Security is now everyone’s problem, not just something that people who work for banks or Facebook need to worry about. This talk explains how to integrate security into the day-to-day work of a busy software delivery team, the practices that are important to understand, the (limited) role of tools, and how to ensure that every build is as secure as possible.
As our world becomes digital, today’s back-office system is tomorrow’s public API, open to anyone on the Internet with a hacking tool. So, the days of hoping that security is someone else’s problem are over. Over many years, the security community has developed proven practices to build secure systems and today we have many tools to help create secure software.
However, this knowledge is rarely presented accessibly for mainstream software developers, so the problem for most development teams is where to start and what really matters. This talk will recap security fundamentals, explain the tools and practices that help teams to increase the security of their software and how development teams can integrate these into their normal work. Our technical examples will be Java centric, but the approach is equally applicable to other technology stacks.