DevSecCon Germany hosted its first real-life meetup in 2023, right in the city center of Hamburg. Thanks to Sport Alliance for hosting the event!
We have 3 amazing talks and speakers lined up.
1. OWASP DecSecOps Maturity Model (DSOMM) – Timo Pagel
2. Case Study: Sport Alliance – Security-savvy Culture & The Road to BaFin
3. State of Open Source Security – Mathias Conradt
##
DSOMM – The DevSecOps Maturity Model
Speaker: Timo Pagel, DevSecOps Consultant & OWASP Project Lead
From a startup to a multinational corporation the software development industry is currently dominated by agile frameworks and product teams and as part of its DevOps strategies. It has been observed that during the implementation, security aspects are usually neglected or are at least not sufficient taken account of. It is often the case that standard safety requirements of the production environment are not utilized or applied to the build pipeline in the continuous integration environment with containerization or concrete docker. Therefore, the docker registry is often not secured which might result in the theft of the entire company’s source code.
The DevSecOps Maturity Model, which is presented in the talk, shows security measures which are applied when using DevOps strategies and how these can be prioritized. With the help of DevOps strategies security can also be enhanced. For example, each component such as application libraries and operating system libraries in docker images can be tested for known vulnerabilities. Attackers are intelligent and creative, equipped with new technologies and purposes. Under the guidance of the forward-looking DevSecOps Maturity Model, appropriate principles and measures are at hand implemented which counteract the attacks.
##
Case Study: Sport Alliance
The Road to BaFin & Security-Savvy Culture
Speakers:
Juri Jäger, Lead DevOps Engineer at Sport Alliance
Eike Lurz, DevSecOps Engineer at Finion Capital
Sport Alliance is taking sport and fitness training to a new level with a digital transformation worldwide. As the market leader in Germany, we specialize in solutions encompassing cloud-based gym management software, membership acquisition, financial services, and eCommerce.
Our Security-Savvy Culture (cloud security, defense in depth, zero trust security etc.)
Running a stable infrastructure in the cloud while adhering to the highest quality standards is our bread and butter; sticking to security best practices is no exception. Let us show you how we have incorporated a solid security concept built on Defense in Depth principles and the Zero Trust security model.
The Road to BaFin (and security-related challenges)
##
The State of Open Source Security – Addressing Cybersecurity Challenges in Open Source Software
Speaker: Mathias Conradt, Staff Solutions Engineer at Snyk
This talk will give insights into the current state of open source software security and methods to address and improve your cybersecurity posture. Open source security becomes a greater challenge as the software supply chain grows in complexity.
The State of Open Source report, on which insights will be based on, is a partnership between Snyk and the Linux Foundation, with support from OpenSSF, the Cloud Native Security Foundation, the Continuous Delivery Foundation, and the Eclipse Foundation. It is based on a survey of over 550 respondents in 2022 and data from Snyk’s Open Source solution.
Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity