Denis Ratchenko

Head of IT-systems Development, Sberbank

About speaker

More than 15 years in software engineering industry. Worked his way up from developer to manager. Took active part in implementing various software projects for a global airspace leader and for global foreign and Russian financial institutions. Last two years he dedicated himself to the implementation of AppSec practices in the financial sector. Interested in ways and means of secure implementation of applications from its beginning to the production stage — ways and tools to automate the process of vulnerability analysis of enterprise software solutions and mobile applications, to be precise.

November 16

14:00 — 15:00

Story of one DevSecOps

Fast Track

Russian

A lot of companies use SAST. Some even integrate it in DevOps. But have you ever come across an integration of SAST in DevOps for 3500 projects? We have and successfully so!
We’ll talk about how we developed our own Secure Application Lifecycle Manager — one of the main parts of DevSecOps — which integrates with various information security tools and lets teams integrate SAST, DAST, and VMT by themselves.
Our solution made it possible to integrate SAST and implement Quality Gate system in a relatively short time for ~500 developer teams within ~3500 projects by efforts of just 4 people.