DevSecOps: Colocando segurança na esteira

Diego Gabriel Cardoso
Diego Gabriel CardosoAdvisor and Cloud Solution Lead um Virtual Clarity
Shaping the future of digital business 1CONFIDENTIALGFT GROUP 29/08/19 We Innovate, Transform, Deliver Agosto - 2019 UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI
• Orgulhoso Filho, Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • Trabalho na GFT (Sorocaba) • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
3GFT GROUP Shaping the future of digital business Shaping the future of digital business FORTE PRESENÇA INTERNACIONAL Escritórios em 13 países Alemanha, Brasil, Canadá, Costa Rica, França, Espanha, EUA, Inglaterra, Itália, México, Polônia, Suíça e Bélgica. FORTE PRESENÇA NACIONAL Nosso colaboradores + 800 distribuídos em nossos escritórios de Alphaville, Sorocaba e Curitiba. MODELO GLOBAL DE ENTREGA Time Global com + 5.500 colaboradores FOCO EM SERVIÇOS FINANCEIROS Receita R$ 1,8 Bi prevista de 2018 Somos uma empresa alemã de 30 anos focada na transformação digital para a indústria financeira. 29/08/2019 DIGITAL SOLUTIONS APPLICATION MANAGEMENT & OUTSOURCING CONSULTING
4GFT GROUP Shaping the future of digital business Workshops 29/08/2019 Eventos aberto para a comunidade Tech! A equipe de Technology Communities da GFT possui um time de especialistas que está sempre disseminando conteúdo através de workshops, palestras e webinar. Entre eles: Technology Workshop, CodeN’Beer, CodingDojo,TechTalk, Front- End Stand-UP Meeting, DES-Conferência Lean-Agile. Type here if add info needed for every slide
5GFT GROUP Shaping the future of digital business Vagas 29/08/2019 Mande seu currículo pra gente: Oportunidades.Brasil@gft.com Type here if add info needed for every slide facebook.com/gft.br linkedin.com/company/gft-group blog.gft.com/br www.twitter.com/gft_br @gft_tech www.gft.com/br GFT nas mídias sociais: meetup.com/pt-BR/GFT-LATAM-Meetup
Shaping the future of digital business 6CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps 3. CyberSecurity 4. LGPD 5. DevSecOps 6. OWASP 7. Trends for 2019 / 2020
Shaping the future of digital business 7CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
Shaping the future of digital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
Shaping the future of digital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
Shaping the future of digital business 10CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 11CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 12CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
Shaping the future of digital business 13CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
Shaping the future of digital business 14CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
Shaping the future of digital business 15CONFIDENTIALGFT GROUP API Management Aspects LGPD – Lei Geral de Proteção de Dados (GDPR)
Shaping the future of digital business 16CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner 2018 Source: RightScale 2018
Shaping the future of digital business 17CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner
Shaping the future of digital business 18CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #SRE #BeTransformationAgent
Shaping the future of digital business 19CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps = DevOps + Security
Shaping the future of digital business 20CONFIDENTIALGFT GROUP DevSecOps – The Evolution of Security Teams
Shaping the future of digital business 21CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Enabling evolutive security
Shaping the future of digital business 22CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software Somebody builds insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software Somebody builds insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
Shaping the future of digital business 23CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness • Secure coding training • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Top risks/vulnerabilities (OWASP) • Code contain Hard-coded secrets • 3rd party libraries have known security issues Test • SAST + DAST + RAST • Sensitive info scan • Fuzzing DevSecOps – Leading the transformation
Shaping the future of digital business 24CONFIDENTIALGFT GROUP API Management Aspects OWASP – Open Web Application Security Project Top 5 Vulnerabilities
Shaping the future of digital business 25CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
Shaping the future of digital business 26CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
Shaping the future of digital business 27CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
Shaping the future of digital business 28CONFIDENTIALGFT GROUP Trends for 2019 / 2020 #DevSecOps #SRE #BeTransformationAgent
Shaping the future of digital business 29CONFIDENTIALGFT GROUP 29/08/2019 DevOps – Landscape 2019
Shaping the future of digital business 30CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
Shaping the future of digital business 31CONFIDENTIALGFT GROUP 29/08/2019
Shaping the future of digital business 32CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2019
Shaping the future of digital business 33CONFIDENTIALGFT GROUP Agosto - 2019 We Innovate, Transform, Deliver UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI Muito Obrigado! Perguntas?
1 von 33

DevSecOps: Colocando segurança na esteira

Downloaden Sie, um offline zu lesen
Technologie

O futuro das empresas passa pelas constantes transformações digitais e, para isso, é fundamental manter aplicações que atendam às exigências dos clientes e, sobretudo, seguras. Nesse cenário, nasceu o conceito de DevSecOps, descrevendo um conjunto de práticas para integração entre as equipes de desenvolvimento de software. Nesta palestra, entenderemos mais sobre conceitos e como aplicar DevSecOps na prática. Provocaremos discussões “saudáveis” sobre o modelo tradicional de desenvolvimento e este modelo ágil que está trazendo uma grande mudança de paradigma na construção de aplicações.

Diego Gabriel Cardoso
Diego Gabriel CardosoAdvisor and Cloud Solution Lead um Virtual Clarity

Recomendados

DevSecOps - Colocando segurança na esteira von
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDiego Gabriel Cardoso
533 views32 Folien
DevSecOps: Colocando segurança na esteira von
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
258 views29 Folien
DevSecOps: Key Controls to Modern Security Success von
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessPuma Security, LLC
1.2K views32 Folien
SonarQube: Continuous Code Inspection von
SonarQube: Continuous Code InspectionSonarQube: Continuous Code Inspection
SonarQube: Continuous Code InspectionMichael Jesse
440 views28 Folien
DevSecOps von
DevSecOpsDevSecOps
DevSecOpsSpv Reddy
1.1K views47 Folien
Track code quality with SonarQube - short version von
Track code quality with SonarQube - short versionTrack code quality with SonarQube - short version
Track code quality with SonarQube - short versionDmytro Patserkovskyi
647 views19 Folien

Más contenido relacionado

Was ist angesagt?

Cyber Security roadmap.pptx von
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptxSandeepK707540
194 views16 Folien
Security Process in DevSecOps von
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
246 views40 Folien
DevSecOps Implementation Journey von
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
460 views20 Folien
DevSecOps: Key Controls for Modern Security Success von
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security SuccessPuma Security, LLC
1.4K views32 Folien
Agile User Acceptance Testing - Incorporating UAT into Agile von
Agile User Acceptance Testing - Incorporating UAT into AgileAgile User Acceptance Testing - Incorporating UAT into Agile
Agile User Acceptance Testing - Incorporating UAT into AgileXBOSoft
3.7K views50 Folien
Protecting Agile Transformation through Secure DevOps (DevSecOps) von
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
1.3K views34 Folien

Was ist angesagt?(20)

