DeveloperWeek 2023 has ended
Tuesday, February 21 • 2:00pm - 2:50pm
[Virtual] PRO WORKSHOP: 5 Open Source Security Tools All Developers Should Know About

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Chris Koehnecke, VP Security Engineering and CISO,  Jit

The minimum viable security (MVS) approach, enables us to easily bake security into our config files, apps, and CI/CD processes with a few simple controls - and the great part? It’s easily achievable through open source tooling.

In this talk we will focus on five critical security controls that will be integrated as part of the CI/CD pipeline by leveraging some excellent open source tools, including: Bandit or SEMGrep for static application security (SAST), Gitleaks to detect hard-coded or insufficiently secured secrets & dependency checks (SCA), KICS for infrastructure as code (IaC) and OWASP’s ZAP for API and dynamic application security (DAST), in addition to custom controls to ensure proper enforcement of MFA via Github Security. These controls will provide a foundational framework for securing your applications from the first line of code, that will make it possible to continuously iterate and evolve your security maturity all the way through advanced layers of security that comes with time, as well as increased experience with your deployments, stacks, and security posture.

Code examples & demos will be showcased as part of this session.

avatar for Chris Koehnecke

Chris Koehnecke

VP Security Engineering and CISO, Jit
Chris Koehnecke is VP Security Engineering & CISO at Jit with over 20 years of experience in Cyber Security. Chris is focused on cloud security, security program development, security strategy, assessment and management of cyber risk.Chris holds a Bachelor of Science degree in Business... Read More →

Tuesday February 21, 2023 2:00pm - 2:50pm PST