Reinoud van Leeuwen - Built-in security in an agile online software development environment
Abstract
We live in a fast-moving world. It’s not uncommon in modern software development environments to do hundreds of releases in a microservices-based online application each week. Sounds great for management. But how do we keep it secure? Even when the programmers don’t build new security holes themselves, we are dependent on lots of moving parts that are not built in-house.
This talk will look into the possible risks and some solutions:
keeping track of CVE’s
scanning of repositories
building small (and efficient) containers
test containers and VM’s against a security baseline
having procedures in place to quickly fix things during incidents
Biography
Reinoud has been involved in Internet hosting since the early 90’s. After being involved in the organisation of several big hacker conferences (HIP 1997, HAL 2001, WTH 2005), and working for a major dutch ISP (XS4ALL), and one of the major classifieds websites in the Netherlands (Marktplaats), he is now working for a security company called Tekkamaki.