Play all

Intro

Recap of what was covered in previous episodes

Introducing the Spring framework

Using open source in your application

Dependencies - https://xkcd.com/2347/

Introducing the Software Bill of Materials SBOM

Generating an SBOM in Artifactory/ Xray

Exporting an SBOM Artifactory/Xray

Who should be paying attention to security

Everything as code

How times have changed

Awareness is key

The Leftpad incident

Engineering in software engineering

Choosing components

Involving management in security

Considering security from the beginning

Available resources for vulnerability intel

All vulnerabilities vs applicable vulnerabilities

Importance of context in vulnerability scanning

What is a Certified Naming Authority CNA ?

Different flavors of vulnerability research

SLSA - Supply Chain Levels for Software Artifacts

A shared vocabulary

Automating SBOMs

From the developers side

FrogBot: scan pull requests for vulnerabilities after check-in

Securing your container images

Problems with always using the latest version

Looking into pyrsia.io for software supply chain security

Security-minded development

Description:

Explore a comprehensive 43-minute video on infusing security into the application development process. Dive into various aspects of how, when, and why to incorporate security measures in software development. Learn about the Spring framework, open-source usage, and the importance of Software Bill of Materials (SBOM). Discover tools like Artifactory/Xray for generating and exporting SBOMs. Understand the significance of "everything as code" approach, vulnerability scanning, and the role of Certified Naming Authorities (CNA). Explore concepts such as SLSA (Supply Chain Levels for Software Artifacts) and automated security tools like FrogBot. Gain insights on securing container images, managing dependencies, and adopting a security-minded development approach. This informative discussion features Melissa McKay from JFrog and Damian Curry from NGINX, offering valuable lessons for modern application development.

Infusing Security Into the Application Development Process

Nginx

Add to list

#Programming #Software Development #Application Security (AppSec) #Computer Science #DevOps #Information Security (InfoSec) #Cybersecurity #Vulnerability Scanning #Software Supply Chain Security #Containerization #Container Security #Software Bill of Materials (SBOM)

0:00 / 0:00