RuhrSec 2019: "Automate the generation of security documentation", Andreas Kuehne & Jens Neuhalfen скачать в хорошем качестве

RuhrSec 2019: "Automate the generation of security documentation", Andreas Kuehne & Jens Neuhalfen

RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. https://www.ruhrsec.de/ Talk. Automate the generation of security documentation Abstract. Formal security documentation is usually a neglected task. However, it’s a basic requirement to have comprehensive and recent documents in place, not only if you are facing some sort of audit. We will compare the aims and structure of "classical" security documentation and will show common shortcomings of these documents. Especially when moving from waterfall to a more agile approach there are new challenges: changes occur more frequently and must be reflected in the security documents, increasing numbers of (micro-) services require significantly more documentation efforts, resource-oriented services do not match well with usually established process-focused approaches, security documentation is the first victim in high frequency deployment environments. The proven way to solve these issues is automation! We will outline an approach to take advantage of already existing meta information to derive a solid foundation of a security documentation. The process can be integrated into the usual build process and liberates the dev team from annoying documentation tasks. The talk will be completed with a summary of documentation parts that can be produced by automation and parts that need human expertise. We will also give an outlook on aspects that maybe addressed in later stages of automation. Biography. Andreas Kuehne is the founder of trustable Ltd., a security consultancy company and member of the FutureTrust project. He is an active initiator and contributor of several open source projects as well as the co-chair of the OASIS DSS-X committee. Biography. Jens Neuhalfen is Information Security Officer at Deutsche Post DHL Group and lives and breathes IT since 20 years. He is convinced that the interface between IT and non-IT is the most important lever to run a successful business for IT-centric ventures. Further, Jens is convinced that sensible IT security not only saves money but opens new business opportunities.