Upload File

devsecops in 10 minutes

24
Preventing Devoops with DevSecOps Kieran Jacobsen Technical Lead – Infrastructure & Security

Upload: kieranjacobsen

Post on 21-Mar-2017

175 views

Category:

Software


5 download

Report

TRANSCRIPT

Page 1: DevSecOps in 10 minutes

Preventing Devoops with DevSecOpsKieran JacobsenTechnical Lead – Infrastructure & Security

Page 2: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited2Page

2016 was a big year…

Page 3: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited3Page

2017 is getting of to a bad start…

Page 4: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited4Page

Before DevOps

Page 5: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited5Page

DevOps

Page 6: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited6Page

But Where Is Security?

Page 7: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited7Page

DevSecOps› Clear Communication Pathways› Streamlined Communication› Security As Code› Training› Integrate Security into DevOps cycle

Page 8: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited9Page

Communication PathwaysDevelopment Operations

Security

Page 9: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited10Page

Streamlined CommunicationNO:› Excel checklists› Word document reports› Email Attachments

Page 10: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited11Page

Streamlined CommunicationYES:› Backlogs/boards

Page 11: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited12Page

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing

Page 12: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited13Page

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing› Markup and Git

Page 13: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited14Page

Security As Code› Application Source Code› Azure ARM and AWS Cloud Formation› Server Configuration – Chef, Puppet, DSC

Page 14: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited15Page

ARM Templates

Page 15: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited16Page

PowerShell DSC

Page 16: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited17Page

Training› We can’t be experts in Dev, Sec and Ops› We need cross pollination of skills› Starts at day 0

Page 17: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited18Page

Integrating Security

Page 18: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited19Page

Plan› Integrate security into sprint planning and reviews

› Consider security stories early

Page 19: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited20Page

Code› Training!› Test driven development› Use of the correct tools› Pull Requests

Page 20: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited21Page

Build› Static code analysis› Dynamic code analysis

Page 21: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited22Page

Test› Develop security test cases› Fuzzing› Load testing

Page 22: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited23Page

Release & Deploy› Automated scanning upon deployment

Page 23: DevSecOps in 10 minutes

/ Copyright ©2017 by Readify Limited24Page

Operate & Monitor› Monitor logs› Rescan for vulnerabilities› Track dependencies

Page 24: DevSecOps in 10 minutes

Thank You


DevSecOps: Why security is essential · DevSecOps doesn’t happen all at once for most organizations; it is a journey. Although the DevSecOps journey is enabled by technology, the

Introduction 10 minutes Objectives 30 minutes Example, Case Study 10 minutes Group Discussion 30 minutes Exercise 10 minutes Conclusions 10 minutes

DevSecOps - CrikeyCon 2017

What is DevSecOps? Pipelines...What is DevSecOps? DevSecOps is a methodology in which security is integrated into the entire life cycle of application development. Rather than being

  CP-DevSecOps...Automate Security tests in DevOps CP-DevSecOps is the surest way for you to practically experience contiuous security testing or DevSecOps using the most in demand

DISA DevSecOps Enterprise Strategy · Web view2021/07/30  · A DevSecOps New World This document focuses on the DISA Enterprise DevSecOps Strategy to secure the Department of Defense

DevSecOps Journey - CSO50 Conference · DevSecOps Journey 2/28/2018. 3/3/2018 Confidential –Internal Distribution 2 Agenda • DevSecOps @ Fannie Mae o The Challenges and The Promises

DevSecOps Fundamentals

CSA - DevSecOps v1 compressed//aws.amazon.com/blogs/devops/implementing-devsecops-using-aws-codepipeline/ CodePipeline security group ... CSA - DevSecOps v1 compressed Created Date:

addressing IoT challenges through DevSecOps

A DevSecOps Guide - Bitpipe... A DevSecOps Guide • 3 DevSecOps: Making It Happen After understanding the value of a DevOps mindset, making the cultural shift and reaping the benefits,

The Journey to DevSecOps

DevSecOps and the Public Sector

DevSecOps Singapore introduction

DEVSECOPS: Coding DevSecOps journey

PLATAFORMA FT DEVSECOPS - UdeA

DevOps, DevSecOps, and vArmour - Whitepaper DevSecOps, and... · DevOps and DevSecOps DevOps has become a well established practice within many organizations. It aims to improve the

DevSecOps SG Introduction - August Meetup

DoD Enterprise DevSecOps Fundamentals - AF

DevSecOps – Agility with Security · 4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

DevSecOps - Building Rugged Software

Enterprise Cloud Security via DevSecOps

DevSecOps PLAYBOOK - Cprime

DevSecOps of Containerization

Presentation: DoD Enterprise DevSecOps Initiative

Overview 10 minutes Goals 10 minutes Objectives 10 minutes Performance based approach 10 minutes Complexity 20 minutes Tools Exercise 15 minutes Conclusion

DevSecOps Best Practices and Considerations

Overcoming DevSecOps Challenges

DevSecOps Overview - NYS Forum Home · 11/14/2018  · DevSecOps Overview November 14, 2018 ... 3 Benefits of DevSecOps 4 How to Implement DevSecOps 5 Summary / Questions. Security

Putting the Sec in DevSecOps

DevSecOps in Multi Account

DevSecOps – Agility with Security...4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

오픈소스로 만나보는 DevSecOps · 삼성 오픈소스 컨퍼런스 오픈소스로 만나보는 DevSecOps 우아한형제들 조민재 [email protected] 2018년 10월 18일

Jumpstarting Your DevSECOps Pipeline with IAST and RASP · 2018-07-28 · Jumpstarting Your DevSecOps Pipeline with IAST and RASP | contrastsecurity.com 10 • Must cover policies/rules

DoD Enterprise DevSecOps Fundamentals · 2021. 6. 11. · DevSecOps, including normalized definitions of DevSecOps concepts. Other pertinent information is captured in corresponding