Taking DevSecOps To The Next Level - Cutting Edge Tools for your Pipeline
DevSecOps is so much more than forcing developers to use legacy scanning tools. In this talk, we will discuss a continuous, effective, and scalable DevSecOps pipeline using free cutting-edge tools. We'll discuss and show IAST (Interactive Application Security Testing) to accurately pinpoint vulnerabilities in both custom code and libraries in real time without scanning. We'll discuss and show RASP (Runtime Application Self-Protection) in production to gain visbility into application attaches and to prevent vulnerabilities from being exploited. And we'll discuss how to integrate the results into tools your teams already use (IDE, Chat, CI/CD, bugtrackers, SIEM, etc.). Pros and cons of IAST and RASP will be discussed as well. Take home valuable information on how to leverage cutting edge tools for your pipeline and add them to your DevSecOps pipeline immediately.