Cracking the Code: Secure Code Review in DevSecOps

On-demand webcast offers an in-depth look at how DevOps can integrate both automated and manual code review into the software development lifecycle.

}

Register to Watch Video

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy.

Get security testing best practices for DevSecOps.

Application-level security is under fire. While virtually all software development life cycles include testing and validation as part of the DevOps processes, secure code review often takes a backseat to looming deadlines.

Static analysis security testing (SAST) is an important low-barrier, repeatable, and scalable secure code review practice for identifying security flaws but yields high volumes of false positives and false negatives.

On the other hand, manual secure code review is critical to validating findings and uncovering additional flaws in areas that automated tools simply cannot replicate. Unfortunately, like automated SAST, manual secure code review comes with tradeoffs of its own – namely, in the form of speed, scalability, and repeatability.

While each of these approaches play a key role in releasing secure applications, the question remains: how can DevOps teams get the best of both worlds while scaling to meet the demands of ongoing development sprints?

Watch this webcast for an in-depth look at how DevOps can integrate both automated and manual code review into the software development life cycle.

You will learn tips for:

  • Implementing security testing best practices in DevSecOps
  • Comparing automated and manual secure code review techniques
  • Leveraging secure code review/SAST in CI/CD
  • Overcoming challenges and identifying opportunities you’re likely to encounter
  • Measuring and communicating success
Chris bush

About the speaker, Chris Bush

Bishop Fox Alumnus

Chris Bush is a Bishop Fox alumnus. He was a managing security consultant at Bishop Fox. He has extensive experience in IT and information security consulting and solutions delivery, providing expertise in application security, including the performance of security assessments, security code reviews and penetration testing of client applications as well as development of security testing processes and methodologies.

Having been a contributing member of the information security community for many years, Chris has served as a volunteer for OWASP as a Technical Project Advisor, as an officer of the (ISC)2 Cleveland Chapter and has spoken at a variety of regional and national security conferences and user group meetings on subjects including secure coding, threat modeling, and other topics in software security. At Bishop Fox, Chris has been instrumental in creating application security thought leadership. He has authored blog posts on threat modeling in DevSecOps as well as the importance of secure code review in DevSecOps. Additionally, he has co-hosted webcasts focused on application security.

Chris is a Certified Information Systems Security Professional (CISSP) and holds a Bachelor of Science in Computer Science from the State University of New York at Buffalo and a Master of Science in Computer Science from the State University of New York at Binghamton.
More by Chris

Extend Your Knowledge

Check out these related resources.

Bishop Fox on-demand webcast on Threat Modeling in DevSecOps presented by security experts Tom Eston and Chris Bush
Webcast

What Bad Could Happen? Managing Application Risk with Threat Modeling

What if security could become an integral framework within the software development process? Join Tom Eston and Chris Bush to learn how Threat Modeling is changing the way organizations manage application security risks.

Learn More
DevSecOps and Application Penetration Testing: Defying the Myth.
Webcast

DevSecOps and Application Penetration Testing: Defying the Myth

On-demand webcast dives into the role of application penetration testing in today’s software development lifecycle (SDLC).

Learn More
Bishop Fox DevSecOps Webcast hosted by Tom Eston, AVP of Consulting Services at Bishop Fox
Webcast

How to Build a DevSecOps Program that Works for Developers AND Security

On-demand webcast explores how the right DevSecOps strategy empowers both your security and development teams.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.