Writing code that works is hard. Writing rugged code that can stand the test of time is even harder. This difficulty is often compounded by crunched timelines and fast cycles that prioritize new features. Add in evolving business needs and new technology and it becomes confusing to know what to do and how to integrate security into your application.
This talk brings some advice/tools of the top developers and application security practitioners to help you ruggedize your end-to-end development lifecycle from code commit to running system. You will learn pragmatic approaches and tooling that will affect your development processes, delivery pipelines and even the operational runtime. You will walk away with solutions you can put into practice right away and you will also be armed with rugged anti-patterns to help you identify what to change.
5. AUDIENCE SURVEY
Cloud or Metal?
DevOps? Agile? Flavors?
How does code get to production?
How often do you do code changes?
Do you do security testing in the build/deploy
pipeline?
#RUGGEDCODE
56. GAUNTLT PRINCIPLES
AND PHILOSOPHY
Gauntlt comes with pre-canned steps that
hook security testing tools
Gauntlt does not install tools
Gauntlt can be part of the CI/CD pipeline
Be a good citizen of exit status and stdout/
stderr
MIT Open Source License
#RUGGEDCODE