Time and Venue 
Thursday, 12th April, 2018;  13:30 CET

Google Office
Claude Debussylaan 34
1082 Amsterdam
Nederland

Draft Schedule
Slot Event
13:00 -14:00 Arrival and Registration (no lunch)
14:00 – 14:10 Opening by Reinier Landsman, CSA Netherlands chapter president
14:10 – 14:50 Keynote presentation by Google- Manage your application lifecycle on Google Cloud Platform.

DevOps is where any application starts. In today’s increasingly competitive world, the agility to be able to try things out quickly and move on without incurring upfront costs or facing delays while procuring hardware and integrating into your on premises environment is key to being successful. Multiple, disposable, and recreatable environments that are accessible around the globe are a must have for application lifecycle management. Configuration management tools that suits your environment, containers, and choice of development and continuous integration tools are just a few of the things that the modern developer expects to be at their disposal. Cloud Platform provides a cost effective platform that addresses these requirements and more for any development and test environment.

14:50 – 15:20 Presentation by CYBERARK, Marcel Bosgra (MSc, CISSP) – Machine Identities in the Cloud and DevOps Space

Enterprises are automating IT infrastructure and instituting DevOps methodologies to accelerate the pace of innovation. Traditional identity and access management solutions are not designed to natively support the unique security needs of DevOps workflows. Enterprises must introduce new systems and practices to support dynamic workloads, microservices and automated IT without compromising security or service velocity.
Since DevOps pipelines are fully automated and contain many different tools, platforms and resources, there are many secrets hidden in various locations throughout the pipeline. Attackers know where to look for secrets in these systems and how to exploit them. This is a huge threat surface with many potential open-doors for attackers.
Secrets embedded in app code pose an enormous risk. Secrets can be easily exposed, since there is no audit or control over who’s accessing them. Additional risks lie within the configuration management and used in the DevOps pipeline. As high consumers of secrets, these tools have become the new targets for attackers.

15:20 – 15:50 Networking break
15:50 – 16:20 Presentation by ABN AMRO on CI CD & DevSecOps
Utilizing DevOps principles you learn how to move your CI/CD toolchain into the cloud. It provides an overview of Amazon Web Services (AWS) and introduces the foundational tools and practices needed to securely deploy your applications in the cloud.
16:20 – 16:50 Presentation by Checkmarx – The Challenges of Continuous Integration and Application Security testing

In the world of SaaS, agile and Continuous Integration/Delivery has and is being adopted quite widely. Development teams are now able to deliver and modify their releases multiple times a day using the Cloud’s flexibility and control while at the same time implementing the right techniques to develop quicker and better using agile and continuous integration/delivery. Traditional application security methods are not able to support these quick cycles. Four Simple Steps are presented to ensure secure coding as part of your Build Management process.

16:50 – 17:30 Closing Presentation and Interaction with the attendees
17:30 – 18:00 Networking break – meet up with the presenters
18:00 – 19:00 Buffet and Drinks
 Register now

 

SecDevOps in the cloud