Cyber Security roadmap.pptx von SandeepK707540
Cyber Security roadmap.pptxCyber Security roadmap.pptx
Cyber Security roadmap.pptx
SandeepK707540194 views
Security Process in DevSecOps von Opsta
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
Opsta246 views
DevSecOps Implementation Journey von DevOps Indonesia
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia460 views
DevSecOps: Key Controls for Modern Security Success von Puma Security, LLC
DevSecOps: Key Controls for Modern Security SuccessDevSecOps: Key Controls for Modern Security Success
DevSecOps: Key Controls for Modern Security Success
Puma Security, LLC1.4K views
Agile User Acceptance Testing - Incorporating UAT into Agile von XBOSoft
Agile User Acceptance Testing - Incorporating UAT into AgileAgile User Acceptance Testing - Incorporating UAT into Agile
Agile User Acceptance Testing - Incorporating UAT into Agile
XBOSoft3.7K views
Protecting Agile Transformation through Secure DevOps (DevSecOps) von Eryk Budi Pratama
Protecting Agile Transformation through Secure DevOps (DevSecOps)Protecting Agile Transformation through Secure DevOps (DevSecOps)
Protecting Agile Transformation through Secure DevOps (DevSecOps)
Eryk Budi Pratama1.3K views
Performance and load testing von sonukalpana
Performance and load testingPerformance and load testing
Performance and load testing
sonukalpana22.4K views
Secure Design: Threat Modeling von Cigital
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
Cigital2.7K views
Application Security von Reggie Niccolo Santos
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos1.2K views
Introduction to DevOps von Matthew David
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Matthew David1.1K views
BSIMM: Bringing Science to Software Security von Cigital
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
Cigital1.2K views
XRAY for Jira von Mike Brosnan
XRAY for JiraXRAY for Jira
XRAY for Jira
Mike Brosnan3.4K views
How to Achieve Agile API Security von Apigee | Google Cloud
How to Achieve Agile API SecurityHow to Achieve Agile API Security
How to Achieve Agile API Security
Apigee | Google Cloud6K views
Demystifying OAuth 2.0 von Karl McGuinness
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
Karl McGuinness7.5K views
Developing a Testing Strategy for DevOps Success von DevOps.com
Developing a Testing Strategy for DevOps SuccessDeveloping a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps Success
DevOps.com1.1K views
Application Security Architecture and Threat Modelling von Priyanka Aash
Application Security Architecture and Threat ModellingApplication Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash4.2K views
Welcome to Azure Devops von Alessandro Scardova
Welcome to Azure DevopsWelcome to Azure Devops
Welcome to Azure Devops
Alessandro Scardova707 views
DevSecOps von Joel Divekar
DevSecOpsDevSecOps
DevSecOps
Joel Divekar300 views
Teste de software von Rafael Sanches
Teste de softwareTeste de software
Teste de software
Rafael Sanches1.3K views
Tecnicas Para Planejamento E Execucao De Testes De Software von marthahuback
Tecnicas Para Planejamento E Execucao De Testes De SoftwareTecnicas Para Planejamento E Execucao De Testes De Software
Tecnicas Para Planejamento E Execucao De Testes De Software
marthahuback2K views

Similar a DevSecOps: Colocando segurança na esteira

2020 05-tech saturday-devsecops-#2-v03 von
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03Diego Gabriel Cardoso
145 views23 Folien
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture von
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean ArchitectureDiego Gabriel Cardoso
105 views26 Folien
Platform Strategy to Deliver Digital Experiences on Azure von
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
61 views18 Folien
Threat Modeling All Day! von
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!Steven Carlson
139 views44 Folien
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem von
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na NuvemDiego Gabriel Cardoso
37 views35 Folien
Building and Delivering Software in a Faster and More Consistent Way von
Building and Delivering Software in a Faster and More Consistent WayBuilding and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent WayDevOps Indonesia
177 views35 Folien

Similar a DevSecOps: Colocando segurança na esteira(20)

