From Imola Informatica
Project Manager, Senior Architect in a wide variety of enterprise applications. Highly skilled in distributed architectures, integration patterns and performance tuning. 18yrs of Java, 20+yrs of RDBMS experience, teaching experience on Java, Delphi, C/C++. He has been working with Imola Informatica (http://www.imolainformatica.it) since 1996. He participated to several EU FP6 and FP7 projects. Among them, Cloud4SOA a project aimed to enable interoperability and portability between heterogeneous Platform-as-a-Service Cloud systems, as Technical Coordinator and WP leader. His current interests are Cloud and DevOps applied to big organizations.
Secure Software Development Lifecycle demystified: tools and lessons from building financial applications.
Nowadays, enterprises strive to continually hone their software development process and practices up to the point where continuous deployment in production is a given; the finance sector is no exception, with both business challenges and regulation compliance as the main driving forces for continuous change.
However, releasing new product features many times a day becomes a crucial challenge in terms of software security, and integrating manual/automated security assessment in the build and delivery pipeline is only the tip of the iceberg.
Secure Software Development Practices (S-SDLC) aim at addressing security issues in a much broader perspective, starting from the prerequisites and design of an application, up to the delivery in production.
This talk will discuss S-SDLC practices, (Open Source) tools, lessons learned, and issues from our experience in building web applications for many large banking and insurance companies.