DESCRIPTION

Nowadays, almost all companies develop software which is available on the internet, be it mobile apps, web apps or APIs to connect customers and partners. Security vulnerabilities can quickly arise in the software development process, such as SQL or XSS injections, configuration errors in the Infrastructure as Code or security vulnerabilities in integrated libraries. This makes vulnerability management an important factor in preventing the software from becoming a gateway for attackers. In addition to commercial products, there is also a steadily growing open source ecosystem available for this purpose. The talk will discuss:

- What are the most important steps in vulnerability management in software development?

- What are the advantages but also the limitations of open source tools for vulnerability management compared to commercial products?

- How easy is it to integrate open source vulnerability scanners into the development process?

- Why is the use of a vulnerability management system such as DefectDojo or SecObserve important?

In addition to the slides, the talk will also show a practical example of how vulnerability scanners can be integrated into a CI/CD pipeline and how the results can be assessed in the vulnerability management system SecObserve.

WHY THE COMMITTEE CHOSE THIS TALK

Software developers and security are not a love affair. Stefan is one of the rare people leading large software projects and caring for security. We look forward to get more insights how we can integrate automatic security checks into our developers build chain.

SPEAKER

Stefan Fleckenstein