Introduction
As the pace of software releases made by organisations has increased manifold, the chances of introducing security vulnerabilities at each stage of software development lifecycle and each subsequent release has also increased. Security vulnerabilities that get introduced at the early stages of the software development lifecycle are much more time consuming and costly to fix towards the end of the cycle. To improve this process of addressing security issues, the Shift Left approach can be followed, which implies baking in security practices starting from the early stages of the software development lifecycle.
This tech talk is presented by Avinash Jain who is a security researcher and likes to break applications and hunt for vulnerabilities. He is an active blogger at medium by the name @logicbomb where he updates about his journey into ethical hacking and his learnings in the field of security.
This video is part of the tech talks presented at Cloud Village. Cloud Village is an open space dedicated for people interested in cloud security and conducts various activities like talks, workshops, CTFs, and discussions around cloud.
What to expect from this video
Following topics have been covered in this video:
- What is Shift Left?
- Affect on the cost of security as it moves away from the source
- Implementing baseline security into your deployment lifecycle
- AWS CodePipeline
- AWS DevSecOps Pipeline Architecture
- Reporting of vulnerabilities over Slack channels
- Benefits
- Short Demo
Video
https://www.youtube.com/watch?v=qK8ckxy4VNE
Key Takeaways
In general, once we reach the later stages of a software development lifecycle is the time when we look at security testing and removing the vulnerabilities. This costs more time and capital. Adoption of Shift Left in security should not be treated as an afterthought.
This video introduces you to Shift Left in security which means that any vulnerability which gets introduced in the beginning of the software development lifecycle should be taken care of early in the process so that we do not end up debugging all the steps towards the end of the life cycle. Implementing the Shift left principle saves time and is less expensive to fix. It helps in realising the security issues coming in the product sooner.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.
Riyaz Walikar
Founder & Chief of R&D
Riyaz is the founder and Chief of R&D at Kloudle, where he hunts for cloud misconfigurations so developers don’t have to. With over 15 years of experience breaking into systems, he’s led offensive security at PwC and product security across APAC for Citrix. Riyaz created the Kubernetes security testing methodology at Appsecco, blending frameworks like MITRE ATT&CK, OWASP, and PTES. He’s passionate about teaching people how to hack—and how to stay secure.