Cloud platforms must face all kinds of security issues that are frequently a matter for security engineers, not for developers. As a result, security is treated as separate from development. Although sponsors have promoted the integration of security practices into all stages of software development, many developers think security is a topic for other engineering fields. Despite having tools such as Snyk and Blackduck, as result developers are missing the benefits they get from their cloud platforms.
This talk will show the benefits of practicing security chaos engineering [SCE] by empowering developers to leverage the power of security topics directly. [SCE] offers many advantages that include a reduction in remediation costs, disruption to end-users, and improvement of confidence in production systems. In this talk, we are going to show how this practice has helped us to develop a culture based on security between software developers.
* Present the foundation of the software development life cycle.
* Explore the integration of SDLC, resilience, and security using tools such as Snyk and Blackduck.
* Analyze why developers do not include the security topics in their activities.
* Present a novel practice titled Security Chaos Engineering.
* Show how democratizing security between software developers has shown us the benefits from the distributed, immutable and ephemeral, or DIE, model.
* Show some of the experiments that we are trying in ADL for promoting a culture based on security using SCE."
Priority access to all content
Exclusive promotions and giveaways