Title: Put Your Robots to Work: Security Automation at Twitter
With daily code releases and a growing infrastructure, manually reviewing code changes and protecting against security regressions quickly becomes impractical. Even when using security tools, whether commercial or open source, the difficult work of integrating them into the development and security cycles remains. We need to use an automated approach to push these tools as close to when the code is written as possible, allowing us to prevent potential vulnerabilities before they are shipped. We worked with development, operations, and release teams to create a targeted suite of tools focused on specific security concerns that are effective and don’t introduce any noise. This presentation will give an overview of what we’ve done over the past year, what we have learned along the way, and will provide advice for anyone else going down this road.
Justin Collins,Security Engineer, Twitter
Justin is a security engineer at Twitter and a long-time computer science PhD student at UCLA. He spends most of his time working on Brakeman, a static analysis security scanner for Ruby on Rails.
Neil Matatall,Information Security Engineer, Twitter
Twitter security engineer, football fan, hiker. I like writing code. I like breaking code. I like protecting code.
Alex Smolen Security Engineer, Twitter
Graduate of the UC Berkely I School. Previously at Foundstone. | | Interested in security and the human experience.
Date: Thursday October 25, 2012 2:00pm - 2:45pm
Location: AppSecUSA, Austin, TX. Hyatt Regency Hotel, Gluu Room.
Track: Rugged DevOps