Filter results by

Event Recap: Making Security Agile

Last week, Oleg and Sanjay from the SAMI security team were invited to speak at LASCON 2015 about our security automation. We were happy that the presentation was very well received! For everyone who missed the talk or wanted to follow up, here’s the full slideshow.

In the talk, titled “Making Security Agile”, Oleg and Sanjay explain that for a security process to be successful, we need to make sure that it is integrated well with SDLC. In many cases, DevOps teams that have already adopted an agile SDLC are faster than security, which makes the latter a bottleneck. Our Security Transformation Cheat Sheet (see slide 45) will help the broader security community integrate its processes well with DevOps and to make security agile.

The presentation also shows how we customized open source tools to make security work in an agile environment. As we previously discussed here on the blog, we have implemented continuous security testing using dynamic scanners alongside manual testing. Since security teams usually don’t have too many people and resources, we also try to utilize the resources of other teams as much as possible. For example, we have created a framework that allows us to utilize QA unit tests, monitoring QA regression traffic and finding vulnerabilities in real-time while QA regression is in progress. To achieve all that, we use our own open source security automation tool, bscan, OWASP’s ZAP and Portswigger’s Burp.

In addition, a security dashboard such as ThreadFix allows our team to collate and review all security findings before exporting them to a bug tracking system. This ensures that we avoid false positives and correctly assign severity ratings.

We were happy to get a shout-out in the presentation by Denim Group, the makers of ThreadFix. Read this post to learn about how our custom ThreadFix enhancements made it into version 2.3, in the spirit of open collaboration.

Get the ARTIK Newsletter

You like your news fresh! Sign up now and you will be the first to know about our latest software releases, coding tips, upcoming events, blog posts, datasheet updates, and more.

By providing your contact information, you agree to our Privacy Policy and Terms of Use, confirm you are an adult 18 years or older, and authorize Samsung™ ARTIK to contact you by email with information about Samsung™ ARTIK products, events, and updates for Samsung IoT Solutions. You may unsubscribe at any time by clicking the link provided in our communications.