Daniel Deogun is a senior consultant at Omegapoint in Stockholm. His extensive experience ranges from patient critical pacemaker software to high performant reactive systems. Daniel is very passionate about high quality software and was an early adopter of TDD, BDD, and DDD. Combining this with his interest in security has made him a strong advocate of Domain Driven Security.
The concepts and techniques on how to implement continuous delivery have been around for quite a while and is moving away from the exclusive club of early adopters. The tooling and technology around CD have evolved and allows us to fairly easy implement delivery pipelines and the necessary infrastructure. But why is it that many organizations still seem to struggle? As it turns out, the technical solutions of CD is not where the challenges lie. Instead, the hard part is to transform business processes and workflows to a mindset of continuously delivering value. It also puts new challenges on the individual to adopt a new view on how to develop software. In this presentation, we will look at common pitfalls and challenges in implementing CD, and share our experiences from the trenches.
How does cyclomatic complexity, defensive code constructs, and generic data types relate to security issues? Why is it that injection flaws and cross site scripting still rank in the top of OWASP top 10 despite a decade of "awareness"? Why isn't security a natural part of how we measure quality? In this talk, I will address this by showing how the use of good design principles, Domain Driven Security, and different mindset helps one to avoid mistakes that lead to security weaknesses.