SlideShare ist ein Scribd-Unternehmen logo

Securing DevOps

Aarno Aukia
Aarno Aukia

Presented at Area41.io (Defcon Switzerland Conference) 10.6.2016

Präsentationen & Vorträge
1 von 27
Downloaden Sie, um offline zu lesen
SecDevOps securing DevOps Area41 10.6.2016 Zürich Aarno Aukia VSHN AG - The DevOps Company
10.6.2016 VSHN AG | http://vshn.ch 2 About me ● MSc Computer Science ETH ● Security Operations @ Google ● Co-Founder & CTO @ Atrila (Security Operations) ● Co-Founder & CTO @ VSHN (DevOps) ● Spare Time: Event Networks/WiFi at Area41 ● @aarnoaukia ● http://about.me/aarno
10.6.2016 VSHN AG | http://vshn.ch 3 Agenda ● DevOps ? ● Where is the security ? ● Customer example 1 ● Customer example 2 ● Discussion
10.6.2016 VSHN AG | http://vshn.ch 4 DevOps? ● Collaboration: Development (Dev) and Operations (Ops) ● Bring agile software engineering methods to operations – Automation: infrastructure as a code, versioning/rollback – Testing: continuous integration/testing/deployment ● Bring operations engineering experience to developers – Scalability: independent microservices – Production insight: monitoring/logging/metrics ● Together: make the application's owner happier
10.6.2016 VSHN AG | http://vshn.ch 5 Dev + Ops collaboration ● Bring together Developers & Operations ● Practice agile Operations Engineering ● Counter fear of change with (automated) testing ● Provide developer and development infrastructure – Tools for developers, preferably self-served
10.6.2016 VSHN AG | http://vshn.ch 6 Infrastructure as code ● Change from hand-groomed servers to Operations Engineering (from pets to cattle) ● Speed & reliability ● Versioning & rollback ● Prerequisite for self-service – Give each developer a full stack – No manual changes in production – As many testing instances as needed
10.6.2016 VSHN AG | http://vshn.ch 7 Infrastructure tools ● Packaging code & dependencies for atomic deployment/rollback – Deb/rpm, Docker ● Infrastructure state management (configuration mgmt) – Puppet, Salt, Chef, Ansible ● Continuous Integration/Testing/Deployment – Jenkins/TravisCI/GitlabCI/Atlassian Bamboo ● Self-Service – Vagrant/Docker or through Continuous Deployment
10.6.2016 VSHN AG | http://vshn.ch 8 Infrastructure testing ● Bring software engineering best practice to operations ● Large complex infrastructure (as code) → many moving parts – Unit testing each module (webserver setup, database setup, cache setup, etc) – Functional end-to-end testing of full stack (request to cache delivers content from database) ● Basically the same thing as production service monitoring but for each change
10.6.2016 VSHN AG | http://vshn.ch 9 Infrastructure feedback ● Collect all logs in ELK (Elasticsearch, Logstash & Kibana) – Let the developers search for prod error root cause – No sudo/root access to production needed – Added value: merged & indexed ● Collect Server & Application Metrics – Correlate with deployments & site traffic
10.6.2016 VSHN AG | http://vshn.ch 10 Software Delivery Automation
10.6.2016 VSHN AG | http://vshn.ch 11 Where is the security ?
10.6.2016 VSHN AG | http://vshn.ch 12 Developers ● Duh! ● Education, education, education ● Concept/architecture/code audits ● Use proven libraries ● ...
10.6.2016 VSHN AG | http://vshn.ch 13 Configuration management ● Declare target state ● Enforce state every x minutes, e.g. 15min ● Establish baseline system security – Services enabled/disabled – System (admin) users, groups, keys, hashes, sudoers – AAA (AD/LDAP) for 'normal users' – Host firewall (e.g. iptables) – Installed software
10.6.2016 VSHN AG | http://vshn.ch 14 Logging ● Audit logging (who changed what when) ● Application/request log ● As WORM as feasible for the customer – Generally read-only for 'normal users' – Restricted admin access ● ELK-Stack – Transport, parsing, ingest: Logstash – Storage & Indexing: Elasticsearch – Querying & Dashboard: Kibana
10.6.2016 VSHN AG | http://vshn.ch 15 Service Monitoring ● Layer 7: HTTP, SMTP, etc ● Layer 6: SSL, certificates, protocols, ciphers, etc ● System parameters ● Updates ● Backup ● Tool: Icinga2
10.6.2016 VSHN AG | http://vshn.ch 16 Backup ● As WORM as feasible – Restricted admin access, no access for customer staf – Only new data can be pushed ● Servers are enrolled automatically by configuration management – Enforcing the backup target will not be in the same location/infrastructure ● Data encrypted at source server using multiple keys ● Control connections use SSL/TLS ● Continuously monitored, regularly restore-tested
10.6.2016 VSHN AG | http://vshn.ch 17 Version Management ● Everything is in version management = GIT – Customer code – Configuration management code & config ● Changes/commits feed into audit log ● Shared or dedicated service – Shared: github.com, bitbucket.com, gitlab.com – Dedicated: Atlassian Bitbucket, Gitlab ● AAA through AD/LDAP ● Since all Devs have offline copies: no credentials in code !
10.6.2016 VSHN AG | http://vshn.ch 18 Continuous integration ● Trigger Build/Package/Test/Deploy on each commit – Targets configurable per repository, branch, tag – Manual 'promote' e.g. of production release – Feed into audit log – Store completed build/package artifacts ● Artifactory ● (private) docker registry ● Deb/RPM repository ● Feed back status to Git-GUI, dashboard, monitoring ● AAA through AD/LDAP
10.6.2016 VSHN AG | http://vshn.ch 19 Automated testing ● All code is tested automatically – Customer code – Config management code & parameters ● Testing depth depends on customer... – Syntax, coding style (lint), static code analysis – Unit tests ● 'Does this module do what it is supposed to do?' – Functional tests ● 'Does the application behave correctly end-to-end?' ● detect changes in nikto/sqlmap output ?
10.6.2016 VSHN AG | http://vshn.ch 20 Databases & Backends ● Growing list of 'standard software' needed as backends for customer applications – MySQL/MariaDB/Galera/MaxScale, PostgreSQL, Redis, MongoDB, RabbitMQ, Memcached, Solr, Elasticsearch, NFS/DRBD, Ceph ● All services automatically deployed by configuration management ● Provide each service with sane config, clustering, credential management, firewall config, backup config, monitoring config
10.6.2016 VSHN AG | http://vshn.ch 21 Web & Application Servers ● Growing list of application servers – PHP, Python, Ruby, Java/Tomcat, Java/Wildfly, Java/Play, Coldfusion, Docker ● Provide each service with sane config, firewall config, backup config, monitoring config ● Provide backend credentials through environment variables – http://12factor.net ● Other standard components: – Apache, Nginx, Varnish, mod_security, HAproxy, OpenVPN, iptables, pacemaker, keepalived
10.6.2016 VSHN AG | http://vshn.ch 22 Customer case 1 ● Server stack (Puppet) – Nginx, Varnish – PHP versions 5.6 and 7 – MySQL/MariaDB-Galera-Cluster – Memcached/Redis/Solr/Elasticsearch ● Application Deployment/update (Ansible/SSH) ● Bundle know-how (settings, tunings, etc.) in common module, override if necessary per customer through YAML-File in Git- Repository ● Docker image for local testing/developing
10.6.2016 VSHN AG | http://vshn.ch 23 Case1
10.6.2016 VSHN AG | http://vshn.ch 24 Customer case 2 ● OpenShift: PaaS Plattform as a Service ● Docker, Kubernetes (Google), Openshift (Redhat) ● 100% Opensource, enterprise support available ● Swiss public PaaS: appuio.ch ● EU/US public: AWS ● Dedicated/private available worldwide – AWS – Enterprise on-premises
10.6.2016 VSHN AG | http://vshn.ch 25 OpenShift
10.6.2016 VSHN AG | http://vshn.ch 26 About VSHN ● Swiss DevOps & Ops Company, 17 people in Zürich ● Building the tools and workflows for self-service ● Managing web applications in any cloud – We are cloud-agnostic: we run on AWS, MSA, GCE, DO, Hetzner, OVH, SafeSwissCloud, Cloudscale, Exoscale and on any on-premises Enterprise private cloud ● We work for Amazee Labs, Liip, Mercedes Benz Switzerland,Migros, SaltCinema, SIX Group, Sherpany, Sobrado, Starticket, Suisa, Taskfleet, zurichopenair.ch, etc. ● How can we help YOU?
10.6.2016 VSHN AG | http://vshn.ch 28 Thanks ● Questions ? ● We're hiring System and Software Engineers @vshn_ch ! ● Get in touch with @aarnoaukia, @tobruzh or @vshnemanuel

