A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


SecDevOps: A Security Pro's Guide to Development Tools - Dan Cornell HouSecCon v6 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

SecDevOps: A Security Pro's Guide to Development Tools
Dan Cornell
HouSecCon 2015 v6

Security teams deal in penetration tests and vulnerabilities, and development teams deal in software defects, scrums and sprints. For the security professional, a failure to understand the way that development teams work and the tools that they use means that security vulnerabilities they identify will be hard to get remediated. This becomes an even greater issue as organizations try to roll out DevOps practices to gain greater efficiencies and responsiveness. This presentation walks through the tools and processes that development teams use to manage their workload, accomplish their goals, and track their success and lays out ways that security teams can better interface with developers to more successfully influence their priorities. The major tools discussed include defect trackers, integrated development environments (IDEs), continuous integration (CI) systems and metric tracking and demonstrations are given using open source examples of each. The presentation concludes with examples of healthy interaction patterns for security and development teams as well as interactions that lead to less healthy and less productive relationships.

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.,Cornell is an active member of the development community and a sought-after speaker on topics of web application security, speaking at international conferences including HouSecCon, RSA Security Conference, OWASP AppSec USA and EU and Black Hat Arsenal.

Back to HouSecCon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast