SlideShare a Scribd company logo

DevSecOps: Colocando segurança na esteira

Diego Gabriel Cardoso
Diego Gabriel Cardoso

This document contains a presentation about DevSecOps given by Diego Cardoso from GFT. The presentation discusses how security has traditionally been separated from development and operations in the software development lifecycle. It then outlines how DevSecOps aims to integrate security from the beginning through practices like shifting security left to earlier phases, establishing a security mindset across teams, and implementing security testing tools and processes that allow for rapid yet secure delivery. Trends discussed include the growing DevSecOps landscape and focus on topics like cloud security and compliance with data protection regulations like LGPD.

Technology
1 of 33
Download to read offline
Shaping the future of digital business 1CONFIDENTIALGFT GROUP 29/08/19 We Innovate, Transform, Deliver Agosto - 2019 UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI
• Orgulhoso Filho, Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • Trabalho na GFT (Sorocaba) • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
3GFT GROUP Shaping the future of digital business Shaping the future of digital business FORTE PRESENÇA INTERNACIONAL Escritórios em 13 países Alemanha, Brasil, Canadá, Costa Rica, França, Espanha, EUA, Inglaterra, Itália, México, Polônia, Suíça e Bélgica. FORTE PRESENÇA NACIONAL Nosso colaboradores + 800 distribuídos em nossos escritórios de Alphaville, Sorocaba e Curitiba. MODELO GLOBAL DE ENTREGA Time Global com + 5.500 colaboradores FOCO EM SERVIÇOS FINANCEIROS Receita R$ 1,8 Bi prevista de 2018 Somos uma empresa alemã de 30 anos focada na transformação digital para a indústria financeira. 29/08/2019 DIGITAL SOLUTIONS APPLICATION MANAGEMENT & OUTSOURCING CONSULTING
4GFT GROUP Shaping the future of digital business Workshops 29/08/2019 Eventos aberto para a comunidade Tech! A equipe de Technology Communities da GFT possui um time de especialistas que está sempre disseminando conteúdo através de workshops, palestras e webinar. Entre eles: Technology Workshop, CodeN’Beer, CodingDojo,TechTalk, Front- End Stand-UP Meeting, DES-Conferência Lean-Agile. Type here if add info needed for every slide
5GFT GROUP Shaping the future of digital business Vagas 29/08/2019 Mande seu currículo pra gente: Oportunidades.Brasil@gft.com Type here if add info needed for every slide facebook.com/gft.br linkedin.com/company/gft-group blog.gft.com/br www.twitter.com/gft_br @gft_tech www.gft.com/br GFT nas mídias sociais: meetup.com/pt-BR/GFT-LATAM-Meetup
Shaping the future of digital business 6CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps 3. CyberSecurity 4. LGPD 5. DevSecOps 6. OWASP 7. Trends for 2019 / 2020
Shaping the future of digital business 7CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
Shaping the future of digital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
Shaping the future of digital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
Shaping the future of digital business 10CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 11CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 12CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
Shaping the future of digital business 13CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
Shaping the future of digital business 14CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
Shaping the future of digital business 15CONFIDENTIALGFT GROUP API Management Aspects LGPD – Lei Geral de Proteção de Dados (GDPR)
Shaping the future of digital business 16CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner 2018 Source: RightScale 2018
Shaping the future of digital business 17CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner
Shaping the future of digital business 18CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #SRE #BeTransformationAgent
Shaping the future of digital business 19CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps = DevOps + Security
Shaping the future of digital business 20CONFIDENTIALGFT GROUP DevSecOps – The Evolution of Security Teams
Shaping the future of digital business 21CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Enabling evolutive security
Shaping the future of digital business 22CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software Somebody builds insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software Somebody builds insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
Shaping the future of digital business 23CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness • Secure coding training • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Top risks/vulnerabilities (OWASP) • Code contain Hard-coded secrets • 3rd party libraries have known security issues Test • SAST + DAST + RAST • Sensitive info scan • Fuzzing DevSecOps – Leading the transformation
Shaping the future of digital business 24CONFIDENTIALGFT GROUP API Management Aspects OWASP – Open Web Application Security Project Top 5 Vulnerabilities
Shaping the future of digital business 25CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
Shaping the future of digital business 26CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
Shaping the future of digital business 27CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
Shaping the future of digital business 28CONFIDENTIALGFT GROUP Trends for 2019 / 2020 #DevSecOps #SRE #BeTransformationAgent
Shaping the future of digital business 29CONFIDENTIALGFT GROUP 29/08/2019 DevOps – Landscape 2019
Shaping the future of digital business 30CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
Shaping the future of digital business 31CONFIDENTIALGFT GROUP 29/08/2019
Shaping the future of digital business 32CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2019
Shaping the future of digital business 33CONFIDENTIALGFT GROUP Agosto - 2019 We Innovate, Transform, Deliver UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI Muito Obrigado! Perguntas?

