Friday

Room 5

15:00 - 16:00 (UTC+01)

Talk (60 min)

Application security from start to finish

In 2016, a dispute over the name Kik let to an outage that affected nearly the entire internet: an open-source package with 11 lines of code, that every developer could easily write themselves, was withdrawn from the package registry and caused thousands of websites to break. And, in 2020, SolarWinds caused a security leak that affected over 33,000 customers, amongst them the Department of Homeland Security and the Department of Treasury: an attack to the software supply chain of their software Orion was successful and let to malicious software to be distributed to many of their clients.

Continuous Delivery
DevOps
Security

Incidents like this proof that application security is not just security testing before you ship your software or architecture reviews. Security must be baked into your development process and if must span the entire software supply chain.

In this talk you’ll learn how you can integrate security into your complete development process:

  • Secure development environments
  • Secret scanning and secret rotation
  • Dependency management and software composition analysis (SCA)
  • Manage your software supply chain with Dependabot
  • Find XSS, SQL injection, and memory leaks
  • Static and dynamic security testing (SAST and DAST)
  • Hunt for vulnerabilities writing your own CodeQL queries

The talk is for everyone that is interested in application security – developers as well as DevOps engineers.

Michael Kaufmann

Michael Kaufmann is a Microsoft MVP and Regional Director and the CEO of Xpirit Germany. Mike has been working as a .net developer and architect for more than 20 years. In addition to implementing agile techniques (like scrum), ALM and DevOps practices, he is an Azure architect and a Clean Code addict. He shares his knowledge in books, trainings, his blog, articles and as a speaker and keynote speaker at international conferences.