This track is focused on the DevSecOps tools and techniques to embed security as part of CI/CD pipelines.
Schedule
Total sessions for this track: 57
| Monday | Tuesday | Wednesday | Thursday | Friday | |||||
|---|---|---|---|---|---|---|---|---|---|
| |||||||||
| |||||||||
|
|
| |||||||
|
|
| |||||||
|
|
| |||||||
| |||||||||
|
| ||||||||
|
|
Sessions not mapped to an day and time
- Adding security to VSTS pipeline
- Agile Practices for Security Teams
- AppSec SOC Monitoring Visualisation
- Cloud brokerage - authentication and authorisation
- Create a Slack bot in Python
- Creating Appsec metrics and visualisation
- Defining a Security Champion
- Defining a Security Champion
- Dependency management using Snyk
- DevSecOps Maturity Model (DSOMM)
- From Threat Modeling to DevSecOps metrics
- Integrating Security into an Spotify Model (and using Squads for Security teams)
- Integrating Security Tools in the SDL using OWASP DevSecOps Studio
- Owasp Cloud Security Workshop (BETA)
- OWASP Defect Dojo
- OWASP DevSecOps Studio
- Publishing apps in a VSTS security pipeline
- Securing GitHub Integrations
- Securing GitHub Integrations
- Securing the CI Pipeline
- Security Crowdsourcing
- Using activity-oriented metrics for Security
- Using The Hive for Incident Response
- Web Application Honeypot
- WebAuthn - Getting started workshop
- Writing security tests to confirm vulnerabilities and fixes
(back to all track's schedule)
Working Sessions 18
Here are the working sessions that are currently being planned.
| Title | Track | Description |
|---|---|---|
| Adding security to VSTS pipeline | DevSecOps | DevSecOps: adding security testing, review and configurations to a VSTS pipeline |
| Agile Practices for Security Teams | DevSecOps | Agile Practices for Security Teams |
| Create a Tech Radar for Security teams | DevSecOps | Session to consolidate and publish anonymised real-word playbooks |
| Defining a Security Champion | DevSecOps | |
| DevSecOps Maturity Model (DSOMM) | DevSecOps | DevSecOps Maturity Model (DSOMM) |
| From Threat Modeling to DevSecOps metrics | DevSecOps | |
| Integrating Security into an Spotify Model (and using Squads for Security teams) | DevSecOps | Best practice cheat sheet for integrating Agile Security into the Spotify model |
| Integrating Security Tools in the SDL | DevSecOps | Integrate security tools as part of CI/CD pipeline to find/fix issues early in SDL |
| Owasp Cloud Security Workshop (BETA) | DevSecOps | A beta session of the OWASP Cloud Security Workshop (not to be scheduled on the Tuesday) |
| OWASP Defect Dojo | DevSecOps | Working Sessions for Owasp Defect Dojo |
| OWASP DevSecOps Studio | DevSecOps | Working Sessions for Owasp DevSecOps Studio |
| Securing GitHub Integrations | DevSecOps | How to secure Github Integrations |
| Securing the CI Pipeline | DevSecOps | Secure the CI/CD pipeline |
| Security Crowdsourcing | DevSecOps | Working Sessions for Security Crowdsourcing |
| Share your playbooks and release them under Creative Commons | DevSecOps | Session to consolidate and publish anonymised real-word playbooks |
| SOC Monitoring Visualisation | DevSecOps | AppSec SOC Monitoring Visualisation |
| Web Application Honeypot | DevSecOps | |
| WebAuthn - Getting started workshop | DevSecOps |
User Sessions 8
Here are the users sessions that are currently being planned.
| Title | Track | Description |
|---|---|---|
| Adding CRS3 and Pixi to CircleCI pipeline | DecSecOps | Adding OWASP ModSecurity Core Rule Set 3 and Pixi to CircleCI pipeline |
| Create a Slack bot in Python | DevSecOps | Hands on session to show participants how to create a Slack bot in Python |
| Creating Appsec metrics and visualisation | DevSecOps | AppSec Metrics and Visualisation |
| Integrating Security Tools in the SDL using OWASP DevSecOps Studio | DevSecOps | Using DevSecOps studio to learn and teach Integrating security tools in the SDL |
| Publishing apps in a VSTS security pipeline | DecSecOps | Beginner level session on DevSecOps and publishing to the Cloud |
| secureCodeBox - How to improve your CI/CD pipeline with automated security tests | DevSecOps | Hands on session to introduce the new project secureCodeBox.io and how you could use it to improve your CI/CD pipeline with automated security tests easily. |
| Using JIRA to create and execute Security Playbooks | DevSecOps | Hands on session on how to use JIRA for incident response |
| Writing security tests to confirm vulnerabilities and fixes | DevSecOps | Hands on session writing security tests |
Please help
If you want to be involved please make the changes on GitHub and send a Pull Request with your ideas.
If you feel that there is missing working session that we NEED to have at the Summit, please create it.
Metadata
| Organizers | Imran Mohammed A Imran Mohammed A , Francois Raynaud Francois Raynaud |
|---|