Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Post DevOps What Should We Shift-Left

Riotaro OKADA
September 25, 2021
1

Post DevOps What Should We Shift-Left

Post DevOps What Should We Shift-Left
ポストDevOps、これから我々は何をシフトレフトすべきか

Abstract:
The traditional V-shaped quality assurance of waterfall has been replaced by DevOps and CI/CD. It is clear that fast improvement cycles have contributed to making the code much easier to maintain and higher quality.
But why is it that AppSec is still vulnerable to attacks and has yet to mature? Do automated mechanisms contribute to robustness against change?
In this talk, I will show what we have learned through our experience of organizing Hardening Project in Japan. I will cover the critical points related to each stage of DevOps to take DevOps to the next stage - they are about risk profile, architecture design of threat response, and operational matter. I hope it will show some challenges that AppSec faces in its further evolution.

Riotaro OKADA

September 25, 2021
Tweet

More Decks by Riotaro OKADA

Transcript

  1. My idea – “proactive controls” Be a guardrails. Discuss the

    most effective fixing points and timing Study their languages and environments Update frequently and show flexibility Give reasonable countermeasures, even if it is “plan-B” Teach how developers can check findings by themselves. Have the common goal and Praise their success Have good experience to collaborate with different roles. Join OWASP