SlideShare ist ein Scribd-Unternehmen logo

Agile Network India | DevSecOps - The What and the Why | Ritesh Shregill

•
•
A
AgileNetwork

Agile Network India | DevSecOps - The What and the Why by Ritesh Shregill

Software
1 von 25
DEVSECOPS IT’S A CULTURE
THE WHY? The Ashley Madison Hack – Zero day exploit used to gain Server root access $30 Million in fines, legal fees, settlements etc. Users are being blackmailed to this day by hackers who stole their data The Sony hack – Worm attacks through email attachments $8 Million in remuneration to employees apart from loss of revenue due to leaked movies The linkedin hack – Web crawlers scraped data from the website 700 Million linked in users’ data posted online. Users targeted by spam emails, scamsters and identity theft. A total number of 110, 54 and 59 Indian Central Ministries, Departments and State Government sites have been hacked during the year 2018, 2019 and 2020, respectively Around 3.7 Lakh Crore lost due to Cybercrimes in India since the year 2019
HACKERS ONLY NEED TO SUCCEED ONCE DEFENDERS NEED TO SUCCEED EVERYTIME
THE PROBLEM
PASSING THE BUCK
THE RUSH TO DELIVER
TAKING SHORTCUTS Intercepts the call to the server curl -X GET 'http://localhost:8080/a ccounts/abc%27%20or%20%2 71%27=%271’ select customer_id, acc_number,branch_id, balance from Accounts where customerId = 'abc' or '1' = '1' GETS ALL THE CUTOMER DATA
CONSEQUENCES • Loss of client confidence • Loss of business • Potential lawsuits • Negative press • Mounting losses • Catastrophe
THE WHAT?
THREAT MODELLING • Identify threats early • Identify attack surfaces and vulnerabilities • Address them early • Test regularly • Release a quality secure product • Eat pizza
THE ATTACK SURFACE CHECKLIST • OWASP Top 10 - https://owasp.org/www-project-top-ten/ The OWASP top 10 list is constantly updated and is a list compiled from observations around the most critical aspects of web applications that can be vulnerable to be exploited by hackers. • MITRE ATT&CK Matrix - https://attack.mitre.org/ The ATT&CK Matrix is a comprehensive checklist based on analysis and real time observation of tools in the areas of Private Sector organizations, Government agencies, Cybersecurity firms and Community contributions.
THE HOW?
THE LEFT SHIFT Traditional The shiny new pipeline
TOOLS THAT HELP • SAST – Analyze at rest • Gitlab • Fortify • Bandit(Python) • Eslint(Javascript) • IAST – Analyze at run (Intrusively) • Acutenix • Snyk • DAST – Analyze at run (Agnostically) • ZAP(Zed Attack Proxy) • Burp suite
SAMPLE DAST ANALYSIS
RED TEAMING AND BAS TOOLS • Form ethical hacking teams to exploit the entire attack surface • Breach and Attack simulation tools automatically simulate real threats and analyse how an attack can spread on successful penetration BAS tools: • AttackIQ • Cymulate • FireEye
CART – CONTINUOUS AUTOMATED RED TEAMING • Automates red teaming by finding attack surface automatically and runs a full gamut of penetration tests against the attack surface • Launches multi-stage attacks to simulate real time attacks • Uses outside in approach and does not require hardware or software to be installed on premises Tools: FireCompass (Most widely used and adopted) Atomic Red Team + Swimlane SOAR
CONS OF BAS AND CART TOOLS Cons: • Lots of manual time and effort involved in simulating tests and exploring attack surfaces • Expensive • Requires on premises installation of software and technical knowhow • Predominantly provided by third party vendors • Cannot be run against live production servers as they can be disruptive
FORMULA FOR SUCCESS AGILE + DEV + OPS + SEC + MICROSERVICES TEAM
WHY MICROSERVICES? • Containers can be shared around so everyone is working on the same environment • Multiple environments can be used as sandboxes for dev/uat/pocs/chaos testing, etc • Canary deployments • SAST against pipelines, DAST against Containers and BAS against Kubernetes clusters / Service Mesh
REDUCING ATTACK SURFACES • Small apps smaller concerns • Focus is on continuous testing, continuous patching • Fewer tests to be executed as code base is small • Re-engineering and re-architecting is a smaller effort in case design breaking vulnerabilities are exposed • Better management of priorities
BEST PRACTICES • MFA and access controls • Session and cookie hygiene • Common Attack Matrix generated from SAST, DAST and BAS tools • Encryption at rest – Database encryption, Storage Encryption • Encryption in transit – HTTPS, SSL, TLS, FTPS, IP Whitelisting • Password Vault services • Authentication and Authorization as a service • Active traffic monitoring to uncover anomalous system access • CDNs and robust edge servers
Q&A

