Continuous integration (CI) has long left the stage of experimental practices and moved into mainstream software development. It is used everywhere from start-ups to large organisations, in variety of technology stacks and problem domains. However, the security implications of introducing CI are often overlooked or underestimated.
This talk intentionally avoids recommending a specific solution or vendor. Instead it focuses on technology and process changes involved in setting up CI environment, and aims to provide best practice guidance for introducing CI in your secure Software Development Life Cycle (SDLC). The choice of tools in various steps of CI is enormous. This presentation does not discuss their relative merits from functionality point of view, but suggests which features are necessary to allow secure integration of the tools.This talk is in: English
Threat modelling is one of the best techniques for achieving security on architectural level. However, introducing it on existing complex projects requires time which developers may not have. This talk introduces a technique for performing threat modelling in ongoing projects without a prohibitive initial time investment.This talk is in: English