A sequel/remake of the AppSec USA 2012 talk "Put Your Robots to Work: Security Automation at Twitter". Presented at http://devopsenterprise.io/ 2015.
In 2009, multiple security incidents at Twitter resulted in an investigation by the Federal Trade Commission (FTC). As part of its 2010 decision, the FTC instructed Twitter to form and maintain an effective information security program. By 2012, Twitter had exploded with hundreds of millions of Tweets sent every day and a rapidly growing engineering force. The amount of new code being written quickly outpaced the security team, leading them to consider ways of reducing their workload by automating tools and processes.
Security automation at Twitter started with a desire to automate a single static analysis tool. From there we started to see more opportunities to write code to prevent security vulnerabilities, instead of manually to find vulnerabilities. This talk will cover that journey, our philosophy for unobtrusive continuous security, the simple yet effective tools we used, and the general approach I believe works for multiplying impact through automated security.
presidentbeef
oracle4engineer
oekazuma
motok1
sattosan
takahashikazutaro
elct9620
hirosatogamo
tbaldauf
bun913
bonjiri_niwa
soracom
brianwarren
jasonvnalue
edds
bluesmoon
gr2m
jeffersonlam
smashingmag
frogandcode
vanstee
thoeni
sachag
sferik