Integrating Security into the CI/CD Pipeline

DevSecOps

Date: September 7, 2023
Time: 2:00 PM WAT | 7:00 PM MDT | 3:00 PM CEST | 6:30 PM IST
Topic: Integrating Security into the CI/CD Pipeline

Watch Now

Abstract: The CI/CD pipeline plays a crucial role in streamlining and automating various stages of application development, such as compiling, testing, analysis, security, deployment, and packaging. However, this process has its challenges, particularly concerning security risks. The CI/CD pipeline faces several potential vulnerabilities, from insecure coding practices to misconfigurations.
Unconfigured applications or applications with security vulnerabilities and malicious elements can be deployed to production and allow threat actors to gain unauthorized access to your application and compromise your sensitive data. To address these concerns, the CI/CD pipeline

incorporates automated security measures to identify and address potential risks throughout all phases of development. This automated security aspect of CI/CD is a prime example of DevSecOps, where security is integrated into the development process from the outset.

By adopting a “shift-left” approach to security, focusing on early detection and remediation of issues, the CI/CD pipeline aims to minimize the cost and impact of software flaws and vulnerabilities. The upcoming webinar aims to explore the security risks encountered by CI/CD pipelines and the associated applications while delving into potential security solutions that can be seamlessly integrated into the process to enhance overall application security.

Key takeaways:

  • Role of the CI/CD pipeline in DevOps and DevSecOps
  • CI/CD associated security risks
  • Security approach for CI/CD vulnerabilities
  • Impact of CI/CD security on applications functionality and supporting environment

Speaker:
Irene CorpuzAdora Nwodo,Founder at NexaScale.

Bio: Adora Nwodo is an award-winning software engineer. She works at the intersection of the Metaverse, cloud engineering, and artificial intelligence and is passionate about cloud and emerging technologies. She is also the Vice President of the Nigerian chapter of VRAR Association. Her work there involves creating more awareness for virtual and augmented reality technologies. Apart from building and advocating for mixed reality technologies, Adora is a Digital Creator and the Founder of NexaScale, a social enterprise aimed at fostering the growth and development of technology enthusiasts, helping them start and scale their careers by providing resources and opportunities for project building and work experience. She has courses online that teach people about Infrastructure automation, and she has published multiple articles on software engineering, productivity, and career growth on her blog, AdoraHack. She also has a YouTube channel for AdoraHack, where she posts tech content that could be useful to software developers. Currently, Adora is pursuing a LEAD program at Stanford University’s Graduate School of Business. She is the author of the popular Cloud Engineering for Beginners textbook, which is currently aiding numerous individuals in launching their cloud engineering careers. She is also the author of Beginning Azure DevOps, a book published by Wiley. Adora spends a lot of her time on Twitter and LinkedIn, sharing her experience as a woman in tech, and she has a strong interest in advocating for the advancement of women in technology. Adora co-organizes community events for unStack Africa, contributes to Open Source, and speaks at technology conferences worldwide.

*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)


Share this post

Recent Posts

INQUIRE NOW

Related Posts

Are you looking to pursue a career in cybersecurity?

Unlock Your Cyber Security Potential at EC-Council University