2020 05-tech saturday-devsecops-#2-v03 von Diego Gabriel Cardoso
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
Diego Gabriel Cardoso145 views
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture von Diego Gabriel Cardoso
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
Diego Gabriel Cardoso105 views
Platform Strategy to Deliver Digital Experiences on Azure von WSO2
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
WSO261 views
Threat Modeling All Day! von Steven Carlson
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
Steven Carlson139 views
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem von Diego Gabriel Cardoso
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
Diego Gabriel Cardoso37 views
Building and Delivering Software in a Faster and More Consistent Way von DevOps Indonesia
Building and Delivering Software in a Faster and More Consistent WayBuilding and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent Way
DevOps Indonesia177 views
Future Of DevOps Trends 2023 von WeCode Inc
Future Of DevOps Trends 2023Future Of DevOps Trends 2023
Future Of DevOps Trends 2023
WeCode Inc162 views
Webinar–Best Practices for DevSecOps at Scale von Synopsys Software Integrity Group
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group172 views
ABN AMRO DevSecOps Journey von Derek E. Weeks
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
Derek E. Weeks1.4K views
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,... von Synopsys Software Integrity Group
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Software Integrity Group387 views
Platform governance, gestire un ecosistema di microservizi a livello enterprise von Giulio Roggero
Platform governance, gestire un ecosistema di microservizi a livello enterprisePlatform governance, gestire un ecosistema di microservizi a livello enterprise
Platform governance, gestire un ecosistema di microservizi a livello enterprise
Giulio Roggero183 views
Securing 100 products - How hard can it be? von Priyanka Aash
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
Priyanka Aash132 views
Barcelona global gathering 2020 jan21st von animuscrm
Barcelona global gathering 2020 jan21stBarcelona global gathering 2020 jan21st
Barcelona global gathering 2020 jan21st
animuscrm76 views
Getty/IO - Business Presentation 2017 von Diogenes Buarque Ianakiara
Getty/IO - Business Presentation 2017Getty/IO - Business Presentation 2017
Getty/IO - Business Presentation 2017
Diogenes Buarque Ianakiara353 views
Webinar–That is Not How This Works von Synopsys Software Integrity Group
Webinar–That is Not How This WorksWebinar–That is Not How This Works
Webinar–That is Not How This Works
Synopsys Software Integrity Group315 views
BUDDY White Paper von Achmad Surya Afandy
BUDDY White PaperBUDDY White Paper
BUDDY White Paper
Achmad Surya Afandy183 views
Webinar–AppSec: Hype or Reality von Synopsys Software Integrity Group
Webinar–AppSec: Hype or RealityWebinar–AppSec: Hype or Reality
Webinar–AppSec: Hype or Reality
Synopsys Software Integrity Group171 views
Business intelligence & reporting von Namita Ghate
Business intelligence & reportingBusiness intelligence & reporting
Business intelligence & reporting
Namita Ghate61 views
Benefits of DevSecOps von Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS413 views
2022: 6 Cloud-Native App Development Trends to Transform Your Business von WeCode Inc
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business
WeCode Inc21 views

Más de Diego Gabriel Cardoso

Facens - Plugin - A Evolução na carreira de TI von
Facens - Plugin - A Evolução na carreira de TIFacens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TIDiego Gabriel Cardoso
11 views18 Folien
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci... von
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...Diego Gabriel Cardoso
19 views17 Folien
TDC SP 2019 - Trilha .NET - Clean Architecture von
TDC SP 2019 - Trilha .NET - Clean ArchitectureTDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean ArchitectureDiego Gabriel Cardoso
180 views19 Folien
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo... von
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...Diego Gabriel Cardoso
35 views24 Folien
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C# von
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#Diego Gabriel Cardoso
92 views14 Folien
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira von
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteiraTDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteiraDiego Gabriel Cardoso
317 views31 Folien

Más de Diego Gabriel Cardoso(6)

Facens - Plugin - A Evolução na carreira de TI von Diego Gabriel Cardoso
Facens - Plugin - A Evolução na carreira de TIFacens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TI
Diego Gabriel Cardoso11 views
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci... von Diego Gabriel Cardoso
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Diego Gabriel Cardoso19 views
TDC SP 2019 - Trilha .NET - Clean Architecture von Diego Gabriel Cardoso
TDC SP 2019 - Trilha .NET - Clean ArchitectureTDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean Architecture
Diego Gabriel Cardoso180 views
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo... von Diego Gabriel Cardoso
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
Diego Gabriel Cardoso35 views
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C# von Diego Gabriel Cardoso
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
Diego Gabriel Cardoso92 views
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira von Diego Gabriel Cardoso
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteiraTDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
Diego Gabriel Cardoso317 views