Empfohlen

12 factor app
12 factor app12 factor app
12 factor appDmytro Panin
 
JSS build and deployment
JSS build and deploymentJSS build and deployment
JSS build and deploymentDavid Szöke
 
점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정Arawn Park
 
OpenCms Days 2012 - Developing OpenCms with Gradle
OpenCms Days 2012 - Developing OpenCms with GradleOpenCms Days 2012 - Developing OpenCms with Gradle
OpenCms Days 2012 - Developing OpenCms with GradleAlkacon Software GmbH & Co. KG
 
Futureproof angular 1.x applications - yannick houbrix
Futureproof angular 1.x applications - yannick houbrixFutureproof angular 1.x applications - yannick houbrix
Futureproof angular 1.x applications - yannick houbrixAxxes IT Consultancy
 
Introducing spring
Introducing springIntroducing spring
Introducing springErnesto Hernández Rodríguez
 
Advanced Debugging Techniques
Advanced Debugging TechniquesAdvanced Debugging Techniques
Advanced Debugging TechniquesDavid Szöke
 
Dev objective2015 lets git together
Dev objective2015 lets git togetherDev objective2015 lets git together
Dev objective2015 lets git togetherColdFusionConference
 

Empfohlen

12 factor app
12 factor app12 factor app
12 factor appDmytro Panin
 
JSS build and deployment
JSS build and deploymentJSS build and deployment
JSS build and deploymentDavid Szöke
 
점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정점진적인 레거시 웹 애플리케이션 개선 과정
점진적인 레거시 웹 애플리케이션 개선 과정Arawn Park
 
OpenCms Days 2012 - Developing OpenCms with Gradle
OpenCms Days 2012 - Developing OpenCms with GradleOpenCms Days 2012 - Developing OpenCms with Gradle
OpenCms Days 2012 - Developing OpenCms with GradleAlkacon Software GmbH & Co. KG
 
Futureproof angular 1.x applications - yannick houbrix
Futureproof angular 1.x applications - yannick houbrixFutureproof angular 1.x applications - yannick houbrix
Futureproof angular 1.x applications - yannick houbrixAxxes IT Consultancy
 
