Interop is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

How is IT changing? What are the new technologies? How is my job changing?

At Interop, we nurture every aspect of your career by offering content across all key technologies and stages of your career. Experience collaboration and innovation with the industry’s most thought after leaders. Be sure to check back often as we’re adding sessions and speakers weekly!

Please note, Interop Trainings sell out! If you’re interested in participating in Trainings, we suggest registering early.

Keeping Up with Security – Secure Software Development Life-cycle

Priyanka Pant  (Vice President Software Engineering, Mastercard)

Pass Type: All Access, Conference - Get your pass now!

Event Type: Session

Track/Topic: Security

Vault Recording: TBD

Audience Level: All

This session talks about an important aspect of digital transformation which includes application modernization techniques with Shift-left approach embedding security early in the Software Development Life Cycle (SDLC). It highlights the difference between quality and security showcasing DevSecOps practices in Continuous Integration/Delivery (CICD) lifecycle. Importance of security tools In Ci-CD pipeline for Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Interactive Application Security Testing (IAST), Fuzz, Penetration, Resiliency Testing etc. is well explained. Concepts like Behavior Driven Development, Test Driven Development, Threat Modeling, Vulnerability Scans, Security Champions, Secure Code Reviews and how they fit in with secure agile practices are also covered. It takes a deep dive and illustrates examples of Threat Modeling methodologies. Provides guidelines on building secure software with Encryption, Data Protection, Authentication Management, Input Validation, Traffic Controls and protection against security threats. Brings to light dangerous, insecure code that should be rejected during code reviews.