security is everybody’s job…. literally! changing …...security is everybody’s...
TRANSCRIPT
![Page 1: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/1.jpg)
Security is everybody’s job….
Literally!Changing DevOps into DevSecOps
Tanya Janca
![Page 2: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/2.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
What are we going to talk about
today?
![Page 3: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/3.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
DevOps
![Page 4: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/4.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
DevSecOpsFrom a dev and ops perspective.
![Page 5: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/5.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Security being partof your daily work.
![Page 6: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/6.jpg)
Security is everybody’s
job…Literally! Tanya Janca
How some security people see DevOps
@SheHacksPurpleSlide Credit: Pete Cheslock
![Page 7: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/7.jpg)
Security is everybody’s
job…Literally! Tanya Janca
How I see DevOps: DevSecOps@SheHacksPurple
Slide Credit:
DevSecCon
![Page 8: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/8.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
DevSecOps
![Page 9: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/9.jpg)
Security is everybody’s
job…Literally! Tanya Janca
I’m Tanya Janca.
@SheHacksPurple
AKA: @SheHacksPurple
This is me.
![Page 10: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/10.jpg)
Security is everybody’s
job…Literally! Tanya Janca
This is me.
I’m a Senior Cloud Developer Advocate at:
What does THAT mean?@SheHacksPurple
![Page 11: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/11.jpg)
Security is everybody’s
job…Literally! Tanya Janca
I work to make security features easier to use.
It means I help developers use our products more securely.
I provide feedback to make our products more secure.
I do security research and share it with the community.
Security research, such as this presentation, OWASP DevSlop, and much more.
This is me.
I’m a Senior Cloud Developer Advocate at:
@SheHacksPurple
![Page 12: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/12.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
This is me. AppSec Evangelist.
![Page 13: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/13.jpg)
Security is everybody’s
job…Literally! Tanya Janca
This is me. AppSec Evangelist.
@SheHacksPurple
![Page 14: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/14.jpg)
Security is everybody’s
job…Literally! Tanya Janca
This is me.
Ethical hacker
I want to know how things work.
@SheHacksPurple
![Page 15: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/15.jpg)
Security is everybody’s
job…Literally! Tanya Janca
This is me.
I LOVE OWASP!
Open Web Application Security Project
An international non-profit that operates chapters, projects and conferences all over the globe, in efforts to
help everyone create more secure software.
@SheHacksPurple
![Page 16: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/16.jpg)
Security is everybody’s
job…Literally! Tanya Janca
This is me.
OWASP Ottawa Chapter Leader
@SheHacksPurple
![Page 17: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/17.jpg)
Security is everybody’s
job…Literally! Tanya Janca
This is me.
OWASP DevSlop
Project Leader
@SheHacksPurple
![Page 18: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/18.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
This is me.
Software Developer
(since the late 90’s)
That’s over 20 years!
AHHHHHHHHHHHH!
@SheHacksPurple@SheHacksPurple
![Page 19: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/19.jpg)
Security is everybody’s
job…Literally! Tanya Janca
This is me.
Goal: to change the way we make software so that the easiest way to do something is also the most secure way.
Photo: Belfast, Ireland, AppSec EU 2017 @SheHacksPurple
![Page 20: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/20.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Let’s do this.
@SheHacksPurple
![Page 21: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/21.jpg)
Application Security
@SheHacksPurple
Introduction
![Page 22: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/22.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
![Page 23: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/23.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Poor AppSec is a Problem!
Poor AppSec Causes 29-40%~ of Breaches!Verizon Data Breach Investigation Report (DBIR) for 2017 and 2016.
@SheHacksPurple
![Page 24: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/24.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Application Security Missing!
AppSec is not covered in most post-secondary Comp-Sci and Soft-Engprograms
@SheHacksPurple
![Page 25: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/25.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurplePhoto: #WOCTechChat
Security is Outnumbered!
![Page 26: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/26.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Dev / Ops / Sec
@SheHacksPurple
100 / 10 / 1
Security is Outnumbered!
![Page 27: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/27.jpg)
Security is everybody’s
job…Literally! Tanya Janca
And the accompanying security model was much, much worse.
@SheHacksPurpleImage: Winged Beast
Waterfall Never Worked Well
![Page 28: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/28.jpg)
DevOps
@SheHacksPurple
![Page 29: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/29.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
![Page 30: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/30.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
![Page 31: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/31.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
![Page 32: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/32.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
ConfidentialityIntegrityAvailability
=
![Page 33: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/33.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
![Page 34: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/34.jpg)
Security is everybody’s
job…Literally! Tanya Janca
“DevOps is the best thing to happen to Application Security since OWASP. ”
-Tanya Janca
@SheHacksPurple
![Page 35: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/35.jpg)
@SheHacksPurple
DevOps
The Three Ways
![Page 36: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/36.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Left -> Right = speed
@SheHacksPurple
![Page 37: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/37.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Requirements Design Code Testing Release
![Page 38: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/38.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurplePhoto: #WOCTechChat
What does this mean for Security?
![Page 39: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/39.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurplePhoto: #WOCTechChat
What does this mean for dev & ops?
![Page 40: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/40.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Only deploy up-to-date images and containers.
@SheHacksPurplePhoto: #WOCTechChat
What does this mean for dev & ops?
![Page 41: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/41.jpg)
Security is everybody’s
job…Literally! Tanya Janca
The “Photo” Slide, #1• Helping the AppSec team tune static code analysis
tools • Add security bugs to the defect tracker• Using templates and code samples that a known-
secure (sec code library) • Using freshly scanned images that are up to
date/fully patched• Setup regular, automated scans for VMs and
containers@SheHacksPurple
What does this mean for dev & ops?
