Conf42: Chaos Engineering 2021

DevOps engineering culture demands deploying code at lightning speeds. And speed equals carelessness. And carelessness may lead to breach.

This talk is an introduction to shift up paradigm, think of it as an extension of shift left but a culture that only strives in production. Shift up enables an organization identify, and remediate insecure code and address any security gaps within infrastructural stack in seal-healing and iterative manner. To achieve this end state an organization needs to perform defensive dynamic security testing and test configuration, and system failures against A/B units. These exercises helps validate effectiveness of production’s layered protection, which is responsible to protect application code and most importantly customer’s data. And last but not the least, building capabilities to identify external-facing assets in continuous manner and monitor it through out its existence. Enabling an organization with a feedback loop between *AST tools (SAST, DAST, IAST, MAST) and layered defenses in production. Further arming them with a protective shield against ever-evolving attacks and ultimately gaining IT utopia!