Recommended

DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
DevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteira
Diego Gabriel Cardoso
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
DevOps.com
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
 

Recommended

DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
DevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteira
Diego Gabriel Cardoso
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and How
DevOps.com
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
Robert Grupe, CSSLP CISSP PE PMP
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security Success
Puma Security, LLC
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps Pipeline
Puma Security, LLC
 
Delivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsDelivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOps
Weaveworks
 
DevOps
DevOpsDevOps
DevOps
Yoshan madhumal
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
gjdevos
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
idsecconf
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
Amazon Web Services
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
Amazon Web Services
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API VulnerabilitiesBlack and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Matt Tesauro
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
Naveen Koyi
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
Diego Gabriel Cardoso
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteira
Diego Gabriel Cardoso
 

More Related Content

What's hot

Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps Pipeline
Puma Security, LLC
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
Amazon Web Services
 
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API VulnerabilitiesBlack and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Matt Tesauro
 

What's hot (20)

Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure SuccessAppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
AppSec & DevSecOps Metrics: Key Performance Indicators (KPIs) to Measure Success
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security Success
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
 
Weaponizing Your DevOps Pipeline
Weaponizing Your DevOps PipelineWeaponizing Your DevOps Pipeline
Weaponizing Your DevOps Pipeline
 
Delivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOpsDelivering Quality at Speed with GitOps
Delivering Quality at Speed with GitOps
 
DevOps
DevOpsDevOps
DevOps
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
Pentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - AbdullahPentesting react native application for fun and profit - Abdullah
Pentesting react native application for fun and profit - Abdullah
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
CI/CD Pipeline Security: Advanced Continuous Delivery Best Practices: Securit...
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API VulnerabilitiesBlack and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
Black and Blue APIs: Attacker's and Defender's View of API Vulnerabilities
 
Ssdf nist
Ssdf nistSsdf nist
Ssdf nist
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 

Similar to DevSecOps: Colocando segurança na esteira

DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteira
Diego Gabriel Cardoso
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Getty/IO - Business Presentation 2017
Getty/IO - Business Presentation 2017Getty/IO - Business Presentation 2017
Getty/IO - Business Presentation 2017
Diogenes Buarque Ianakiara
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
Synopsys Software Integrity Group
 

Similar to DevSecOps: Colocando segurança na esteira (20)

2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteira
 
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
 
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
 
Building and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent WayBuilding and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent Way
 
Future Of DevOps Trends 2023
Future Of DevOps Trends 2023Future Of DevOps Trends 2023
Future Of DevOps Trends 2023
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Company Profile.pdf
Company Profile.pdfCompany Profile.pdf
Company Profile.pdf
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Platform governance, gestire un ecosistema di microservizi a livello enterprise
Platform governance, gestire un ecosistema di microservizi a livello enterprisePlatform governance, gestire un ecosistema di microservizi a livello enterprise
Platform governance, gestire un ecosistema di microservizi a livello enterprise
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
 
Barcelona global gathering 2020 jan21st
Barcelona global gathering 2020 jan21stBarcelona global gathering 2020 jan21st
Barcelona global gathering 2020 jan21st
 
What is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptxWhat is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptx
 
Getty/IO - Business Presentation 2017
Getty/IO - Business Presentation 2017Getty/IO - Business Presentation 2017
Getty/IO - Business Presentation 2017
 
Webinar–That is Not How This Works
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
 
BUDDY White Paper
BUDDY White PaperBUDDY White Paper
BUDDY White Paper
 
DevOps trends to look out for in 2022
DevOps trends to look out for in 2022DevOps trends to look out for in 2022
DevOps trends to look out for in 2022
 

More from Diego Gabriel Cardoso

More from Diego Gabriel Cardoso (7)

2024 Facens Semana Academica Carreira e o mercado de TI
2024 Facens Semana Academica Carreira e o mercado de TI2024 Facens Semana Academica Carreira e o mercado de TI
2024 Facens Semana Academica Carreira e o mercado de TI
 
Facens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TIFacens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TI
 
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
 
TDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean ArchitectureTDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean Architecture
 
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
 
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
 
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteiraTDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

