Measuring DevSecOps with Victoria Almazova
How do you measure how secure your application is? While at NDC London, Carl and Richard chatted with Victoria Almazova about her work around measuring DevSecOps. Victoria talks about making security part of the DevOps cycle, which is part of every build and measured constantly. The conversation moves to traditional penetration testing and the challenges of incorporating security improvements into applications. But what if your security efforts shifted to the left and became part of your development practice? Then there would be fewer fixes to make!
Guests:
Victoria Almazova
Victoria Almazova is security girl in Microsoft Norway with experience more than 14 years in security. She spends all her time working closely with developers and architects to make security built in from design level. She is a big supporter of making security as culture and shifting security to the left. Victoria believes that empowering developers and architects in security tasks by helping with education will increase security level without increasing additional workload. During the free time, she deep dives into Cloud security, development, identity and access management.
Links:
- Tabnine AI Code Assistant https://www.tabnine.com/blog/deep/
- Microsoft Defender Application Guard https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview
- OWASP Top Ten https://owasp.org/www-project-top-ten/