Majd Zahran
Co-Founder
NibraSec.
Co-Founder of Nibrasec.com | Senior Cloud Security & DevSecOps Engineer at Vogacloset | Passionate about Securing Software, AI security, cloud, and Application Security
Speaker sessions
Shift Left or Miss the Train: Building Security into the DevSecOps Pipeline
Modern software delivery moves fast — and so do attackers. In the race to release features, security often gets left behind, creating vulnerabilities that surface only after code reaches production. “Shifting left” brings security into the earliest stages of the Software Development Life Cycle (SDLC), ensuring threats are identified and mitigated before they become costly incidents.This session takes a deep dive into building a fully integrated DevSecOps pipeline that embeds security without slowing delivery. We’ll explore practical techniques for integrating SAST, DAST, container image scanning, dependency checks, and Infrastructure-as-Code validation directly into CI/CD workflows. Real-world examples will showcase how these controls can be implemented in On-premises setups, AWS CodePipeline, Kubernetes environments, and hybrid cloud setups.Attendees will see live demonstrations of security gates catching vulnerabilities in real time, automated secret detection blocking insecure commits, and policy-as-code enforcing compliance before deployment. We’ll address common challenges — such as developer resistance, false positives, and pipeline performance — and share proven strategies for overcoming them.
- 15:40
- Wed
- 03 Dec
Stage:
Briefings 2
Sessions Type:
Presentation