On-Demand Webcast: Cracking the Code: Secure Code Review in DevSecOps
Date & Time: ON DEMAND
Speaker: Chris Bush
Application-level security is increasingly under fire. The interconnected nature of modern applications means a single flaw in one application can lead to exploitation of other applications and underlying systems. While virtually all software development life cycles include testing and validation as part of the DevOps processes, secure code review often takes a backseat to looming deadlines.
To align DevOps and security, many organizations have implemented secure code review via automated static analysis security testing (SAST). This low-barrier, repeatable, and scalable practice is important in identifying security flaws, but unfortunately yields high volumes of false positives and false negatives.
To solve for this issue, manual secure code review is critical to validating findings and uncovering additional flaws in non-obvious areas that automated tools simply cannot replicate. Unfortunately, much like automated SAST, manual secure code review comes with tradeoffs in the form of speed, scalability, and repeatability.
While each of these approaches play a key role in releasing secure applications, the question remains: how can DevOps teams get the best of both worlds while scaling to meet the demands of ongoing development sprints?
Watch Chris Bush, Managing Consultant at Bishop Fox, for an in-depth look at how DevOps can integrate both automated and manual code review into the software development life cycle. Chris has helped hundreds of organizations identify flaws within code and set up repeatable and scalable processes that ensure the ongoing development of secure applications.
Chris shared his vast knowledge and tips for:
- Implementing security testing best practices in DevSecOps
- Comparing automated and manual secure code review techniques
- Leveraging secure code review/SAST in CI/CD
- Overcoming challenges and identifying opportunities you’re likely to encounter
- Measuring and communicating success
- Ensuring DevOps and security are working in concert