Wednesday 

Room 3 

17:40 - 18:40 

(UTC+01

Talk (60 min)

Security as Code: A DevSecOps Approach

Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities.

Application Security
DevOps
Hacking
SDLC
Security Tooling
Testing

Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization.

In this session, we will review lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.

Joseph Katsioloudes

Joseph Katsioloudes makes cyber security easy for developers as part of his role at GitHub Security Lab. He chose this career path because cyber was his own way, from a very young age, to provide ethical and dedicated service to organisations and the society as a whole. Latest public contribution include his YouTube series "SecurityBites" where he educates developers on common software bugs. Other highlights include a zero-day vulnerability for a Top 10 Cryptocurrency in 2018, the Final of International Innovation Awards in 2016, and Open-source contributions to Intelligence & Blockchain.