Introducing spring
Introducing springIntroducing spring
Introducing springErnesto Hernández Rodríguez
 
Advanced Debugging Techniques
Advanced Debugging TechniquesAdvanced Debugging Techniques
Advanced Debugging TechniquesDavid Szöke
 
Dev objective2015 lets git together
Dev objective2015 lets git togetherDev objective2015 lets git together
Dev objective2015 lets git togetherColdFusionConference
 
Salt and pepper — native code in the browser Browser using Google native Client
Salt and pepper — native code in the browser Browser using Google native ClientSalt and pepper — native code in the browser Browser using Google native Client
Salt and pepper — native code in the browser Browser using Google native ClientMayflower GmbH
 
How to Use the Salesforce Suite with Drupal 8: A Quick Start Guide
How to Use the Salesforce Suite with Drupal 8: A Quick Start GuideHow to Use the Salesforce Suite with Drupal 8: A Quick Start Guide
How to Use the Salesforce Suite with Drupal 8: A Quick Start GuideAcquia
 
Lightning talk: 12 Factor Containers
Lightning talk: 12 Factor ContainersLightning talk: 12 Factor Containers
Lightning talk: 12 Factor ContainersMukhtar Haji
 
Pitfalls in Performance Testing AxxesCC 06/2015
Pitfalls in Performance Testing AxxesCC 06/2015Pitfalls in Performance Testing AxxesCC 06/2015
Pitfalls in Performance Testing AxxesCC 06/2015Axxes IT Consultancy
 
Continuous delivery made
Continuous delivery madeContinuous delivery made
Continuous delivery mademimmozzo_
 
Windows 與 Azure 的容器旅程 @ Skilltree Day
Windows 與 Azure 的容器旅程 @ Skilltree DayWindows 與 Azure 的容器旅程 @ Skilltree Day
Windows 與 Azure 的容器旅程 @ Skilltree DayJeff Chu
 
Bgoug 2019.11 test your pl sql - not your patience
Bgoug 2019.11 test your pl sql - not your patienceBgoug 2019.11 test your pl sql - not your patience
Bgoug 2019.11 test your pl sql - not your patienceJacek Gebal
 
Deploying Drupal using Capistrano
Deploying Drupal using CapistranoDeploying Drupal using Capistrano
Deploying Drupal using CapistranoJochen Verdeyen
 
Testing the Enterprise layers, with Arquillian
Testing the Enterprise layers, with ArquillianTesting the Enterprise layers, with Arquillian
Testing the Enterprise layers, with ArquillianVirtual JBoss User Group
 
twMVC#44 如何測試與保護你的 web application with playwright
twMVC#44 如何測試與保護你的 web application with playwrighttwMVC#44 如何測試與保護你的 web application with playwright
twMVC#44 如何測試與保護你的 web application with playwrighttwMVC
 
OpenMRS RegaDB Integration
OpenMRS RegaDB IntegrationOpenMRS RegaDB Integration
OpenMRS RegaDB Integrationaniketha katakam
 
Spring Boot—Production Boost
Spring Boot—Production BoostSpring Boot—Production Boost
Spring Boot—Production BoostVMware Tanzu
 
XWiki Aquarium Paris
XWiki Aquarium ParisXWiki Aquarium Paris
XWiki Aquarium ParisAlexis Moussine-Pouchkine
 
Its easy! contributing to open source - Devnexus 2020
Its easy! contributing to open source - Devnexus 2020Its easy! contributing to open source - Devnexus 2020
Its easy! contributing to open source - Devnexus 2020César Hernández
 
Ultimate Survival - React-Native edition
Ultimate Survival - React-Native editionUltimate Survival - React-Native edition
Ultimate Survival - React-Native editionRichard Radics
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Breaking the monolith
Breaking the monolithBreaking the monolith
Breaking the monolithJacopo Nardiello
 
Bgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudBgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudJacek Gebal
 
Intro to Ratpack (CDJDN 2015-01-22)
Intro to Ratpack (CDJDN 2015-01-22)Intro to Ratpack (CDJDN 2015-01-22)
Intro to Ratpack (CDJDN 2015-01-22)David Carr
 
How do I Write Testable Javascript so I can Test my CF API on Server and Client
How do I Write Testable Javascript so I can Test my CF API on Server and ClientHow do I Write Testable Javascript so I can Test my CF API on Server and Client
How do I Write Testable Javascript so I can Test my CF API on Server and ClientColdFusionConference
 
DevOps and Magento
DevOps and MagentoDevOps and Magento
DevOps and MagentoAarno Aukia
 
Ficha32
Ficha32Ficha32
Ficha32GABRIELA SITTO
 

Weitere ähnliche Inhalte

Was ist angesagt?