Empfohlen

Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021Archana Joshi
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationVMware Tanzu
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsabhimanyubhogwan
 
DevSecOps, The Good, Bad, and Ugly
DevSecOps, The Good, Bad, and UglyDevSecOps, The Good, Bad, and Ugly
DevSecOps, The Good, Bad, and Ugly4ndersonLin
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecopsVeritis Group, Inc
 

Empfohlen

Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021Archana Joshi
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationVMware Tanzu
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsabhimanyubhogwan
 
DevSecOps, The Good, Bad, and Ugly
DevSecOps, The Good, Bad, and UglyDevSecOps, The Good, Bad, and Ugly
DevSecOps, The Good, Bad, and Ugly4ndersonLin
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 
A journey from dev ops to devsecops
A journey from dev ops to devsecopsA journey from dev ops to devsecops
A journey from dev ops to devsecopsVeritis Group, Inc
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsJoel Divekar
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsUlf Mattsson
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Stefan Streichsbier
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...Franklin Mosley
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonDevSecCon
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan
 
DevSecOps Everything You Need To Know
DevSecOps Everything You Need To KnowDevSecOps Everything You Need To Know
DevSecOps Everything You Need To KnowCentextech
 
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskInnocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskWhiteSource
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy AntonDevSecCon
 
Chaos engineering for cloud native security
Chaos engineering for cloud native securityChaos engineering for cloud native security
Chaos engineering for cloud native securityKennedy
 
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Sohini Mukherjee
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityKevin Fealey
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorjtmelton
 
DevSecOps for you Full Stack
DevSecOps for you Full StackDevSecOps for you Full Stack
DevSecOps for you Full StackRon Nixon
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 

Weitere ähnliche Inhalte

Was ist angesagt?

CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsUlf Mattsson
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Stefan Streichsbier
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...Franklin Mosley
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonDevSecCon
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan
 
DevSecOps Everything You Need To Know
DevSecOps Everything You Need To KnowDevSecOps Everything You Need To Know
DevSecOps Everything You Need To KnowCentextech
 
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskInnocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskWhiteSource
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy AntonDevSecCon
 
Chaos engineering for cloud native security
Chaos engineering for cloud native securityChaos engineering for cloud native security
Chaos engineering for cloud native securityKennedy
 
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Sohini Mukherjee
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityKevin Fealey
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorjtmelton
 
DevSecOps for you Full Stack
DevSecOps for you Full StackDevSecOps for you Full Stack
DevSecOps for you Full StackRon Nixon
 

Was ist angesagt? (20)

DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCICI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOps
 
Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016Application Security at DevOps Speed - DevOpsDays Singapore 2016
Application Security at DevOps Speed - DevOpsDays Singapore 2016
 
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
The Security Pro's Guide to DevSecOps: How to Get Developers To Write Secure ...
 
Elizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unisonElizabeth Lawler - Devops, security, and compliance working in unison
Elizabeth Lawler - Devops, security, and compliance working in unison
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
 
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?
 
