09:15 - 10:00
Organizations have been using DevOps for several years now to enable faster delivery of software to the market. End-to-end DevOps is becoming the goal of organizations. Within this rapid development, security becomes a concern. Security has always been a separate silo that defines security requirements and demands for certain security controls to approve new software code. In most cases, security is involved at a later stage when it is expensive to make changes or apply fixes. Thus, it becomes an added layer on top of the application, rather than an integrated part. The goal of the presentation is to show how to integrate security concepts in the development and the operation phases of software production. This includes understanding the meaning of application security and the risks that can be mitigated during the DevOps process. It is cheaper to patch security issues as early as possible, therefore focusing on security has to happen in the planning phase of each increment. The presentation will also show how it is possible to include security within a DevOps team , the set of skills required and the new tools to be add the pipeline.