Our CEO Manuel spoke at the IPC 2017 in Munich about DevSecOps automation. We took a look around and picked the two other security related sessions which struck our eyes.
Dip Your Toes in the Sea of Security - by James Titcumb
"Assume your users are always trying to hack you"
James (@asgrim) gave the visitors a taster of what it takes to consider high security standards in modern web applications, such as writing secure PHP web applications and securing a Linux server. His talk compromises writing anything beyond a basic brochure website to the development of a complicated business web application. If you want to get an insight in the enormous topic of security and how to secure yourself of being vulnerable to any number of attacks - check James’ session.
The Security State of Open Source PHP Applications - by Dr. Johannes Dahse
“How bad is the security state of open source applications and plugins today?” - Johannes talks about common and curious security issues and mistakes. He also introduces static analysis techniques which will detect these complex issues by automation, as well as he provides an overview of the most common pitfalls which should be avoided in your application. The whole talk builds upon the most popular server-side language on the Web - PHP - which logically became the most favored language for Web attacks. Be aware of the risks of your open-source PHP application!
And last but not least:
How to automate your DevSecOps successfully - by Manuel Pistner
“I’m talking about security automation.”
Manuel’s session contains an overview about effective solutions to automate security relevant processes within DevSecOps. Based on the results of a study in which 80 software companies gave feedback on how they handle “Continuous Security in Open Source based Projects”, he analyzes the importance and prioritization of those security processes from the perspective of open source companies. The session encouraged the audience to talk about the capabilities of security automation. Join the discussion!