Salt and pepper — native code in the browser Browser using Google native Client
Salt and pepper — native code in the browser Browser using Google native ClientSalt and pepper — native code in the browser Browser using Google native Client
Salt and pepper — native code in the browser Browser using Google native ClientMayflower GmbH
 
How to Use the Salesforce Suite with Drupal 8: A Quick Start Guide
How to Use the Salesforce Suite with Drupal 8: A Quick Start GuideHow to Use the Salesforce Suite with Drupal 8: A Quick Start Guide
How to Use the Salesforce Suite with Drupal 8: A Quick Start GuideAcquia
 
Lightning talk: 12 Factor Containers
Lightning talk: 12 Factor ContainersLightning talk: 12 Factor Containers
Lightning talk: 12 Factor ContainersMukhtar Haji
 
Pitfalls in Performance Testing AxxesCC 06/2015
Pitfalls in Performance Testing AxxesCC 06/2015Pitfalls in Performance Testing AxxesCC 06/2015
Pitfalls in Performance Testing AxxesCC 06/2015Axxes IT Consultancy
 
Continuous delivery made
Continuous delivery madeContinuous delivery made
Continuous delivery mademimmozzo_
 
Windows 與 Azure 的容器旅程 @ Skilltree Day
Windows 與 Azure 的容器旅程 @ Skilltree DayWindows 與 Azure 的容器旅程 @ Skilltree Day
Windows 與 Azure 的容器旅程 @ Skilltree DayJeff Chu
 
Bgoug 2019.11 test your pl sql - not your patience
Bgoug 2019.11 test your pl sql - not your patienceBgoug 2019.11 test your pl sql - not your patience
Bgoug 2019.11 test your pl sql - not your patienceJacek Gebal
 
Deploying Drupal using Capistrano
Deploying Drupal using CapistranoDeploying Drupal using Capistrano
Deploying Drupal using CapistranoJochen Verdeyen
 
Testing the Enterprise layers, with Arquillian
Testing the Enterprise layers, with ArquillianTesting the Enterprise layers, with Arquillian
Testing the Enterprise layers, with ArquillianVirtual JBoss User Group
 
twMVC#44 如何測試與保護你的 web application with playwright
twMVC#44 如何測試與保護你的 web application with playwrighttwMVC#44 如何測試與保護你的 web application with playwright
twMVC#44 如何測試與保護你的 web application with playwrighttwMVC
 
OpenMRS RegaDB Integration
OpenMRS RegaDB IntegrationOpenMRS RegaDB Integration
OpenMRS RegaDB Integrationaniketha katakam
 
Spring Boot—Production Boost
Spring Boot—Production BoostSpring Boot—Production Boost
Spring Boot—Production BoostVMware Tanzu
 
Its easy! contributing to open source - Devnexus 2020
Its easy! contributing to open source - Devnexus 2020Its easy! contributing to open source - Devnexus 2020
Its easy! contributing to open source - Devnexus 2020César Hernández
 
Ultimate Survival - React-Native edition
Ultimate Survival - React-Native editionUltimate Survival - React-Native edition
Ultimate Survival - React-Native editionRichard Radics
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops Chris Gates
 
Bgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudBgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudJacek Gebal
 
Intro to Ratpack (CDJDN 2015-01-22)
Intro to Ratpack (CDJDN 2015-01-22)Intro to Ratpack (CDJDN 2015-01-22)
Intro to Ratpack (CDJDN 2015-01-22)David Carr
 
How do I Write Testable Javascript so I can Test my CF API on Server and Client
How do I Write Testable Javascript so I can Test my CF API on Server and ClientHow do I Write Testable Javascript so I can Test my CF API on Server and Client
How do I Write Testable Javascript so I can Test my CF API on Server and ClientColdFusionConference
 

Was ist angesagt? (20)

Salt and pepper — native code in the browser Browser using Google native Client
Salt and pepper — native code in the browser Browser using Google native ClientSalt and pepper — native code in the browser Browser using Google native Client
Salt and pepper — native code in the browser Browser using Google native Client
 
How to Use the Salesforce Suite with Drupal 8: A Quick Start Guide
How to Use the Salesforce Suite with Drupal 8: A Quick Start GuideHow to Use the Salesforce Suite with Drupal 8: A Quick Start Guide
How to Use the Salesforce Suite with Drupal 8: A Quick Start Guide
 
Lightning talk: 12 Factor Containers
Lightning talk: 12 Factor ContainersLightning talk: 12 Factor Containers
Lightning talk: 12 Factor Containers
 
Pitfalls in Performance Testing AxxesCC 06/2015
Pitfalls in Performance Testing AxxesCC 06/2015Pitfalls in Performance Testing AxxesCC 06/2015
Pitfalls in Performance Testing AxxesCC 06/2015
 
Continuous delivery made
Continuous delivery madeContinuous delivery made
Continuous delivery made
 
Windows 與 Azure 的容器旅程 @ Skilltree Day
Windows 與 Azure 的容器旅程 @ Skilltree DayWindows 與 Azure 的容器旅程 @ Skilltree Day
Windows 與 Azure 的容器旅程 @ Skilltree Day
 
Bgoug 2019.11 test your pl sql - not your patience
Bgoug 2019.11 test your pl sql - not your patienceBgoug 2019.11 test your pl sql - not your patience
Bgoug 2019.11 test your pl sql - not your patience
 
Deploying Drupal using Capistrano
Deploying Drupal using CapistranoDeploying Drupal using Capistrano
Deploying Drupal using Capistrano
 
Testing the Enterprise layers, with Arquillian
Testing the Enterprise layers, with ArquillianTesting the Enterprise layers, with Arquillian
Testing the Enterprise layers, with Arquillian
 
twMVC#44 如何測試與保護你的 web application with playwright
twMVC#44 如何測試與保護你的 web application with playwrighttwMVC#44 如何測試與保護你的 web application with playwright
twMVC#44 如何測試與保護你的 web application with playwright
 
OpenMRS RegaDB Integration
OpenMRS RegaDB IntegrationOpenMRS RegaDB Integration
OpenMRS RegaDB Integration
 
Spring Boot—Production Boost
Spring Boot—Production BoostSpring Boot—Production Boost
Spring Boot—Production Boost
 
