joseph Katsioloudes
    GitHub Security Lab

    Joseph Katsioloudes and his team at the GitHub Security Lab work at the forefront of Open Source Security and they shape it every day. Joseph chose this career path because from a very young age, security was his own way to provide ethical and dedicated service to organisations and the society as a whole. Joseph holds two engineering degrees, a Bachelors of Engineering in Computing from Imperial College London and a Masters in Cyber Security Engineering from the University of Warwick.

    His most recent contributions to the Open Source Security ecosystem include education material in the form of video with which he educates developers how to avoid common software flaws. Previous highlights include a zero-day vulnerability for a Top 10 Cryptocurrency in 2018 as part of his university Thesis and open-source contributions to OSINT & Blockchain.

Date

Nov 15 2022

Time

14:15 - 14:45

Location

Elisabeth