Último

Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica... von
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...NUS-ISS
16 views28 Folien
Empathic Computing: Delivering the Potential of the Metaverse von
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the MetaverseMark Billinghurst
470 views80 Folien
20231123_Camunda Meetup Vienna.pdf von
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdfPhactum Softwareentwicklung GmbH
28 views73 Folien
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors von
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensorssugiuralab
15 views15 Folien
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze von
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeNUS-ISS
19 views47 Folien
Perth MeetUp November 2023 von
Perth MeetUp November 2023 Perth MeetUp November 2023
Perth MeetUp November 2023 Michael Price
15 views44 Folien

Último(20)

Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica... von NUS-ISS
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
Emerging & Future Technology - How to Prepare for the Next 10 Years of Radica...
NUS-ISS16 views
Empathic Computing: Delivering the Potential of the Metaverse von Mark Billinghurst
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst470 views
20231123_Camunda Meetup Vienna.pdf von Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH28 views
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors von sugiuralab
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
sugiuralab15 views
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze von NUS-ISS
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng TszeDigital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
Digital Product-Centric Enterprise and Enterprise Architecture - Tan Eng Tsze
NUS-ISS19 views
Perth MeetUp November 2023 von Michael Price
Perth MeetUp November 2023 Perth MeetUp November 2023
Perth MeetUp November 2023
Michael Price15 views
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV von Splunk
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk88 views
STPI OctaNE CoE Brochure.pdf von madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb12 views
The Importance of Cybersecurity for Digital Transformation von NUS-ISS
The Importance of Cybersecurity for Digital TransformationThe Importance of Cybersecurity for Digital Transformation
The Importance of Cybersecurity for Digital Transformation
NUS-ISS27 views
Spesifikasi Lengkap ASUS Vivobook Go 14 von Dot Semarang
Spesifikasi Lengkap ASUS Vivobook Go 14Spesifikasi Lengkap ASUS Vivobook Go 14
Spesifikasi Lengkap ASUS Vivobook Go 14
Dot Semarang35 views
[2023] Putting the R! in R&D.pdf von Eleanor McHugh
[2023] Putting the R! in R&D.pdf[2023] Putting the R! in R&D.pdf
[2023] Putting the R! in R&D.pdf
Eleanor McHugh38 views
Data-centric AI and the convergence of data and model engineering: opportunit... von Paolo Missier
Data-centric AI and the convergence of data and model engineering: opportunit...Data-centric AI and the convergence of data and model engineering: opportunit...
Data-centric AI and the convergence of data and model engineering: opportunit...
Paolo Missier34 views
Special_edition_innovator_2023.pdf von WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2216 views
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor... von Vadym Kazulkin
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
How to reduce cold starts for Java Serverless applications in AWS at JCON Wor...
Vadym Kazulkin75 views
How the World's Leading Independent Automotive Distributor is Reinventing Its... von NUS-ISS
How the World's Leading Independent Automotive Distributor is Reinventing Its...How the World's Leading Independent Automotive Distributor is Reinventing Its...
How the World's Leading Independent Automotive Distributor is Reinventing Its...
NUS-ISS15 views
.conf Go 2023 - Data analysis as a routine von Splunk
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
Splunk93 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 von Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi120 views
Attacking IoT Devices from a Web Perspective - Linux Day von Simone Onofri
Attacking IoT Devices from a Web Perspective - Linux Day Attacking IoT Devices from a Web Perspective - Linux Day
Attacking IoT Devices from a Web Perspective - Linux Day
Simone Onofri15 views
The Research Portal of Catalonia: Growing more (information) & more (services) von CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya73 views
Roadmap to Become Experts.pptx von dscwidyatamanew
Roadmap to Become Experts.pptxRoadmap to Become Experts.pptx
Roadmap to Become Experts.pptx
dscwidyatamanew11 views

