SEC-T is an affordable, non-profit, English speaking, two days, single track information security/hacking conference taking place in late summer every year in Stockholm, Sweden. At SEC-T we focus on providing our audience with high-quality talks and in-depth “QnA” with speakers. SEC-T is a conference where you can feel safe from sales pitches and marketing presentations as we have a large focus on our speakers’ research and first-person accounts.
At this event, Joseph Katsioloudes presents Secure your code like NASA with Security as Code (SaC).
Following the lessons learnt from two missions of NASA to Mars, Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization.
In this session, we reviewed lessons learned from DevOps to implement a successful DevSecOps culture, in particular how we could make developers contribute security checks with the SaC approach. We introduced CodeQL, a language that allows us to implement security checks with code, and will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.