Rugged Software Using Rugged Driven Development
ATTENTION: You must signup in advance to attend this workshop. You will need to have a valid SXSW badge, and an activated SXsocial account. To reserve your seat, please go here: https://sup.sxsw.com/schedule/IAP19539
Security testing is often done at the cadence of auditors and not at the pace of the development team which hurts delivery time in agile teams. Rugged Driven Development (RDD) utilizes security and other stress testing methodologies during the development process to impact the end product so that you create software that is secure, reliable and resilient.
Using the Gauntlt open source framework to help implement RDD you will find it fun to live by the Gauntlt motto, “be mean to your code.” You will be equipped to deliver and release ruggedized software faster as well as span the communication gaps that exist between dev, ops and security teams. This talk will help you implement RDD your projects with plenty of real world examples.
At the end of the workshop, you should:
- Be Rugged Driven Dev savvy and ready to ruggedize your next project with some new practices and tooling
- Know how to use gauntlt and the security tools it hooks into
- Take some of the pre-built gauntlt attacks and modify them to your own project
- Write your own gauntlt attacks and put them in practice
- To get the most out of the class, you should be comfortable with the linux command line.
- While not required, familiarity with a programming language like Python or Ruby would be helpful.
What to Bring:
- This workshop uses a virtual lab using a Vagrant box (~700 MB) custom built for the workshop. Before the workshop, please follow these instructions to get your laptop ready with the necessary dependencies. http://bit.ly/rugged-sxsw-setup
Sr DevOps Engineer
Mentor Graphics Corp
James is an innovative thought leader and technologist in the DevOps and InfoSec communities and has a passion for helping big companies work like startups to deliver products in the cloud.
He got his start in technology when he ran a Web startup company as a student at University of Oklahoma and since then has worked in environments ranging from large, web-scale enterprises to small, rapid-growth startups. As a Senior DevOps Engineer, James is currently working in a startup-like team building cloud-based products for the Embedded Software Division of Mentor Graphics (http://mentor.com). James is a dynamic speaker on topics in DevOps, cloud computing, cloud security, security testing and Rugged DevOps.
He is a core contributor to the Gauntlt project (http://gauntlt.org) and is a supporter of the Rugged Software movement. James is the creator and founder of the Lonestar Application Security Conference which is the largest annual security conference in Austin, TX. He volunteers as one of the chapter leaders for the OWASP Austin chapter (http://austin.owasp.org) and he holds the following security certifications: CISSP, GWAPT, GCFW, GSEC and CCSK.
In his spare time he is trying to learn how to bake bread.
Sr Web Software Engineer
Mentor Graphics Corporation
I'm an experienced software engineer with a passion to quickly design and develop cloud hosted, web software products. I live in Austin, Texas and I'm an organizer for Devopsdays Austin, and CloudAustin.
Mgr, Threat Research Center
Matt Johansen is a manager for WhiteHat Security's Threat Research Center (TRC). Matt began his career as a security consultant, where he was responsible for performing network and web application penetration tests for clients. He then took at role at WhiteHat as an application security specialist for the TRC and quickly rose through the ranks to managing more than 40 at the company's Houston location.
In his spare time, Matt is a frequent web security instructor at San Jose State University and Adelphi University, where he received his Bachelor of Science in Computer Science. Matt is also a frequent speaker at a number of industry events including: BlackHat, Defcon, Hacker Halted, the FBI's International Conference on Cyber Security, RSA as well as several OWASP chapters and BSides events across North America. Matt is also a contributor to the Liquidmatrix Security Digest and has worked with the SANS Institute as an industry expert for certification review.