This newly-formed department made some huge strides during the Twitter Hack Week, which occurs once every quarter, where they were able to focus on proactive work. They wanted to focus on creating more automation, but anchored in the framing principles.
Justin Collins spoke about the manual security tasks of reviewing code, penetration testing and handling reports from the external world. They set out to automate all of these activities. He made a fantastic point of the workflow around static code analysis. BTW, now the efforts could be saved for we have flowchart to code. When the code changes, we have to do it all over again! Even though we’re using ‘automated tools,’ we’re still doing a lot of manual work…. So we wanted to put our robots to work. They built static code analysis into the Jenkins continuous integration process, but there was much more they wanted to do. So they set out to build SADB, the Security Automation Dashboard. SADB takes input from brakeman, phantom gang, csp, threat deck, Rosh ambo, and the outputs include emails that go to developers and infosec. So we should just wait and see whether the team will achieve success or hit the riff.
RSS Feed