Julien Topçu | Devoxx

Devoxx Belgium 2018
from Monday 12 November to Friday 16 November 2018.

Senior Lead Developer for Société Générale, I'm an active evangelist on "value creation" focused methodologies, such as DDD/Hexagonal Architecture, l'XP and Kanban #NoEstimates.

As an OWASP fundation member, I strive to convey the DevSecOps mindset to the community. I set up several Continuous Security pipelines at companies scale.

See also https://beyondxscratch.wordpress.com/

Find and Track the hidden vulnerabilities inside your dependencies

Tools-in-Action

44% of applications contain critical vulnerabilities in an open source component* and this although good practices like OWASP Top 10 have become widespread.

Do not let these vulnerabilities incubate warm in the belly of your app! With this talk you'll learn how those vulnerabilities are indexed (NVD, CVE) and how their severity is scored (CVSS).

You'll see how to create your first Continuous Security pipeline using Jenkins and OWASP DependencyCheck which detects vulnerabilities and track them using OWASP DependencyTrack (open-source softwares)

Do you first step in the DevSecOps philosophy !!!

*https://www.veracode.com/products/software-composition-analysis

Developers, you should stop estimating your tasks! #noEstimates

Quickie

As we all know, estimating is both difficult and expensive and how often your tasks have taken longer than expected? Estimation is today one of the preferred methods for decision-making as well as the evaluation of the release dates of our projects ... but today there is an alternative: no longer estimating our tasks!

This talk is feedback on the implementation of #noEstimates on a development team for over a year. You will see what are the keys as well as the tools needed to set it up.

Sign-in
Make sure to download the Android or iOS mobile schedule.