Integrate Security into DevOps
Software security often evokes negative feelings among software developers because it is associated with additional programming effort, uncertainty, and road-blocking activity on a fast release cycle. Secure software developers must follow a number of guidelines that, while intended to satisfy regulations, can be very restrictive and difficult to understand. Hasan Yasar believes that the Secure DevOps movement combats this negative view by shifting the paradigm. Rather than blindly following required security practices and identified security controls, Secure DevOps developers learn how to think about making their applications more secure and better able to absorb attacks while continuing to function. This shift in thinking from a “prevent” to a “bend, don’t break” mind-set provides more flexibility when dealing with attacks. Join Hasan as he explores how to integrate secure coding into your DevOps process—with a focus on continuous integration, infrastructure as code, continuous deployment, and an automated integrated development platform.