Episode 40

Shifting security left

00:00:00
/
00:24:50

March 27th, 2024

24 mins 50 secs

Your Hosts
Tags

About this Episode

Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script!

In this episode:

  • 00:00 Fictional Bugs - Investments Unlimited
  • 01:00 DevSecOps
  • 02:00 Moving security testing to the beginning
  • 03:00 Reducing the friction of releases
  • 04:00 Go through pain points early
  • 05:00 Strict linting, function length, no unused variables
  • 06:00 Early automated tests to prevent Git leaks
  • 08:00 Making it easy for the developer
  • 10:00 Bearer
  • 11:00 Concise reporting
  • 12:00 Dependabot
  • 13:00 Secret Management
  • 14:00 Making it easy to do the right thing
  • 16:00 Having pride in your security
  • 17:00 What if your language doesn’t have much security support?
  • 19:00 Dynamic & Static languages
  • 20:00 Language agnostic tools
  • 21:00 Key takeaways

References:

Find out more about Stac and Parallax: