#BHUSA: DevSecOps, Looking Beyond the Buzzword

DevSecOps isn't just yet another meaningless buzzword, it's an approach that has a number of steps and real technologies that can be used to help effectively reduce risk. That's the message coming out of a session at the Black Hat USA conference in Las Vegas titled, "DevSecOps: What, Why and How."

Anant Shrivastava, regional director for Asia Pacific at NotSoSecure explained that an idealistic goal for many organizations is to be secure by default. DevSecOps is an approach that integrates security via tools into both the developer and operations workflow and can help to create a culture of security as code within an organization.

"DevSecOps makes it easier to manage the rapid pace of development and large scale secure deployments," Shrivastava said. "Security has to be part of the process, it can't be a step that only occurs at the end."

In the modern DevOps approach to code development, a developer builds code in an IDE (Integrated Developer Environment), checks code into a source code repository and then moves code to a continuous integration, continuous deployment server out to production deployment. Shrivastava said that at each stage of the DevOps process there are tools and controls that can be utilized to enable better security.

The first step in the DevSecOps pipeline is to have what Shrivastava referred to as "pre-commit hooks" for a developer's workstation to make sure that sensitive information such as access keys are not directly integrated into code commits. IDE plugins can also be used to help developers identify potential bugs in code that could l ..

Support the originator by clicking the read the rest link below.