All Day DevOps 2018

DevOps engineering culture demands deploying code at lightning speeds. Speed equals to carelessness. And carelessness may lead to breach.

This talk is an introduction to shift up paradigm, think of it as shift left on steroids for production. Shift up enables an organization with identifying and remediating insecure code running in production including security gaps within infrastructural stack. Attack, yes you read it right attack, your own network by generating chaos and even running defensive dynamic security testing. In turn validate effectiveness of layered protective measures against application code and monitor transnational flow. By the virtue of this talk, I will attempt at answering the age-old question of, is there a necessity to integrate security technologies tools such as runtime application self-protection (RASP) or is WAF as effective tool. And last but not the least, building capabilities such as identifying external-facing assets in continuous manner and monitoring them throughout its lifecycle. All these learning from shift up capabilities in turn provides us with a feedback loop between AST tools (SAST, DAST, IAST, MAST) and layered defenses in production. This learning constantly helps us enhance protective shield against evolving attacks and ultimately gaining IT utopia.