![Page 42: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/42.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Help the AppSec Team tune their tools.
For their sake, and yours.
What does this mean for dev & ops?@SheHacksPurplePhoto: #WOCTechChat
![Page 43: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/43.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Positive testing determines that your application works as expected. If an error is encountered during positive testing, the test fails.
Negative testing ensures that your application can gracefully handle invalid input or unexpected user behavior.
@SheHacksPurplePhoto: #WOCTechChat
What does this mean for
dev & ops?
![Page 44: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/44.jpg)
Security is everybody’s
job…Literally! Tanya Janca
What does this mean for dev & ops?
The “Photo” Slide, #2• Add negative use cases as unit tests, not just positive
use cases (Morgan Roman, @Hackimedes)• Helping AppSec team tune web proxy scanners (DAST)• If the AppSec team creates a security pipeline for testing
for you, use it!• OWASP Dependency check, Retire.js, Synk, Black Duck,
etc. Tools to remove known vulnerable code/ libraries/ components
@SheHacksPurple
![Page 45: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/45.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
![Page 46: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/46.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Requirements Design Code Testing Release
@SheHacksPurple
![Page 47: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/47.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Fixing costs of quality & security issues rises significantly as the development cycle
advances
CODING PRODUCTIONQA & SECURITY
BUILD
Source: Ponemon Institute Research
$80/defect $240/defect $960/defect $7,600/defect
DevOps and the “Shift Left” principal
@SheHacksPurple
![Page 48: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/48.jpg)
Security is everybody’s
job…Literally! Tanya Janca
What does this mean for Security?
@SheHacksPurplePhoto: #WOCTechChatFaster Feedback = Shifting Left
![Page 49: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/49.jpg)
Security is everybody’s
job…Literally! Tanya Janca
What does this mean for dev & ops?
Telling the security team what you are concerned about.
Feedback goes both ways.
@SheHacksPurplePhoto: #WOCTechChat
![Page 50: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/50.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Side Tangent: The SecDevOpronomicon
![Page 51: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/51.jpg)
Security is everybody’s
job…Literally! Tanya Janca
What does this mean for dev & ops?
Participating in Security Activities
• Incidents
• Threat Modelling
• Security Sprints
• Etc.
@SheHacksPurplePhoto: #WOCTechChat
![Page 52: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/52.jpg)
Security is everybody’s
job…Literally! Tanya Janca
What does this mean for dev & ops?
The “Photo” Slide, #3• Faster feedback loops = fixing bugs sooner • Breaking the build if you introduce security issues• Adding security sprints to your project timeline• Participating in Threat modelling activities • Participating in incident response, if need be• Learning to use security tools• Security becomes part of the definition of quality
@SheHacksPurple
![Page 53: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/53.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
![Page 54: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/54.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurplePhoto: #WOCTechChat
What does this meanfor Security?
![Page 55: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/55.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurplePhoto: #WOCTechChat
What does this mean for dev & ops?
![Page 56: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/56.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurplePhoto: #WOCTechChat
What does this mean for dev &
ops?
![Page 57: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/57.jpg)
Security is everybody’s
job…Literally! Tanya Janca
What does this mean for dev & ops?
The “Photo” Slide, #4• Accept security training if offered• Train yourself • Share information widely when you fix security issues• Participate in Security Simulations• Ask for and analyze metrics from security testing,
look for patterns or systemic issues• Ensure you perform blameless introspection
@SheHacksPurple
![Page 58: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/58.jpg)
Security is Everybody’s Job
Culture Change
@SheHacksPurple
![Page 59: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/59.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Photo: #WOCTechChat
Celebrate Security
Wins!
Reinforce Culture Change
@SheHacksPurple
![Page 60: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/60.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Photo: #WOCTechChat @SheHacksPurple
Work More Closely:
Security + Dev + Ops
Reinforce Culture Change
![Page 61: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/61.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Photo: #WOCTechChat @SheHacksPurple
Reinforce Culture Change
No More Blaming
![Page 62: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/62.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Photo: #WOCTechChat
Reinforce Culture Change
@SheHacksPurple
Be a Security Champion
![Page 63: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/63.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Call To Action
![Page 64: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/64.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Call To Action
![Page 65: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/65.jpg)
Conclusion
@SheHacksPurple
![Page 66: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/66.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Resources
@SheHacksPurple
The Microsoft DevOps Journey
https://stories.visualstudio.com/
![Page 67: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/67.jpg)
Security is everybody’s
job…Literally! Tanya Janca
OWASP DevSlop Has Your Back
@SheHacksPurplehttps://www.owasp.org/index.php/OWASP_DevSlop_Project
DevSlop.co
![Page 68: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/68.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Links for Getting Started in Application
Security
https://aka.ms/GettingStartedWithAppSec
Resources
![Page 69: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/69.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Security LearnsTo Sprint
![Page 70: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/70.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Follow me?Twitter: @SheHacksPurple
https://medium.com/@shehackspurple
https://DevSlop.co
Resources
![Page 71: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/71.jpg)
Security is everybody’s
job…Literally! Tanya Janca
@SheHacksPurple
Security is now a partof your daily work.
Resources
![Page 72: Security is everybody’s job…. Literally! Changing …...Security is everybody’s job…Literally! Tanya Janca This is me. I LOVE OWASP!Open Web Application Security Project An](https://reader034.vdocuments.site/reader034/viewer/2022042708/5f3c1eabbb7aac09127b5258/html5/thumbnails/72.jpg)
Security is everybody’s
job…Literally! Tanya Janca
Subject divider
Subject divider
Tanya Janca
Security is everybody’s
job…Literally!
Thank You
[email protected] @SheHacksPurple
http://aka.ms/AppSecEU