DevSecOps Everything You Need To Know
DevSecOps Everything You Need To KnowDevSecOps Everything You Need To Know
DevSecOps Everything You Need To Know
 
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your RiskInnocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
The path of secure software by Katy Anton
The path of secure software by Katy AntonThe path of secure software by Katy Anton
The path of secure software by Katy Anton
 
Chaos engineering for cloud native security
Chaos engineering for cloud native securityChaos engineering for cloud native security
Chaos engineering for cloud native security
 
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
Leveraging Osquery for DFIR @ Scale _BSidesSF_2020
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
 
AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorAllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensor
 
DevSecOps for you Full Stack
DevSecOps for you Full StackDevSecOps for you Full Stack
DevSecOps for you Full Stack
 

Ă„hnlich wie Agile Network India | DevSecOps - The What and the Why | Ritesh Shregill

Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trendsbeched
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar GanievOWASP Russia
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityLarry Ball
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityImperva Incapsula
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp dotnetcode
 
Web Security
Web SecurityWeb Security
Web SecurityAli Habeeb
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIsđź’» Javier Garza
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012DaveEdwards12
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013tmd800
 

Ă„hnlich wie Agile Network India | DevSecOps - The What and the Why | Ritesh Shregill (20)

Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Owasp web application security trends
Owasp web application security trendsOwasp web application security trends
Owasp web application security trends
 
[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev[2.1] Web application Security Trends - Omar Ganiev
[2.1] Web application Security Trends - Omar Ganiev
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
EISA Considerations for Web Application Security
EISA Considerations for Web Application SecurityEISA Considerations for Web Application Security
EISA Considerations for Web Application Security
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application SecurityA DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Meetup DotNetCode Owasp
Meetup DotNetCode Owasp Meetup DotNetCode Owasp
Meetup DotNetCode Owasp
 
Web Security
Web SecurityWeb Security
Web Security
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
Top Application Security Trends of 2012
Top Application Security Trends of 2012Top Application Security Trends of 2012
Top Application Security Trends of 2012
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
 

Mehr von AgileNetwork

ANIn Pune April 2024 |L&D Accelerating business growth by Mukta Nalke
ANIn Pune April 2024 |L&D Accelerating business growth by Mukta NalkeANIn Pune April 2024 |L&D Accelerating business growth by Mukta Nalke
ANIn Pune April 2024 |L&D Accelerating business growth by Mukta NalkeAgileNetwork
 
ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...
ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...
ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...AgileNetwork
 
ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...
ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...
ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...AgileNetwork
 
ANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna S
ANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna SANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna S
ANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna SAgileNetwork
 
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...AgileNetwork
 
ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...
ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...
ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...AgileNetwork
 
ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...
ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...
ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...AgileNetwork
 
ANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh Mehta
ANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh MehtaANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh Mehta
ANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh MehtaAgileNetwork
 
ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...
ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...
ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...AgileNetwork
 
ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...
ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...
ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...AgileNetwork
 
ANIn Coimbatore May 2023 | Agile and Beyond by Nithya Sitharam
ANIn Coimbatore May 2023 | Agile and Beyond by Nithya SitharamANIn Coimbatore May 2023 | Agile and Beyond by Nithya Sitharam
ANIn Coimbatore May 2023 | Agile and Beyond by Nithya SitharamAgileNetwork
 
ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...
ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...
ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...AgileNetwork
 
ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...
ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...
ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...AgileNetwork
 
ANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TS
ANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TSANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TS
ANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TSAgileNetwork
 
ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...
ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...
ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...AgileNetwork
 
ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...
ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...
ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...AgileNetwork
 
ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...
ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...
ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...AgileNetwork
 
ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...
ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...
ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...AgileNetwork
 
ANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit Shah
ANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit ShahANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit Shah
ANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit ShahAgileNetwork
 
ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...
ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...
ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...AgileNetwork
 

Mehr von AgileNetwork (20)

ANIn Pune April 2024 |L&D Accelerating business growth by Mukta Nalke
ANIn Pune April 2024 |L&D Accelerating business growth by Mukta NalkeANIn Pune April 2024 |L&D Accelerating business growth by Mukta Nalke
ANIn Pune April 2024 |L&D Accelerating business growth by Mukta Nalke
 
ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...
ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...
ANIn Pune April 2024 | Meeting Modern Learning Needs with Innovation by Ankit...
 
ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...
ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...
ANIn Ahmedabad April 2024 | Powering Big Wins with Small, Agile Teams by Yoge...
 
ANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna S
ANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna SANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna S
ANIn Coimbatore March 2024 | Unlocking Agility with Gen AI by Balaprasanna S
 
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
ANIn Coimbatore March 2024 | Agile & AI in Project Management by Dhilipkumar ...
 
ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...
ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...
ANIn Chennai March 2024 |Conversational AI for Agility in Healthcare by Shine...
 
ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...
ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...
ANIn Chennai March 2024 |Oxygenating AI ecosystem with Agility by Gowtham Bal...
 
ANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh Mehta
ANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh MehtaANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh Mehta
ANIn Ahmedabad March 2024 | The Power of Retrospection by Rakesh Mehta
 
ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...
ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...
ANIn Pune March 2024 | Customer Stratification for Business Growth by Manish ...
 
ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...
ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...
ANIn Coimbatore July 2023 | Business Agility in Data Science by Dr.Selvaraaju...
 
ANIn Coimbatore May 2023 | Agile and Beyond by Nithya Sitharam
ANIn Coimbatore May 2023 | Agile and Beyond by Nithya SitharamANIn Coimbatore May 2023 | Agile and Beyond by Nithya Sitharam
ANIn Coimbatore May 2023 | Agile and Beyond by Nithya Sitharam
 
ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...
ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...
ANIn Hyderabad Jun 2023 |Humanizing Agile Transformation Beyond Process and T...
 
ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...
ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...
ANIn Coimbatore Jul 2023 |The Importance of Business Agility in the Current L...
 
ANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TS
ANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TSANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TS
ANIn Chennai Jul 2023 |Technical Agility in Startups by Sudarshan TS
 
ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...
ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...
ANIn Ahmedabad Jul 2023 |Waterfall & Agile- The Mindset in building scalable ...
 
ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...
ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...
ANIn Ahmedabad March 2023 |Achieving Agility across the Enterprise by Kuldeep...
 
ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...
ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...
ANIn Ahmedabad Jul 2023 |Building Sclable Products: My personal Experience by...
 
ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...
ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...
ANIn Chennai Oct 2023 |Scaling Agile, Is Adapting Change across Enterprise by...
 
ANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit Shah
ANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit ShahANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit Shah
ANIn Pune July 2023 |Prompt Engineering and AI first SDLC by Abhijit Shah
 
ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...
ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...
ANIn Pune October 2023 |Sharing Experience in Agile Delivery by Shyamkumar Ve...
 

KĂĽrzlich hochgeladen

Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto PĂ©rez Alcolea
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorTier1 app
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdfAndrey Devyatkin
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jNeo4j
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptxVinzoCenzo
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 

KĂĽrzlich hochgeladen (20)

Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Effectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryErrorEffectively Troubleshoot 9 Types of OutOfMemoryError
Effectively Troubleshoot 9 Types of OutOfMemoryError
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
2024-04-09 - From Complexity to Clarity - AWS Summit AMS.pdf
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4jGraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
GraphSummit Madrid - Product Vision and Roadmap - Luis Salvador Neo4j
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Osi security architecture in network.pptx
Osi security architecture in network.pptxOsi security architecture in network.pptx
Osi security architecture in network.pptx
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 

