Moataz Nabil

DevSecOps: Injecting Security into Mobile CI/CD Pipelines

Is your rapid release cycle creating security vulnerabilities? Learn to inject automated security into your mobile CI/CD pipeline without sacrificing speed.

DevSecOps: Injecting Security into Mobile CI/CD Pipelines
#1about 4 minutes

Why shift-left security is critical for mobile apps

The increasing speed of mobile releases makes traditional security a bottleneck, requiring a shift-left approach to find and fix bugs early in the development cycle.

#2about 4 minutes

Understanding the core principles of mobile DevOps

Mobile DevOps combines people, processes, and tools to enable continuous communication, integration, delivery, testing, and monitoring for mobile applications.

#3about 5 minutes

Integrating security into the DevOps lifecycle with DevSecOps

DevSecOps extends DevOps by making security a shared responsibility and integrating automated security checks throughout the entire development process.

#4about 5 minutes

Choosing the right security testing methods for your pipeline

Implementing DevSecOps involves choosing between static (SAST), dynamic (DAST), and interactive (IAST) security testing tools to automate vulnerability detection.

#5about 6 minutes

An example of a secure Android CI/CD workflow

A practical DevSecOps workflow for Android includes steps for static analysis, dependency scanning, dynamic testing, and vulnerability scanning at different stages.

#6about 5 minutes

Demo of building a DevSecOps pipeline with Bitrise

A live demonstration shows how to configure a mobile CI/CD pipeline in Bitrise with integrated steps for SonarQube, Firebase Test Lab, and Oversecured API.

#7about 1 minute

Key lessons learned from implementing DevSecOps

Implementing DevSecOps is a continuous journey that requires a cultural mindset shift, shared team responsibility, and a strong foundation in test automation.

#8about 15 minutes

Q&A on speed, team adoption, and common mistakes

The speaker answers audience questions about balancing speed with security, convincing management to adopt DevSecOps, and common security leaks in mobile development.

Related jobs
Jobs that call for the skills explored in this talk.

Remote

Name of

Name of

Remote
Intermediate
PHP
Java
+1

Matching moments

Integrating security into the DevOps lifecycle (DevSecOps)
05:52 MIN

Integrating security into the DevOps lifecycle (DevSecOps)

Demystifying DevOps—Pros, cons, dos & don'ts

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The evolution from traditional security to DevSecOps
02:18 MIN

The evolution from traditional security to DevSecOps

DevSecOps culture

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
The modern DevSecOps approach to application security
04:29 MIN

The modern DevSecOps approach to application security

Maturity assessment for technicians or how I learned to love OWASP SAMM

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Hardening the CI/CD pipeline with automated security tools
05:06 MIN

Hardening the CI/CD pipeline with automated security tools

You can’t hack what you can’t see

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Integrating security across the development lifecycle
02:41 MIN

Integrating security across the development lifecycle

Why Security-First Development Helps You Ship Better Software Faster

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Integrating security tools into the developer workflow
05:30 MIN

Integrating security tools into the developer workflow

Secure Code Superstars: Empowering Developers and Surpassing Security Challenges Together

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Why developers often overlook CI/CD security
04:43 MIN

Why developers often overlook CI/CD security

Securing Your Web Application Pipeline From Intruders

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.
Integrating security throughout the CI/CD process
04:40 MIN

Integrating security throughout the CI/CD process

Plan CI/CD on the Enterprise level!

Unlock Moments
Create a free account to watch a limited number of Moments each month.
Upgrade to PRO for unlimited access to the full archive.

Featured Partners

Related Videos

See all videos
DevSecOps culture16:00

DevSecOps culture

Ali Yazdani

DevSecOps: Security in DevOps33:20

DevSecOps: Security in DevOps

Aarno Aukia

Scalable architecture for mobile apps43:31

Scalable architecture for mobile apps

Nachiket Apte

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Demystifying DevOps—Pros, cons, dos & don'ts51:13

Demystifying DevOps—Pros, cons, dos & don'ts

Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:

Organizational Change Through The Power Of Why - DevSecOps Enablement26:50

Organizational Change Through The Power Of Why - DevSecOps Enablement

Nazneen Rupawalla

Enabling automated 1-click customer deployments with built-in quality and security44:40

Enabling automated 1-click customer deployments with built-in quality and security

Christoph Ruggenthaler

Applying DevOps in Flutter mobile development34:44

Applying DevOps in Flutter mobile development

Majid Hajian

Related Articles

View all articles
CH
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!
DC
Daniel Cranney
How software is steering vehicle technology
The automotive industry is entering a transformative era, and developers have a unique opportunity to be part of it. Cars are no longer just mechanical machines; they’re sophisticated tech platforms with software at their core. This shift, defined by...
How software is steering vehicle technology
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?

From learning to earning

Jobs that call for the skills explored in this talk.