To the Left, to the Left: All your Security Shifted to the Left
Hands-on Lab (INTERMEDIATE level)
Taroudant A
Secure software development is one of the highest demanded skills in 2023. Secure CI/CD pipelines. Writing secure code. Securing supply chains. Being aware of the myriad vulnerabilities within our codebase is becoming more and more important for developers to understand in our “shift-left” world. The OWASP Top 10 vulnerabilities haven’t changed in a long time, because none of us seem to get it right. In this workshop we will take a journey through the entire SDLC with a critical eye on security.
We’ll look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn how to properly triage threats, exploits, vulnerabilities that affect our software, and how to streamline code improvements. Before we’re done, we’ll investigate modern processes for continuous deployment, including secure infrastructure as code development and how to lock down our CD pipelines.
This workshop will get hands-on with a simple, streamlined approach to deploying code to the cloud while diving deep into essential concepts related to software security.
We’ll look at how to implement secure coding practices, and then move on to discuss the ins and outs of modern continuous integration. After we lock down our CI pipelines, we’ll look at how to find vulnerabilities in our dependencies. Armed with that information we’ll learn how to properly triage threats, exploits, vulnerabilities that affect our software, and how to streamline code improvements. Before we’re done, we’ll investigate modern processes for continuous deployment, including secure infrastructure as code development and how to lock down our CD pipelines.
This workshop will get hands-on with a simple, streamlined approach to deploying code to the cloud while diving deep into essential concepts related to software security.
Jamie Coleman
Sonatype
Jamie is a Developer Advocate for Sonatype formally IBM, based in the UK. He talks about the importance of security in software, improving developer productivity and raising awareness about energy consumption of technology.
Passionate about discovering ways to help reduce developers carbon footprint, he is also a subject matter expert in containerised solutions and build technologies. He fell in love with Java at University and has gone on to talk at many conferences about using Java with microservices and related technology. He has worked on a wide variety of projects such as modernising IBM CICS mainframe testing infrastructure, creating, and automating the creation of Docker images for IBM’s products and contributing to a DevOps pipeline offering.
Passionate about discovering ways to help reduce developers carbon footprint, he is also a subject matter expert in containerised solutions and build technologies. He fell in love with Java at University and has gone on to talk at many conferences about using Java with microservices and related technology. He has worked on a wide variety of projects such as modernising IBM CICS mainframe testing infrastructure, creating, and automating the creation of Docker images for IBM’s products and contributing to a DevOps pipeline offering.
Steve Poole
Sonatype
Developer Advocate, Security Champion, DevOps practitioner (whatever that means) Long time Java developer, leader and evangelist. I’ve been working on Java SDKs and JVMs since Java was less than 1. JavaOne Rockstar, JSR leader and representation, Committer on open source projects including ones at Apache, Eclipse and OpenJDK. A seasoned speaker and regular presenter at international conferences on technical and software engineering topics.