Infusing security into the application development process
Episode 3: The one where we considered security
In this episode Melissa and Damian dig into various aspects of how, when and why to infuse security into your software development, as well as how they will do so within their project.
0:00 Intro
1:13 Recap of what was covered in previous episodes
2:15 Introducing the Spring framework
2:46 Using open source in your application
7:02 Dependencies - https://xkcd.com/2347/
7:35 Introducing the Software Bill of Materials (SBOM)
10:56 Generating an SBOM in Artifactory/ Xray
12:45 Exporting an SBOM Artifactory/Xray
14:00 Who should be paying attention to security
14:55 Everything as code
17:04 How times have changed
18:29 Awareness is key
18:55 The Leftpad incident
19:45 Engineering in software engineering
20:10 Choosing components
20:35 Involving management in security
21:08 Considering security from the beginning
22:45 Available resources for vulnerability intel
24:49 All vulnerabilities vs applicable vulnerabilities
25:25 Importance of context in vulnerability scanning
26:39 What is a Certified Naming Authority (CNA) ?
28:00 Different flavors of vulnerability research
29:09 SLSA - Supply Chain Levels for Software Artifacts
31:14 A shared vocabulary
31:58 Automating SBOMs
31:41 From the developers side
34:25 FrogBot: scan pull requests for vulnerabilities after check-in
35:17 Securing your container images
36:54 Problems with always using the latest version
37:53 Looking into pyrsia.io for software supply chain security
41:40 Security-minded development
Melissa McKay, Developer Advocate, JFrog
More by Melissa - https://jfrog.com/blog-author/melissa...
Damian Curry, Technical Director Community and Alliances, NGINX
More by Damian https://www.nginx.com/people/damian-c...
We encourage you to share any lessons you may have learned in your application development journey in the comments!
#Modernapplicationdevelopment
#Applicationdevelopmentreference
#Modernsoftwaredevelopment
#swampUP
#MARA
Смотрите видео Infusing security into the application development process онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь NGINX 24 Август 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 196 раз и оно понравилось 4 людям.