XWiki Aquarium Paris
XWiki Aquarium ParisXWiki Aquarium Paris
XWiki Aquarium Paris
 
Its easy! contributing to open source - Devnexus 2020
Its easy! contributing to open source - Devnexus 2020Its easy! contributing to open source - Devnexus 2020
Its easy! contributing to open source - Devnexus 2020
 
Ultimate Survival - React-Native edition
Ultimate Survival - React-Native editionUltimate Survival - React-Native edition
Ultimate Survival - React-Native edition
 
LasCon 2014 DevOoops
LasCon 2014 DevOoops LasCon 2014 DevOoops
LasCon 2014 DevOoops
 
Breaking the monolith
Breaking the monolithBreaking the monolith
Breaking the monolith
 
Bgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloudBgoug 2019.11 building free, open-source, plsql products in cloud
Bgoug 2019.11 building free, open-source, plsql products in cloud
 
Intro to Ratpack (CDJDN 2015-01-22)
Intro to Ratpack (CDJDN 2015-01-22)Intro to Ratpack (CDJDN 2015-01-22)
Intro to Ratpack (CDJDN 2015-01-22)
 
How do I Write Testable Javascript so I can Test my CF API on Server and Client
How do I Write Testable Javascript so I can Test my CF API on Server and ClientHow do I Write Testable Javascript so I can Test my CF API on Server and Client
How do I Write Testable Javascript so I can Test my CF API on Server and Client
 

Andere mochten auch

DevOps and Magento
DevOps and MagentoDevOps and Magento
DevOps and MagentoAarno Aukia
 
Mansel james life description-2
Mansel james life description-2Mansel james life description-2
Mansel james life description-2Grant Mansel-James
 
Carmen Queiroz - Vai Trabalhar
Carmen Queiroz - Vai TrabalharCarmen Queiroz - Vai Trabalhar
Carmen Queiroz - Vai TrabalharCarmen Queiroz
 
12092329 1720061224888391 1552226939_n_1_
12092329 1720061224888391 1552226939_n_1_12092329 1720061224888391 1552226939_n_1_
12092329 1720061224888391 1552226939_n_1_valeriagonzalez123
 
David Phelan CV April 2015
David Phelan CV April 2015David Phelan CV April 2015
David Phelan CV April 2015David Phelan
 
Sandeep Kumar Yarlagadda_Professional Resume
Sandeep Kumar Yarlagadda_Professional ResumeSandeep Kumar Yarlagadda_Professional Resume
Sandeep Kumar Yarlagadda_Professional Resumesandeep kumar yarlagadda
 
James D Brown's Resume
James D Brown's ResumeJames D Brown's Resume
James D Brown's ResumeJames Brown
 
Leveraging Social Media For Business
Leveraging Social Media For BusinessLeveraging Social Media For Business
Leveraging Social Media For BusinessJay Deragon
 
Propaganda wwii
Propaganda wwiiPropaganda wwii
Propaganda wwiidgnadt
 
From 0 to cloud in 60 seconds
From 0 to cloud in 60 secondsFrom 0 to cloud in 60 seconds
From 0 to cloud in 60 secondsAarno Aukia
 

Andere mochten auch (20)

DevOps and Magento
DevOps and MagentoDevOps and Magento
DevOps and Magento
 
Ficha32
Ficha32Ficha32
Ficha32
 
Mansel james life description-2
Mansel james life description-2Mansel james life description-2
Mansel james life description-2
 
Carmen Queiroz - Vai Trabalhar
Carmen Queiroz - Vai TrabalharCarmen Queiroz - Vai Trabalhar
Carmen Queiroz - Vai Trabalhar
 
Informe 100 dias 2016.
Informe 100 dias 2016.Informe 100 dias 2016.
Informe 100 dias 2016.
 
Makin corporation
Makin corporationMakin corporation
Makin corporation
 
01 vocales
01 vocales01 vocales
01 vocales
 
Ficha124
Ficha124Ficha124
Ficha124
 
12092329 1720061224888391 1552226939_n_1_
12092329 1720061224888391 1552226939_n_1_12092329 1720061224888391 1552226939_n_1_
12092329 1720061224888391 1552226939_n_1_
 
David Phelan CV April 2015
David Phelan CV April 2015David Phelan CV April 2015
David Phelan CV April 2015
 
Sandeep Kumar Yarlagadda_Professional Resume
Sandeep Kumar Yarlagadda_Professional ResumeSandeep Kumar Yarlagadda_Professional Resume
Sandeep Kumar Yarlagadda_Professional Resume
 
El poema
El poemaEl poema
El poema
 
James D Brown's Resume
James D Brown's ResumeJames D Brown's Resume
James D Brown's Resume
 
Vegan diet
Vegan dietVegan diet
Vegan diet
 
De 5 hoofdklimaten
De 5 hoofdklimatenDe 5 hoofdklimaten
De 5 hoofdklimaten
 
Leveraging Social Media For Business
Leveraging Social Media For BusinessLeveraging Social Media For Business
Leveraging Social Media For Business
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Propaganda wwii
Propaganda wwiiPropaganda wwii
Propaganda wwii
 
Anti littering lesson
Anti littering lessonAnti littering lesson
Anti littering lesson
 
From 0 to cloud in 60 seconds
From 0 to cloud in 60 secondsFrom 0 to cloud in 60 seconds
From 0 to cloud in 60 seconds
 

Ähnlich wie Securing DevOps

DevConf 2017 - Realistic Container Platform Simulations
DevConf 2017 - Realistic Container Platform SimulationsDevConf 2017 - Realistic Container Platform Simulations
DevConf 2017 - Realistic Container Platform SimulationsJeremy Eder
 
Cloud Native Development
Cloud Native DevelopmentCloud Native Development
Cloud Native DevelopmentManuel Garcia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOpsAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineAarno Aukia
 
Pivotal Cloud Foundry 2.6: A First Look
Pivotal Cloud Foundry 2.6: A First LookPivotal Cloud Foundry 2.6: A First Look
Pivotal Cloud Foundry 2.6: A First LookVMware Tanzu
 
Continuous delivery with jenkins pipelines (@devfest Vienna)
Continuous delivery with jenkins pipelines (@devfest Vienna)Continuous delivery with jenkins pipelines (@devfest Vienna)
Continuous delivery with jenkins pipelines (@devfest Vienna)Roman Pickl
 
Pivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformPivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformRonak Banka
 
Deep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatDeep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatSean Cohen
 
Deep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatDeep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatCloud Native Day Tel Aviv
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps processAarno Aukia
 
Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013Arthur Berezin
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...OpenWhisk
 
Meetup Openshift Geneva 03/10
Meetup Openshift Geneva 03/10Meetup Openshift Geneva 03/10
Meetup Openshift Geneva 03/10MagaliDavidCruz
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...OpenShift Origin
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Digicomp Academy AG
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container PlattformsAarno Aukia
 
Pivotal Cloud Foundry 2.1: Making Transformation Real Webinar
Pivotal Cloud Foundry 2.1: Making Transformation Real WebinarPivotal Cloud Foundry 2.1: Making Transformation Real Webinar
Pivotal Cloud Foundry 2.1: Making Transformation Real WebinarVMware Tanzu
 

Ähnlich wie Securing DevOps (20)

DevConf 2017 - Realistic Container Platform Simulations
DevConf 2017 - Realistic Container Platform SimulationsDevConf 2017 - Realistic Container Platform Simulations
DevConf 2017 - Realistic Container Platform Simulations
 
Cloud Native Development
Cloud Native DevelopmentCloud Native Development
Cloud Native Development
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps - Security in DevOps
DevSecOps - Security in DevOpsDevSecOps - Security in DevOps
DevSecOps - Security in DevOps
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
Pivotal Cloud Foundry 2.6: A First Look
Pivotal Cloud Foundry 2.6: A First LookPivotal Cloud Foundry 2.6: A First Look
Pivotal Cloud Foundry 2.6: A First Look
 
Continuous delivery with jenkins pipelines (@devfest Vienna)
Continuous delivery with jenkins pipelines (@devfest Vienna)Continuous delivery with jenkins pipelines (@devfest Vienna)
Continuous delivery with jenkins pipelines (@devfest Vienna)
 
Pivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platformPivotal CloudFoundry on Google cloud platform
Pivotal CloudFoundry on Google cloud platform
 
Deep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red HatDeep dive into OpenStack storage, Sean Cohen, Red Hat
Deep dive into OpenStack storage, Sean Cohen, Red Hat
 
Deep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red HatDeep Dive into Openstack Storage, Sean Cohen, Red Hat
Deep Dive into Openstack Storage, Sean Cohen, Red Hat
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps process
 
Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013
 
Cloud-Native .NET
Cloud-Native .NETCloud-Native .NET
Cloud-Native .NET
 
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...
 
Meetup Openshift Geneva 03/10
Meetup Openshift Geneva 03/10Meetup Openshift Geneva 03/10
Meetup Openshift Geneva 03/10
 
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
Extending OpenShift Origin: Build Your Own Cartridge with Bill DeCoste of Red...
 
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
Swiss IPv6 Council – Case Study - Deployment von IPv6 in einer Container Plat...
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container Plattforms
 
Pivotal Cloud Foundry 2.1: Making Transformation Real Webinar
Pivotal Cloud Foundry 2.1: Making Transformation Real WebinarPivotal Cloud Foundry 2.1: Making Transformation Real Webinar
Pivotal Cloud Foundry 2.1: Making Transformation Real Webinar
 

Mehr von Aarno Aukia

Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudAarno Aukia
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookAarno Aukia
 
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudAarno Aukia
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Aarno Aukia
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloudAarno Aukia
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Aarno Aukia
 
Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 RecapAarno Aukia
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsAarno Aukia
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAarno Aukia
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftAarno Aukia
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Aarno Aukia
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesAarno Aukia
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloudAarno Aukia
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die CloudAarno Aukia
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOpsAarno Aukia
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native ComputingAarno Aukia
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Aarno Aukia
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chAarno Aukia
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceAarno Aukia
 

Mehr von Aarno Aukia (20)

Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der Cloud
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN Handbook
 
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloud
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
 
Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 Recap
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platforms
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, Kubernetes
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloud
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die Cloud
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOps
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native Computing
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open source
 

Kürzlich hochgeladen

General Elections Final Press Noteas per M
General Elections Final Press Noteas per MGeneral Elections Final Press Noteas per M
General Elections Final Press Noteas per MVidyaAdsule1
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMCharmi13
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRsarwankumar4524
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRachelAnnTenibroAmaz
 
proposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeegerproposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeegerkumenegertelayegrama
 
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxEngaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxAsifArshad8
 
Internship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SEInternship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SESaleh Ibne Omar
 
Application of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptxApplication of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptxRoquia Salam
 
cse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber securitycse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber securitysandeepnani2260
 
A Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air CoolerA Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air Coolerenquirieskenstar
 
GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024GESCO SE
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxogubuikealex
 
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunityDon't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunityApp Ethena
 
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Sebastiano Panichella
 
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptxerickamwana1
 

Kürzlich hochgeladen (17)

General Elections Final Press Noteas per M
General Elections Final Press Noteas per MGeneral Elections Final Press Noteas per M
General Elections Final Press Noteas per M
 
Quality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEMQuality by design.. ppt for RA (1ST SEM
Quality by design.. ppt for RA (1ST SEM
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
 
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRRINDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
INDIAN GCP GUIDELINE. for Regulatory affair 1st sem CRR
 
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATIONRACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
RACHEL-ANN M. TENIBRO PRODUCT RESEARCH PRESENTATION
 
proposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeegerproposal kumeneger edited.docx A kumeeger
proposal kumeneger edited.docx A kumeeger
 
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptxEngaging Eid Ul Fitr Presentation for Kindergartners.pptx
Engaging Eid Ul Fitr Presentation for Kindergartners.pptx
 
Internship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SEInternship Presentation | PPT | CSE | SE
Internship Presentation | PPT | CSE | SE
 
Application of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptxApplication of GIS in Landslide Disaster Response.pptx
Application of GIS in Landslide Disaster Response.pptx
 
cse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber securitycse-csp batch4 review-1.1.pptx cyber security
cse-csp batch4 review-1.1.pptx cyber security
 
A Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air CoolerA Guide to Choosing the Ideal Air Cooler
A Guide to Choosing the Ideal Air Cooler
 
GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024GESCO SE Press and Analyst Conference on Financial Results 2024
GESCO SE Press and Analyst Conference on Financial Results 2024
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 
Chizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptxChizaram's Women Tech Makers Deck. .pptx
Chizaram's Women Tech Makers Deck. .pptx
 
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunityDon't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
Don't Miss Out: Strategies for Making the Most of the Ethena DigitalOpportunity
 
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
 
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
05.02 MMC - Assignment 4 - Image Attribution Lovepreet.pptx
 

