filmov
tv
Workshop: Scaling your AppSec Program with Semgrep
Показать описание
▬▬▬▬▬▬ SHOW SPONSOR ▬▬▬▬▬▬
▬▬▬▬▬▬ Abstract & Bio 📝 ▬▬▬▬▬▬
Between Agile, DevOps, and infrastructure as code, development is happening faster than ever. As a security team, it can be tough to keep up.
How can you help empower your engineering counterparts to ship software quickly and securely?
An increasingly popular answer is secure defaults - make it easy to do the secure thing, and hard to do the insecure thing, whether that’s parsing XML files, interacting with the database, authorization, or any other security-relevant functionality.
Done properly, secure defaults (also called “guardrails” or building a “paved road”) can effectively eliminate classes of vulnerabilities from ever occurring in the first place, effectively scaling your security team.
The power of secure defaults has been praised by established companies like Netflix, Google, Facebook, and Microsoft as well as rapidly growing mid-sized companies and even start-ups.
“But I don’t have a FAANG-sized budget or headcount, what can I do?”
This workshop will show you:
How to start getting security coverage of all of your repos continuously in CI in minutes
Best practices in rolling out continuous code scanning - what to focus on, what to ignore, and how to maintain good working relationships with development teams
How to use this scanning to enforce secure defaults across your org
How to enforce security best practices unique to your organization using the open-source static analysis tool Semgrep, around nuances like authorization, authentication, secret management, etc.
This workshop will be part big picture ideas and best practices, and a lot of hands-on examples and demos. You’ll leave with some insights, open-source tools, and actionable tips to get started immediately.
INSTRUCTOR: CLINT GIBLER
▬▬▬▬▬▬ Useful Links from Clint Gibler 🛠 ▬▬▬▬▬▬
▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬
▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬
▬▬▬▬▬▬ Abstract & Bio 📝 ▬▬▬▬▬▬
Between Agile, DevOps, and infrastructure as code, development is happening faster than ever. As a security team, it can be tough to keep up.
How can you help empower your engineering counterparts to ship software quickly and securely?
An increasingly popular answer is secure defaults - make it easy to do the secure thing, and hard to do the insecure thing, whether that’s parsing XML files, interacting with the database, authorization, or any other security-relevant functionality.
Done properly, secure defaults (also called “guardrails” or building a “paved road”) can effectively eliminate classes of vulnerabilities from ever occurring in the first place, effectively scaling your security team.
The power of secure defaults has been praised by established companies like Netflix, Google, Facebook, and Microsoft as well as rapidly growing mid-sized companies and even start-ups.
“But I don’t have a FAANG-sized budget or headcount, what can I do?”
This workshop will show you:
How to start getting security coverage of all of your repos continuously in CI in minutes
Best practices in rolling out continuous code scanning - what to focus on, what to ignore, and how to maintain good working relationships with development teams
How to use this scanning to enforce secure defaults across your org
How to enforce security best practices unique to your organization using the open-source static analysis tool Semgrep, around nuances like authorization, authentication, secret management, etc.
This workshop will be part big picture ideas and best practices, and a lot of hands-on examples and demos. You’ll leave with some insights, open-source tools, and actionable tips to get started immediately.
INSTRUCTOR: CLINT GIBLER
▬▬▬▬▬▬ Useful Links from Clint Gibler 🛠 ▬▬▬▬▬▬
▬▬▬▬▬▬ Hosts 🎙️ ▬▬▬▬▬▬
▬▬▬▬▬▬ Connect with Us 👋 ▬▬▬▬▬▬
2:10:15
0:48:59
2:04:21
0:46:10
0:20:05
0:02:46
1:03:51
1:53:35
0:52:40
0:14:44
0:03:25
1:28:49
2:30:01
0:13:03
1:57:06
0:47:50
0:43:41
0:59:41
0:38:35
0:50:32
0:55:31
3:19:56
0:56:49
0:46:59