Go Security: Building reliable applications along with AppSec automation.
Tatooine
Saturday 22 July, 12:00 - 13:00
Abstract
According to the Nautilus 2022 Cloud Native Threat report, cyber criminals have broadened their attacks to CI/CD environments and vulnerable deployments. Additionally, it was stated in the report “Reducing Enterprise Application Security Risks: More Work Needs to Be Done” that since 2015 the number of organizations building security features into applications dropped from 32% to 21% in five years.
We all know, how Golang excels in backend development, even the 2020 Go Developer Survey shows a 92% overall satisfaction with the language. But, in regards to the topic of security of third-party libraries and customer applications, concerns, in general, were raised.
Discussion
The discussion will be on why business-critical applications are at risk.
How Golang libraries will provide security at the development level with GoSec, Govulncheck, and Fuzzy testing.
How to integrate security scanners into a CI/CD platform like GitLab (Automation)
I will provide examples with an insecure microservice (demo) to show how to use these scanners and how to automate security at CI/CD level.
According to the Nautilus 2022 Cloud Native Threat report, cyber criminals have broadened their attacks to CI/CD environments and vulnerable deployments. Additionally, it was stated in the report “Reducing Enterprise Application Security Risks: More Work Needs to Be Done” that since 2015 the number of organizations building security features into applications dropped from 32% to 21% in five years.
We all know, how Golang excels in backend development, even the 2020 Go Developer Survey shows a 92% overall satisfaction with the language. But, in regards to the topic of security of third-party libraries and customer applications, concerns, in general, were raised.
Discussion
The discussion will be on why business-critical applications are at risk.
How Golang libraries will provide security at the development level with GoSec, Govulncheck, and Fuzzy testing.
How to integrate security scanners into a CI/CD platform like GitLab (Automation)
I will provide examples with an insecure microservice (demo) to show how to use these scanners and how to automate security at CI/CD level.