ZOO-6484 Secure Software Development Lifecycle demystified: tools and lessons from building financial applications. | Devoxx

Secure Software Development Lifecycle demystified: tools and lessons from building financial applications.

Conference

agTest DevOps, Agile, Methodology & Culture

Nowadays, enterprises strive to continually hone their software development process and practices up to the point where continuous deployment in production is a given; the finance sector is no exception, with both business challenges and regulation compliance as the main driving forces for continuous change.

However, releasing new product features many times a day becomes a crucial challenge in terms of software security, and integrating manual/automated security assessment in the build and delivery pipeline is only the tip of the iceberg.

Secure Software Development Practices (S-SDLC) aim at addressing security issues in a much broader perspective, starting from the prerequisites and design of an application, up to the delivery in production.

This talk will discuss S-SDLC practices, (Open Source) tools, lessons learned, and issues from our experience in building web applications for many large banking and insurance companies.

Alessandro Proscia Alessandro Proscia

He serves as an IT Consultant in large financial institutions. His interests include security, distributed systems and solutions for system and service management, integration and interoperability middleware, cloud computing, and DevOps practices.

Luca Molari Luca Molari

Graduated from University of Bologna (Italy) in Computer Engineering, he currently serves as a Consultant for the IT departments of medium/large organisations, with focus on DevOps practices and Security. His other main interests are programming languages, optimization algorithms and machine learning.

Filippo Bosi Filippo Bosi

Project Manager, Senior Architect in a wide variety of enterprise applications. Highly skilled in distributed architectures, integration patterns and performance tuning. 18yrs of Java, 20+yrs of RDBMS experience, teaching experience on Java, Delphi, C/C++. He has been working with Imola Informatica (http://www.imolainformatica.it) since 1996. He participated to several EU FP6 and FP7 projects. Among them, Cloud4SOA a project aimed to enable interoperability and portability between heterogeneous Platform-as-a-Service Cloud systems, as Technical Coordinator and WP leader. His current interests are Cloud and DevOps applied to big organizations.

Stefano Monti Stefano Monti

He graduated from the University of Bologna, Italy, where he received a PhD degree in computer engineering in 2009. He serves as an IT Consultant in large financial institutions. His interests include distributed systems and solutions for system and service management, integration and interoperability middleware, cloud computing, and DevOps practices.