Currently, white-box fuzzing is the most effective testing-approach to automatically identify vulnerability and stability issues within your software. For instance, Google already finds more than 80% of their bugs alone with fuzzing in contrast to all their other testing methods.

And it is very easy to use. In the future everyone will be able to integrate fuzz testing into their CI/CD. That’s why I say: “Developers should cover more security testing, themselves!”.

They are the experts! Developers know their own code best and with the right tools, they can identify bugs with little to no effort. And if by finding these bugs in an early stage of the development process, fixing them becomes very simple and cost-effective.

In my talk, you'll see why I'm so optimistic about the future!

We’ll cover the following topics:
- Modern fuzzing approaches (“feedback-based-fuzzing”)
- Instrumenting JVM code for fuzzing
- Automating fuzzing for web applications
- Integration of fuzzing in the development process
- Fuzzing web applications and integration into the CI/CD

When we have to interconnect different decoupled components (databases, web services, streams,...), we usually write scriptish code as middleware to make that workflow of data. On this custom code, we are coupling something that should be decoupled. Could it be possible to decouple the systems while they are connected?

Integration Processes are the "glue" between these software components. Automating the data flows, adding conditional steps, handling credentials on a secure way,... That's usually a tedious and repetitive task lots of developers do again and again.

With Integration Processes frameworks we can make it simpler and reuse expertise from other developers. We could even build entire workflows without throwing a single line of code.

The use of modern software development methods is drastically increasing the rate of software delivery among traditional banks and breaking the view that they can only deliver software every few months. This talk will explore the impact and practices of Modern Engineering and how it has enabled Lloyds Banking Group to adapt to the challenges of a complex world.
Stephen Hawking predicted the 21st century would be the century of complexity, a world which is unpredictable, ever-evolving and unbounded. This complex world requires the Bank to move from the old business paradigm and mindset of controlling time, scope and cost to the Modern Engineering-led business paradigm and mindset of quality, speed and value.
Bringing it to life, we will see how the Bank applied the Modern Engineering tool-sets to improve their ability to focus on quality, speed and value. We will share examples of how modern engineering practices have helped the Consumer Servicing Value Stream within the Bank to become more adaptable and to respond to COVID19 pandemic. Lastly, we will explore what the new business paradigm of quality, speed and value means for the Executives within the Bank.

Key audience takeaways from this talk:
• Learn how Lloyds Banking Group applied a practical application of Modern Engineering in the Consumer Servicing Value Stream
• Understand the modern engineering principles to help you and your organization adapt to our changing world
• Reflect on how to keep your skills relevant
• Reflect on whether you are clear on your products and how they deliver value to the customers

It is often believed that there’s a built-in tension between software developers and security engineers. The first ones want to move fast with the latter wish to make sure the data, pipes and crown jewels are well protected.
Working in the cloud did give the developers the velocity they always wanted - they have their own account, they can provision cloud assets and can deploy frequently and easily. But they also use admin permissions and leave open buckets everywhere.
The security team at turn finds risky cloud misconfigurations and has to go back to the dev team to check if that was necessary or not. This is a repetitive, time-consuming process that creates friction and sometimes tension between the two teams.
In this talk I will share with you how working with developers instead of trying to clean up after them, actually makes their work much faster, better and more secure.