Built-in security in an agile online software development environment

Speaker: Reinoud van Leeuwen

Abstract

We live in a fast-moving world. It's not uncommon in modern software development environments to do hundreds of releases in a microservices-based online application each week. Sounds great for management. But how do we keep it secure? Even when the programmers don't build new security holes themselves, we are dependent on lots of moving parts that are not built in-house.

This talk will look into the possible risks and some solutions:

• keeping track of CVE's
• scanning of repositories
• building small (and efficient) containers
• test containers and VM's against a security baseline
• having procedures in place to quickly fix things during incidents

Biography

Reinoud has been involved in Internet hosting since the early 90's. After being involved in the organisation of several big hacker conferences (HIP 1997, HAL 2001, WTH 2005), and working for a major dutch ISP (XS4ALL), and one of the major classifieds websites in the Netherlands (Marktplaats), he is now working for a security company called Tekkamaki.