Agile Network India | DevSecOps - The What and the Why | Ritesh Shregill

  • 2. THE WHY? The Ashley Madison Hack – Zero day exploit used to gain Server root access $30 Million in fines, legal fees, settlements etc. Users are being blackmailed to this day by hackers who stole their data The Sony hack – Worm attacks through email attachments $8 Million in remuneration to employees apart from loss of revenue due to leaked movies The linkedin hack – Web crawlers scraped data from the website 700 Million linked in users’ data posted online. Users targeted by spam emails, scamsters and identity theft. A total number of 110, 54 and 59 Indian Central Ministries, Departments and State Government sites have been hacked during the year 2018, 2019 and 2020, respectively Around 3.7 Lakh Crore lost due to Cybercrimes in India since the year 2019
  • 3. HACKERS ONLY NEED TO SUCCEED ONCE DEFENDERS NEED TO SUCCEED EVERYTIME
  • 6. THE RUSH TO DELIVER
  • 7. TAKING SHORTCUTS Intercepts the call to the server curl -X GET 'http://localhost:8080/a ccounts/abc%27%20or%20%2 71%27=%271’ select customer_id, acc_number,branch_id, balance from Accounts where customerId = 'abc' or '1' = '1' GETS ALL THE CUTOMER DATA
  • 8. CONSEQUENCES • Loss of client confidence • Loss of business • Potential lawsuits • Negative press • Mounting losses • Catastrophe
  • 10. THREAT MODELLING • Identify threats early • Identify attack surfaces and vulnerabilities • Address them early • Test regularly • Release a quality secure product • Eat pizza
  • 11. THE ATTACK SURFACE CHECKLIST • OWASP Top 10 - https://owasp.org/www-project-top-ten/ The OWASP top 10 list is constantly updated and is a list compiled from observations around the most critical aspects of web applications that can be vulnerable to be exploited by hackers. • MITRE ATT&CK Matrix - https://attack.mitre.org/ The ATT&CK Matrix is a comprehensive checklist based on analysis and real time observation of tools in the areas of Private Sector organizations, Government agencies, Cybersecurity firms and Community contributions.
  • 13. THE LEFT SHIFT Traditional The shiny new pipeline
  • 14. TOOLS THAT HELP • SAST – Analyze at rest • Gitlab • Fortify • Bandit(Python) • Eslint(Javascript) • IAST – Analyze at run (Intrusively) • Acutenix • Snyk • DAST – Analyze at run (Agnostically) • ZAP(Zed Attack Proxy) • Burp suite
  • 16. RED TEAMING AND BAS TOOLS • Form ethical hacking teams to exploit the entire attack surface • Breach and Attack simulation tools automatically simulate real threats and analyse how an attack can spread on successful penetration BAS tools: • AttackIQ • Cymulate • FireEye
  • 17. CART – CONTINUOUS AUTOMATED RED TEAMING • Automates red teaming by finding attack surface automatically and runs a full gamut of penetration tests against the attack surface • Launches multi-stage attacks to simulate real time attacks • Uses outside in approach and does not require hardware or software to be installed on premises Tools: FireCompass (Most widely used and adopted) Atomic Red Team + Swimlane SOAR
  • 18. CONS OF BAS AND CART TOOLS Cons: • Lots of manual time and effort involved in simulating tests and exploring attack surfaces • Expensive • Requires on premises installation of software and technical knowhow • Predominantly provided by third party vendors • Cannot be run against live production servers as they can be disruptive
  • 19.
  • 20.
  • 21. FORMULA FOR SUCCESS AGILE + DEV + OPS + SEC + MICROSERVICES TEAM
  • 22. WHY MICROSERVICES? • Containers can be shared around so everyone is working on the same environment • Multiple environments can be used as sandboxes for dev/uat/pocs/chaos testing, etc • Canary deployments • SAST against pipelines, DAST against Containers and BAS against Kubernetes clusters / Service Mesh
  • 23. REDUCING ATTACK SURFACES • Small apps smaller concerns • Focus is on continuous testing, continuous patching • Fewer tests to be executed as code base is small • Re-engineering and re-architecting is a smaller effort in case design breaking vulnerabilities are exposed • Better management of priorities
  • 24. BEST PRACTICES • MFA and access controls • Session and cookie hygiene • Common Attack Matrix generated from SAST, DAST and BAS tools • Encryption at rest – Database encryption, Storage Encryption • Encryption in transit – HTTPS, SSL, TLS, FTPS, IP Whitelisting • Password Vault services • Authentication and Authorization as a service • Active traffic monitoring to uncover anomalous system access • CDNs and robust edge servers
  • 25. Q&A