Developing secure code in a DevSecOps world

DevSecOps - Netherlands is a DevSecOps community for anyone interested in securing a software development lifecycle (DevSecOps). To deliver secure innovations and shift security left, organizations must commit to changes in skills, culture, technology and processes. Join this community to learn more about DevSecOps and how to make it successful within your organization.

DevSecOps - Netherlands

<HR>
<H2 CLASS="MsoNormal">Agenda</H2>
18:00 – Welcome with food and drinks
18:30 – First talk by Wim Provoost, Secure Code Warrior
19:30 – Second talk by Riccardo Ten Cate, Xebia
20:30 – Networking
21:00 – End
 
<HR>
 
Location: Rabobank, Croeselaan 18, Utrecht
Go to the main entrance and follow our DevSecOps MeetUp signs.
How to reach: 5 min walk from Utrecht Central Station.
Parking: 
1) P3 paid parking (https://goo.gl/maps/99qNDh29HbA2)
2) We are checking if parking at Rabobank is possible.
 
<HR>
<H2 CLASS="MsoNormal"> </H2>
<H2 CLASS="MsoNormal">Together DevSecOps Netherlands and Rabobank have organized the second Meetup for the growing DevSecOps community in the Netherlands. The evening will consist of interesting talks by two security speakers from Belgium, Wim Provoost, and the Netherlands, Riccardo Ten Cate. We hope you enjoy the talks and wish you a great evening. </H2>
<H2>Join our Meetup group: <A HREF="https://www.meetup.com/DevSecOps-Netherlands/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">https://www.meetup.com/DevSecOps-Netherlands/</A></H2>
<H2>Follow us on Twitter: <A HREF="https://twitter.com/DevSecOpsNL" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">@DevSecOpsNL</A></H2>
 
<HR>
 
Wim Provoost
Summary: Security is a big concern in application development as breaches appear in the media on a regular basis. Up to 90 percent of security issues are caused by problems or oversight in the code (U.S. Department of Homeland Security, “Infosheet Software Assurance”, <A HREF="https://www.us-cert.gov/sites/default/files/publications/infosheet_SoftwareAssurance.pdf" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">https://www.us-cert.gov/sites/default/files/publications/infosheet_SoftwareAssurance.pdf</A>). 
While the goal of DevSecOps is nobel, introducing security earlier in the life cycle of application development and thus, minimizing vulnerabilities, reality is different. Many security and compliance monitoring tools have not kept up with this pace of change, as they simply were not built to test code at the speed that DevOps requires. If DevSecOps wants to be successful, drastic changes will be required in how companies as a whole address security. Simply shifting the responsibility for security from the Application Security team towards the DevOps team, without further actions, will lead to even more vulnerabilities. 
In this talk, we will outline the pitfalls of moving from DevOps to DevSecOps and how software security can be brought into a software engineers’ life, so it can effectively improve the security of their applications with minimal impact on their daily tasks.
Bio: Wim Provoost is a seasoned Product Manager with more than 15 years of experience in the IT industry. He has successfully brought many technology products from idea to market and is now spearheading Sensei, Secure Code Warrior’s real-time security coaching, knowledge sharing and auto-correction solution. 
Wim holds a master’s degree in computer science engineering and a master’s degree in economics.
Twitter: @Wimpers_be
LinkedIn: <A HREF="https://www.linkedin.com/in/wimpers/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">https://www.linkedin.com/in/wimpers/</A> 
 
 
<HR>
 
Riccardo Ten Cate 
 Summary: Making the web secure, by design! During my work as a penetration tester, I found that there are a lot of vulnerabilities being introduced in applications that could have been prevented in an earlier stage of development. We can see the latest trend in integrating security tooling into CI/CD pipelines. However, security tooling integrated in your security pipelines will not cover the whole attack surface. This is because the tooling can never understand the full context of the applications’ functions and logic.
On the other hand, resources in the form of manual verification can often be scarce and expensive. 
Where do we find the right balance between security test automation and manual verification? 
Even more importantly, how do we train the developers to understand the metrics and make security part of their process and culture? 
This could be achieved by setting up an (S)SDLC, but what does a good (S)SDLC consists of? 
This talk will guide everybody willing to take the maturity of their security in software development to a higher level.
Bio: As a penetration tester from the Netherlands, Riccardo specializes in web-application security and has extensive knowledge in securing web applications in multiple coding languages. Riccardo also has expertise on implementing security test automation in CI/CD pipelines and is the project leader of the OWASP security knowledge framework.
Twitter: @RiieCco
LinkedIn: <A HREF="https://www.linkedin.com/in/riccardo-ten-cate-a0b79780/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">https://www.linkedin.com/in/riccardo-ten-cate-a0b79780/</A> 
 
 
<HR>
 
 
Keywords:
-Secure Coding
-DevSecOps
-CI/CD pipelines
-(S)SDLC
-Application Security

Rabobank

Our {communityGuidelinesLink} describe the sort of content we prohibit on Eventbrite. If you suspect an event may be in violation, you can report it to us so we can investigate.

To report other categories of prohibited or illegal content, submit {link}

Developing secure code in a DevSecOps world

More events from DevSecOps - Netherlands

Follow organizers to get events picked for you

Still looking for the right event?

Explore all events in Utrecht and filter by date, category, and more to find the perfect fit.

Developing secure code in a DevSecOps world

More events from DevSecOps - Netherlands

Follow organizers to get events picked for you

You might also like...

Sign-In for personalized recommendations

Still looking for the right event?

Explore all events in Utrecht and filter by date, category, and more to find the perfect fit.