Slides of our talk can be downloaded here.
Details on the session are available here: https://exploitcon.com/#/west
Developing software that changes the world, exceeds customer expectations, provides turn-key functionality in diverse scenarios while meeting security and compliance requirements is the holy grail of Security Development Operations (SECDEVOPS). There are thousands of variables that need to be constantly addressed to find the balance that delivers sustainable and secure success. In this session, WitFoo’s chief engineers will outline an innovative approach to secure devops called Metric Driven Development. It will cover the following topics:
– Creating a metric collection infrastructure to alert on security and functionality deficiencies
– Utilizing metrics to write optimized unit and system tests
– The optimal value of code coverage, application pen-testing and static code analysis
– Integrating metrics into customer support evolutions
– The place of containerization in SECDEVOPS
– Build metric driven use cases from hypothesis to pivot
By the conclusion of the session, attendees will have the tools necessary to implement lean and effective development pipelines that deliver secure and useful code in a fraction of the time and at a fraction of the development cost.
Key learning points:
- Creating a metric collection infrastructure to alert on security and functionality deficiencies
- Utilizing metrics to write optimized unit and system tests
- The optimal value of code coverage, application pen-testing and static code analysis