KEYNOTE | DevOps, Security, and Observability: The Five Ideals
Too often, efforts to integrate DevOps and security are hamstrung by the lack of observability. Legacy application security simply does not observe the routes software executes and securing and protecting software becomes a guessing game. Discover what five ideals are crucial for organizations to pivot to application security with observability at its center.
SESSION | SECURITY METRICS THAT MATTER
Outnumbered AppSec professionals will never have enough time, money, and resources to implement and manage every layer of defense you feel is needed. This means you must work smarter. Learn which metrics truly matter and which “vanity” metrics you can safely ignore, enabling you to work most effectively in securing and protecting applications.
The new open-source Java Observability Toolkit (JOT) project from OpenO11y.org enables you to ask almost any question of your software and to get answers—all without any programming. Use predefined agents created by the OpenO11y community or create your own in a simple YAML format. Learn how to leverage the JOT project, how to get involved, and what the future of the JOT project looks like.
Once an open-source component has been infected, hundreds to millions of unsuspecting developers become an “army” working for the cyber criminals. It takes a mere second for these exploits to produce returns. This session will examine software release and upgrade data and security hygiene practices across 24,000 development teams to pinpoint what top and bottom performs in AppSec are doing to secure their use of open source.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eius mod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eius mod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
SESSION | Application Life Cycle in a Containerized World
Nearly half of organizations indicate they have delayed moving an application into production due to security concerns about their container. This interactive presentation will examine these dynamics and draw upon real-world examples of how VMware customers have overcome container security challenges and adopted modern application architectures.
Security teams believe that policy enforcement is their biggest lever. But it rarely moves the needle and creates a tense relationship between security and development teams. Attend this session to get a step-by-step framework for a full DevSecOps cultural transformation that is adaptable for any industry, maturity, or environment and discover how Comcast is using it to build trust between security and development teams.
SESSION | SECURITY METRICS THAT MATTER
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do consequat.
Security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences. Discover the trending security paradigms that are influencing security observability and shaping the future of cybersecurity.
While security metrics are valuable, the concept of observability helps security leaders to drive improvements in overall security performance, manage incident resolution better, and build repeatable action plans to remediate and eventually prevent incidents. Learn how you can use observability to build a comprehensive security program—from questions on how to get started to examples of observability in action.
Security-focused Chaos Engineering injects security turbulent conditions or faults into an application to determine the conditions by which it will fail so that developers can fix it before it is exploited. Discover how to use Chaos Engineering to develop a learning culture in DevSecOps and how to practically apply it to enhance application performance, resilience, and security.
Continuous security intelligence and effective risk management is powered by observability. Yet, the emergence of digital innovations such as microservices and the CI/CD pipeline and explosion in APIs enabling disparate cloud infrastructures creates significant challenges. This session will uncover the key observability ingredients required to build and operate a modern security operations center.
SESSION | SECURITY METRICS THAT MATTER
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do consequat.
Fill out form below to gain access to all summit videos.
Contrast Security is the world's leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.