✓ Bis zu 380 € sparen
✓ 12 Monate gratis Zugang auf entwickler.de
✓ Kollegenrabatt
Jetzt anmelden
Until conference starts:
✓ Team discounts
✓ All inclusive 4-Day Passes available
Until conference starts:
✓ Team discounts
✓ All inclusive 4-Day Passes available
✓ See you in 2022!
✓ Wir sehen uns 2022!
Infos
09:00 - 09:45
Description
We start with a welcome and introduction of the day by Sebastian Meyen, the conference chair.
Followed by Christian Schneider’s keynote:
If we can build software in a reliable, reproducible and quick way at any time using Pipeline-as-Code and have also automated security scans as part of it, how can we quickly capture the risk landscape of agile projects to ensure we didn’t miss anything important? Traditionally, this happens in workshops with lots of discussion and model work on the whiteboard with boxes, lines, and clouds. It’s just a pity that it often stops there: Instead of a living model, a slowly but surely eroding artifact is created, while the agile project evolves at a faster pace. In order to counteract this process of decay, something has to be done continuously, something like “Threat-Model-as-Code” in the DevSecOps sense. See in this talk the ideas behind this approach: Agile developer-friendly threat modeling right from within the IDE using open-source tools. Models editable in developer IDEs and diffable in Git, which automatically derive risks including graphical diagrams and report generation with recommended mitigation actions.
This Session belongs to the Diese Session gehört zum Programm vom BerlinBerlin program. Take me to the program of . Hier geht es zum Programm von New York New York .
This Session belongs to the Diese Session gehört zum Programm vom BerlinBerlin program. Take me to the program of . Hier geht es zum Programm von Singapore Singapur .
This Session belongs to the Diese Session gehört zum Programm vom BerlinBerlin program. Take me to the program of . Hier geht es zum Programm von Munich München .