Securing DevOps

  • 1. SecDevOps securing DevOps Area41 10.6.2016 Zürich Aarno Aukia VSHN AG - The DevOps Company
  • 2. 10.6.2016 VSHN AG | http://vshn.ch 2 About me ● MSc Computer Science ETH ● Security Operations @ Google ● Co-Founder & CTO @ Atrila (Security Operations) ● Co-Founder & CTO @ VSHN (DevOps) ● Spare Time: Event Networks/WiFi at Area41 ● @aarnoaukia ● http://about.me/aarno
  • 3. 10.6.2016 VSHN AG | http://vshn.ch 3 Agenda ● DevOps ? ● Where is the security ? ● Customer example 1 ● Customer example 2 ● Discussion
  • 4. 10.6.2016 VSHN AG | http://vshn.ch 4 DevOps? ● Collaboration: Development (Dev) and Operations (Ops) ● Bring agile software engineering methods to operations – Automation: infrastructure as a code, versioning/rollback – Testing: continuous integration/testing/deployment ● Bring operations engineering experience to developers – Scalability: independent microservices – Production insight: monitoring/logging/metrics ● Together: make the application's owner happier
  • 5. 10.6.2016 VSHN AG | http://vshn.ch 5 Dev + Ops collaboration ● Bring together Developers & Operations ● Practice agile Operations Engineering ● Counter fear of change with (automated) testing ● Provide developer and development infrastructure – Tools for developers, preferably self-served
  • 6. 10.6.2016 VSHN AG | http://vshn.ch 6 Infrastructure as code ● Change from hand-groomed servers to Operations Engineering (from pets to cattle) ● Speed & reliability ● Versioning & rollback ● Prerequisite for self-service – Give each developer a full stack – No manual changes in production – As many testing instances as needed
  • 7. 10.6.2016 VSHN AG | http://vshn.ch 7 Infrastructure tools ● Packaging code & dependencies for atomic deployment/rollback – Deb/rpm, Docker ● Infrastructure state management (configuration mgmt) – Puppet, Salt, Chef, Ansible ● Continuous Integration/Testing/Deployment – Jenkins/TravisCI/GitlabCI/Atlassian Bamboo ● Self-Service – Vagrant/Docker or through Continuous Deployment
  • 8. 10.6.2016 VSHN AG | http://vshn.ch 8 Infrastructure testing ● Bring software engineering best practice to operations ● Large complex infrastructure (as code) → many moving parts – Unit testing each module (webserver setup, database setup, cache setup, etc) – Functional end-to-end testing of full stack (request to cache delivers content from database) ● Basically the same thing as production service monitoring but for each change
  • 9. 10.6.2016 VSHN AG | http://vshn.ch 9 Infrastructure feedback ● Collect all logs in ELK (Elasticsearch, Logstash & Kibana) – Let the developers search for prod error root cause – No sudo/root access to production needed – Added value: merged & indexed ● Collect Server & Application Metrics – Correlate with deployments & site traffic
  • 10. 10.6.2016 VSHN AG | http://vshn.ch 10 Software Delivery Automation
  • 11. 10.6.2016 VSHN AG | http://vshn.ch 11 Where is the security ?
  • 12. 10.6.2016 VSHN AG | http://vshn.ch 12 Developers ● Duh! ● Education, education, education ● Concept/architecture/code audits ● Use proven libraries ● ...
  • 13. 10.6.2016 VSHN AG | http://vshn.ch 13 Configuration management ● Declare target state ● Enforce state every x minutes, e.g. 15min ● Establish baseline system security – Services enabled/disabled – System (admin) users, groups, keys, hashes, sudoers – AAA (AD/LDAP) for 'normal users' – Host firewall (e.g. iptables) – Installed software
  • 14. 10.6.2016 VSHN AG | http://vshn.ch 14 Logging ● Audit logging (who changed what when) ● Application/request log ● As WORM as feasible for the customer – Generally read-only for 'normal users' – Restricted admin access ● ELK-Stack – Transport, parsing, ingest: Logstash – Storage & Indexing: Elasticsearch – Querying & Dashboard: Kibana
  • 15. 10.6.2016 VSHN AG | http://vshn.ch 15 Service Monitoring ● Layer 7: HTTP, SMTP, etc ● Layer 6: SSL, certificates, protocols, ciphers, etc ● System parameters ● Updates ● Backup ● Tool: Icinga2
  • 16. 10.6.2016 VSHN AG | http://vshn.ch 16 Backup ● As WORM as feasible – Restricted admin access, no access for customer staf – Only new data can be pushed ● Servers are enrolled automatically by configuration management – Enforcing the backup target will not be in the same location/infrastructure ● Data encrypted at source server using multiple keys ● Control connections use SSL/TLS ● Continuously monitored, regularly restore-tested
  • 17. 10.6.2016 VSHN AG | http://vshn.ch 17 Version Management ● Everything is in version management = GIT – Customer code – Configuration management code & config ● Changes/commits feed into audit log ● Shared or dedicated service – Shared: github.com, bitbucket.com, gitlab.com – Dedicated: Atlassian Bitbucket, Gitlab ● AAA through AD/LDAP ● Since all Devs have offline copies: no credentials in code !
  • 18. 10.6.2016 VSHN AG | http://vshn.ch 18 Continuous integration ● Trigger Build/Package/Test/Deploy on each commit – Targets configurable per repository, branch, tag – Manual 'promote' e.g. of production release – Feed into audit log – Store completed build/package artifacts ● Artifactory ● (private) docker registry ● Deb/RPM repository ● Feed back status to Git-GUI, dashboard, monitoring ● AAA through AD/LDAP
  • 19. 10.6.2016 VSHN AG | http://vshn.ch 19 Automated testing ● All code is tested automatically – Customer code – Config management code & parameters ● Testing depth depends on customer... – Syntax, coding style (lint), static code analysis – Unit tests ● 'Does this module do what it is supposed to do?' – Functional tests ● 'Does the application behave correctly end-to-end?' ● detect changes in nikto/sqlmap output ?
  • 20. 10.6.2016 VSHN AG | http://vshn.ch 20 Databases & Backends ● Growing list of 'standard software' needed as backends for customer applications – MySQL/MariaDB/Galera/MaxScale, PostgreSQL, Redis, MongoDB, RabbitMQ, Memcached, Solr, Elasticsearch, NFS/DRBD, Ceph ● All services automatically deployed by configuration management ● Provide each service with sane config, clustering, credential management, firewall config, backup config, monitoring config
  • 21. 10.6.2016 VSHN AG | http://vshn.ch 21 Web & Application Servers ● Growing list of application servers – PHP, Python, Ruby, Java/Tomcat, Java/Wildfly, Java/Play, Coldfusion, Docker ● Provide each service with sane config, firewall config, backup config, monitoring config ● Provide backend credentials through environment variables – http://12factor.net ● Other standard components: – Apache, Nginx, Varnish, mod_security, HAproxy, OpenVPN, iptables, pacemaker, keepalived
  • 22. 10.6.2016 VSHN AG | http://vshn.ch 22 Customer case 1 ● Server stack (Puppet) – Nginx, Varnish – PHP versions 5.6 and 7 – MySQL/MariaDB-Galera-Cluster – Memcached/Redis/Solr/Elasticsearch ● Application Deployment/update (Ansible/SSH) ● Bundle know-how (settings, tunings, etc.) in common module, override if necessary per customer through YAML-File in Git- Repository ● Docker image for local testing/developing
  • 23. 10.6.2016 VSHN AG | http://vshn.ch 23 Case1
  • 24. 10.6.2016 VSHN AG | http://vshn.ch 24 Customer case 2 ● OpenShift: PaaS Plattform as a Service ● Docker, Kubernetes (Google), Openshift (Redhat) ● 100% Opensource, enterprise support available ● Swiss public PaaS: appuio.ch ● EU/US public: AWS ● Dedicated/private available worldwide – AWS – Enterprise on-premises
  • 25. 10.6.2016 VSHN AG | http://vshn.ch 25 OpenShift
  • 26. 10.6.2016 VSHN AG | http://vshn.ch 26 About VSHN ● Swiss DevOps & Ops Company, 17 people in Zürich ● Building the tools and workflows for self-service ● Managing web applications in any cloud – We are cloud-agnostic: we run on AWS, MSA, GCE, DO, Hetzner, OVH, SafeSwissCloud, Cloudscale, Exoscale and on any on-premises Enterprise private cloud ● We work for Amazee Labs, Liip, Mercedes Benz Switzerland,Migros, SaltCinema, SIX Group, Sherpany, Sobrado, Starticket, Suisa, Taskfleet, zurichopenair.ch, etc. ● How can we help YOU?
  • 27. 10.6.2016 VSHN AG | http://vshn.ch 28 Thanks ● Questions ? ● We're hiring System and Software Engineers @vshn_ch ! ● Get in touch with @aarnoaukia, @tobruzh or @vshnemanuel