I had the pleasure to give a presentation at the Security Interest Group Switzerland Technology Conference about modern application stacks and how they can be used to improve infrastructure and application security posture – the slides can be found here. Besides seeing a lot of old friends, I particularly enjoyed a round table discussion on security integration into CI/CD pipelines. There was a relevant exchange on approaches that actually work and were tested in environments beyond just recommending some container scanner (product). One participant had an interesting case study on how they enabled developers to maintain WAF policies in configuration files in their code repository including automated deployment to the WAF. He also emphasized that the environments with actual security benefits resulted from a close cooperation between development and security team (were domain knowledge was combined 😉 ).