Tuesday, January 24 • 4:50pm - 5:40pm
Make me a sandwich: Automating a custom SecDevOps pipeline

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The Continuous Integration and Extreme Programming models, coupled with A/B testing make it nearly impossible for security teams to keep up with the pace of development and to test all the possible software configurations exposed to the public.

Many organizations turn to automation for help, but fail to fully integrate it into all phases of their Software Development Lifecycle. Most inordinately rely on dynamic analysis tools, which lack the ability to provide thorough code coverage and run at the end of the development process, increasing the cost of finding and remediating vulnerabilities.

While security teams are aware of the benefits of automation, many lack exposure to the tools used in the development and build processes. Additionally, many security teams face budgetary constraints which prevent access to expensive software suites designed to find vulnerabilities in software, find the commercial tools lacking, or simply are unable to find software which support the development languages or frameworks in use in their organizations.

This talk will cover how and where to integrate automation into common Version Control and Build Server software, such as Git, GitHub and Jenkins, allowing for testing throughout the SDLC and greater code coverage.

In this talk, attendees will also learn how to create custom static code analysis tools to find new vulnerabilities and prevent recurrences of known vulnerabilities. This will include how to create parsers, lexers, define grammars and walk parse trees.

avatar for Patrick Albert

Patrick Albert

Director of Operations, Tinder
Military Veteran and Tech junkie with over a decade of experience in Technical Operations and Security. Long time supporter of the Infosec community, and Defcon Goon.
avatar for Tony  Trummer

Tony Trummer

Director of Security Engineering, Tinder
Tony currently leads the Security team at Tinder in West Hollywood. As a penetration tester, Tony previously helped to start LinkedIn's AppSec program and later led their IR team. Tony has spoken at conferences around the world, including DefCon, BlackHat, AppSec Cali, AppSec USA... Read More →

Tuesday January 24, 2017 4:50pm - 5:40pm PST
Terrace Lounge