The event was attended by business leaders and DevOps gurus from industry leading companies such as Microsoft, IBM, HP, Synk and SAP, sharing their best practices for software delivery success.
Although we are somewhat bias, one of the highlights of the event was the presentation by our Co-Founder and CTO Bar Hofesh who, having been invited to the event as a thought leader, spoke specifically about AppSec in the DevSecOps World, discussing the issues of security in the world of sprints.
Across the event, it was apparent that security, whilst obviously of great importance to every company, was still not being integrated into the DevOps process. The concept of shift left and enhancing DevSecOps appeared to be the next step in organisation’s maturity levels, but the reason for this was an interesting one…
Speaking with many attendees, integrating security into DevOps appeared to be an impossible task. They had evaluated security testing tools on the market, whether SAST or DAST and had encountered many barriers, namely:
- Limited coverage of modern architectures and frameworks
- Expensive and complicated to install
- Steep learning curve for implementation, configuration and usability
- Large number of false positives is a drain on the DevOps and security teams
- The tools are a direct hindrance to the DevOps process
- Still requires an expensive manual test either prior to or once the application is in production for a truly comprehensive test
For security to be integrated into DevOps to achieve DevSecOps, accurate AppSec Testing automation is paramount in order to maintain, not slow down, the speed of DevOps.
Bar’s focus on the importance of being able to automate the menial tasks (which current DevOps tools do very well), in conjunction with automating AppSec Testing in particular, specifically using AI to accomplish this, was well received by the crowd and the feedback and enquiries we have received since the event only cement this.
As companies look to mature their DevOps processes, they should be looking to integrate security as early as possible. Our AIAST® technology already enhances DevSecOps, regardless of the maturity level of an organisation, with our immediate reporting with NO false positives to slow you down. Whether integrated with the common tools like JIRA, Jenkins or GitHub, or with our Azure DevOps integration or OpenAPI, it is easy for organizations, regardless of their size, to achieve the level of AppSec Testing automation they require to start being secure by design, with NeuraLegion’s range of solutions.
If you missed Yalla DevOps this time, don’t worry, we look forward to seeing you there next year for the next round of innovation!