Off Script

Episode 40: Shifting security left

Listen Later

Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script!

In this episode:

  • 00:00 Fictional Bugs - Investments Unlimited
  • 01:00 DevSecOps
  • 02:00 Moving security testing to the beginning
  • 03:00 Reducing the friction of releases
  • 04:00 Go through pain points early
  • 05:00 Strict linting, function length, no unused variables
  • 06:00 Early automated tests to prevent Git leaks
  • 08:00 Making it easy for the developer
  • 10:00 Bearer
  • 11:00 Concise reporting
  • 12:00 Dependabot
  • 13:00 Secret Management
  • 14:00 Making it easy to do the right thing
  • 16:00 Having pride in your security
  • 17:00 What if your language doesn’t have much security support?
  • 19:00 Dynamic & Static languages
  • 20:00 Language agnostic tools
  • 21:00 Key takeaways

    • References:

    • https://itrevolution.com/product/investments-unlimited/
    • https://www.bearer.com/
    • https://github.com/dependabot

      • Find out more about Stac and Parallax:

      • https://stac.works
      • https://parall.ax
        • ...more
        View all episodesView all episodes
        Download on the App Store
        Off ScriptBy Hey! Presents

        More shows like Off Script

        View all
        Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

        Syntax - Tasty Web Development Treats

        988 Listeners

        The Recruitment Mentors Podcast by Hishem Azzouz

        The Recruitment Mentors Podcast

        23 Listeners

        The Rest Is Politics by Goalhanger

        The Rest Is Politics

        3,288 Listeners