From Imola Informatica S.p.A.
He serves as an IT Consultant in large financial institutions. His interests include security, distributed systems and solutions for system and service management, integration and interoperability middleware, cloud computing, and DevOps practices.
Secure Software Development Lifecycle demystified: tools and lessons from building financial applications.
Nowadays, enterprises strive to continually hone their software development process and practices up to the point where continuous deployment in production is a given; the finance sector is no exception, with both business challenges and regulation compliance as the main driving forces for continuous change.
However, releasing new product features many times a day becomes a crucial challenge in terms of software security, and integrating manual/automated security assessment in the build and delivery pipeline is only the tip of the iceberg.
Secure Software Development Practices (S-SDLC) aim at addressing security issues in a much broader perspective, starting from the prerequisites and design of an application, up to the delivery in production.
This talk will discuss S-SDLC practices, (Open Source) tools, lessons learned, and issues from our experience in building web applications for many large banking and insurance companies.