Moataz Nabil
DevSecOps: Injecting Security into Mobile CI/CD Pipelines
#1about 4 minutes
Why shift-left security is critical for mobile apps
The increasing speed of mobile releases makes traditional security a bottleneck, requiring a shift-left approach to find and fix bugs early in the development cycle.
#2about 4 minutes
Understanding the core principles of mobile DevOps
Mobile DevOps combines people, processes, and tools to enable continuous communication, integration, delivery, testing, and monitoring for mobile applications.
#3about 5 minutes
Integrating security into the DevOps lifecycle with DevSecOps
DevSecOps extends DevOps by making security a shared responsibility and integrating automated security checks throughout the entire development process.
#4about 5 minutes
Choosing the right security testing methods for your pipeline
Implementing DevSecOps involves choosing between static (SAST), dynamic (DAST), and interactive (IAST) security testing tools to automate vulnerability detection.
#5about 6 minutes
An example of a secure Android CI/CD workflow
A practical DevSecOps workflow for Android includes steps for static analysis, dependency scanning, dynamic testing, and vulnerability scanning at different stages.
#6about 5 minutes
Demo of building a DevSecOps pipeline with Bitrise
A live demonstration shows how to configure a mobile CI/CD pipeline in Bitrise with integrated steps for SonarQube, Firebase Test Lab, and Oversecured API.
#7about 1 minute
Key lessons learned from implementing DevSecOps
Implementing DevSecOps is a continuous journey that requires a cultural mindset shift, shared team responsibility, and a strong foundation in test automation.
#8about 15 minutes
Q&A on speed, team adoption, and common mistakes
The speaker answers audience questions about balancing speed with security, convincing management to adopt DevSecOps, and common security leaks in mobile development.
Related jobs
Jobs that call for the skills explored in this talk.
Team Lead DevOps (m/w/d)
Rhein-Main-Verkehrsverbund Servicegesellschaft mbH
Frankfurt am Main, Germany
Senior
Matching moments
11:13 MIN
Hardening the CI/CD pipeline with automated security tools
You can’t hack what you can’t see
05:33 MIN
Integrating security earlier in the development lifecycle
Vulnerable VS Code extensions are now at your front door
04:46 MIN
Shifting security testing left in the development lifecycle
Vue3 practical development
00:17 MIN
The cultural shift from DevOps to DevSecOps
You can’t hack what you can’t see
11:05 MIN
Automating security checks in the CI/CD pipeline
DevSecOps: Security in DevOps
02:55 MIN
Shifting security left to prevent incidents before deployment
OPA for the cloud natives
00:45 MIN
The expanding role of developers in security
Vulnerable VS Code extensions are now at your front door
14:01 MIN
Security is now a shared responsibility across all teams
The Evolving Landscape of Application Development: Insights from Three Years of Research
Featured Partners
Related Videos
16:00DevSecOps culture
Ali Yazdani
33:20DevSecOps: Security in DevOps
Aarno Aukia
43:31Scalable architecture for mobile apps
Nachiket Apte
54:51The perfect CI/CD React Native pipeline with Fastlane
Edoardo Dusi
44:30Securing Your Web Application Pipeline From Intruders
Milecia McGregor
34:44Applying DevOps in Flutter mobile development
Majid Hajian
06:09Mobile vs. Backend DevOps
Mete Baydar
51:13Demystifying DevOps—Pros, cons, dos & don'ts
Thomas Fuchs, Waleed Arshad & Frank Dornberger & Idir Ouhab Meskine:
From learning to earning
Jobs that call for the skills explored in this talk.
Platform Engineer / DevOps Engineer - Security
Cognizant
Charing Cross, United Kingdom
API
Azure
DevOps
Docker
Ansible
+7
Platform Engineer / DevOps Engineer - Security
Cognizant
Charing Cross, United Kingdom
API
Azure
DevOps
Docker
Ansible
+7
DevOps Engineer - Network and Security
Tata Consultancy Services
Municipality of Madrid, Spain
Remote
Java
Bash
Azure
Linux
+7