DevSecOps: Colocando segurança na esteira

  • 1. Shaping the future of digital business 1CONFIDENTIALGFT GROUP 29/08/19 We Innovate, Transform, Deliver Agosto - 2019 UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI
  • 2. • Orgulhoso Filho, Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • Trabalho na GFT (Sorocaba) • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
  • 3. 3GFT GROUP Shaping the future of digital business Shaping the future of digital business FORTE PRESENÇA INTERNACIONAL Escritórios em 13 países Alemanha, Brasil, Canadá, Costa Rica, França, Espanha, EUA, Inglaterra, Itália, México, Polônia, Suíça e Bélgica. FORTE PRESENÇA NACIONAL Nosso colaboradores + 800 distribuídos em nossos escritórios de Alphaville, Sorocaba e Curitiba. MODELO GLOBAL DE ENTREGA Time Global com + 5.500 colaboradores FOCO EM SERVIÇOS FINANCEIROS Receita R$ 1,8 Bi prevista de 2018 Somos uma empresa alemã de 30 anos focada na transformação digital para a indústria financeira. 29/08/2019 DIGITAL SOLUTIONS APPLICATION MANAGEMENT & OUTSOURCING CONSULTING
  • 4. 4GFT GROUP Shaping the future of digital business Workshops 29/08/2019 Eventos aberto para a comunidade Tech! A equipe de Technology Communities da GFT possui um time de especialistas que está sempre disseminando conteúdo através de workshops, palestras e webinar. Entre eles: Technology Workshop, CodeN’Beer, CodingDojo,TechTalk, Front- End Stand-UP Meeting, DES-Conferência Lean-Agile. Type here if add info needed for every slide
  • 5. 5GFT GROUP Shaping the future of digital business Vagas 29/08/2019 Mande seu currículo pra gente: Oportunidades.Brasil@gft.com Type here if add info needed for every slide facebook.com/gft.br linkedin.com/company/gft-group blog.gft.com/br www.twitter.com/gft_br @gft_tech www.gft.com/br GFT nas mídias sociais: meetup.com/pt-BR/GFT-LATAM-Meetup
  • 6. Shaping the future of digital business 6CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps 3. CyberSecurity 4. LGPD 5. DevSecOps 6. OWASP 7. Trends for 2019 / 2020
  • 7. Shaping the future of digital business 7CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
  • 8. Shaping the future of digital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
  • 9. Shaping the future of digital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
  • 10. Shaping the future of digital business 10CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 11. Shaping the future of digital business 11CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 12. Shaping the future of digital business 12CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
  • 13. Shaping the future of digital business 13CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
  • 14. Shaping the future of digital business 14CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
  • 15. Shaping the future of digital business 15CONFIDENTIALGFT GROUP API Management Aspects LGPD – Lei Geral de Proteção de Dados (GDPR)
  • 16. Shaping the future of digital business 16CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner 2018 Source: RightScale 2018
  • 17. Shaping the future of digital business 17CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner
  • 18. Shaping the future of digital business 18CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #SRE #BeTransformationAgent
  • 19. Shaping the future of digital business 19CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps = DevOps + Security
  • 20. Shaping the future of digital business 20CONFIDENTIALGFT GROUP DevSecOps – The Evolution of Security Teams
  • 21. Shaping the future of digital business 21CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Enabling evolutive security
  • 22. Shaping the future of digital business 22CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software Somebody builds insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software Somebody builds insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
  • 23. Shaping the future of digital business 23CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness • Secure coding training • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Top risks/vulnerabilities (OWASP) • Code contain Hard-coded secrets • 3rd party libraries have known security issues Test • SAST + DAST + RAST • Sensitive info scan • Fuzzing DevSecOps – Leading the transformation
  • 24. Shaping the future of digital business 24CONFIDENTIALGFT GROUP API Management Aspects OWASP – Open Web Application Security Project Top 5 Vulnerabilities
  • 25. Shaping the future of digital business 25CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
  • 26. Shaping the future of digital business 26CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
  • 27. Shaping the future of digital business 27CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
  • 28. Shaping the future of digital business 28CONFIDENTIALGFT GROUP Trends for 2019 / 2020 #DevSecOps #SRE #BeTransformationAgent
  • 29. Shaping the future of digital business 29CONFIDENTIALGFT GROUP 29/08/2019 DevOps – Landscape 2019
  • 30. Shaping the future of digital business 30CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
  • 31. Shaping the future of digital business 31CONFIDENTIALGFT GROUP 29/08/2019
  • 32. Shaping the future of digital business 32CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2019
  • 33. Shaping the future of digital business 33CONFIDENTIALGFT GROUP Agosto - 2019 We Innovate, Transform, Deliver UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI Muito Obrigado! Perguntas?