DevSecOps: Colocando segurança na esteira

  • 1. Shaping the future of digital business 1CONFIDENTIALGFT GROUP 29/08/19 We Innovate, Transform, Deliver Agosto - 2019 UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI
  • 2. • Orgulhoso Filho, Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • Trabalho na GFT (Sorocaba) • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
  • 3. 3GFT GROUP Shaping the future of digital business Shaping the future of digital business FORTE PRESENÇA INTERNACIONAL Escritórios em 13 países Alemanha, Brasil, Canadá, Costa Rica, França, Espanha, EUA, Inglaterra, Itália, México, Polônia, Suíça e Bélgica. FORTE PRESENÇA NACIONAL Nosso colaboradores + 800 distribuídos em nossos escritórios de Alphaville, Sorocaba e Curitiba. MODELO GLOBAL DE ENTREGA Time Global com + 5.500 colaboradores FOCO EM SERVIÇOS FINANCEIROS Receita R$ 1,8 Bi prevista de 2018 Somos uma empresa alemã de 30 anos focada na transformação digital para a indústria financeira. 29/08/2019 DIGITAL SOLUTIONS APPLICATION MANAGEMENT & OUTSOURCING CONSULTING
  • 4. 4GFT GROUP Shaping the future of digital business Workshops 29/08/2019 Eventos aberto para a comunidade Tech! A equipe de Technology Communities da GFT possui um time de especialistas que está sempre disseminando conteúdo através de workshops, palestras e webinar. Entre eles: Technology Workshop, CodeN’Beer, CodingDojo,TechTalk, Front- End Stand-UP Meeting, DES-Conferência Lean-Agile. Type here if add info needed for every slide
  • 5. 5GFT GROUP Shaping the future of digital business Vagas 29/08/2019 Mande seu currículo pra gente: Oportunidades.Brasil@gft.com Type here if add info needed for every slide facebook.com/gft.br linkedin.com/company/gft-group blog.gft.com/br www.twitter.com/gft_br @gft_tech www.gft.com/br GFT nas mídias sociais: meetup.com/pt-BR/GFT-LATAM-Meetup
  • 6. Shaping the future of digital business 6CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps 3. CyberSecurity 4. LGPD 5. DevSecOps 6. OWASP 7. Trends for 2019 / 2020
  • 7. Shaping the future of digital business 7CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
  • 8. Shaping the future of digital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
  • 9. Shaping the future of digital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
  • 10. Shaping the future of digital business 10CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 11. Shaping the future of digital business 11CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 12. Shaping the future of digital business 12CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
  • 13. Shaping the future of digital business 13CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
  • 14. Shaping the future of digital business 14CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Statistics you should know for 2019
  • 15. Shaping the future of digital business 15CONFIDENTIALGFT GROUP API Management Aspects LGPD – Lei Geral de Proteção de Dados (GDPR)
  • 16. Shaping the future of digital business 16CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner 2018 Source: RightScale 2018
  • 17. Shaping the future of digital business 17CONFIDENTIALGFT GROUP 29.08.2019 Type here if add info needed for every slide Source: Gartner
  • 18. Shaping the future of digital business 18CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #SRE #BeTransformationAgent
  • 19. Shaping the future of digital business 19CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps = DevOps + Security
  • 20. Shaping the future of digital business 20CONFIDENTIALGFT GROUP DevSecOps – The Evolution of Security Teams
  • 21. Shaping the future of digital business 21CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Enabling evolutive security
  • 22. Shaping the future of digital business 22CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software Somebody builds insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software Somebody builds insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
  • 23. Shaping the future of digital business 23CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness • Secure coding training • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Top risks/vulnerabilities (OWASP) • Code contain Hard-coded secrets • 3rd party libraries have known security issues Test • SAST + DAST + RAST • Sensitive info scan • Fuzzing DevSecOps – Leading the transformation
  • 24. Shaping the future of digital business 24CONFIDENTIALGFT GROUP API Management Aspects OWASP – Open Web Application Security Project Top 5 Vulnerabilities
  • 25. Shaping the future of digital business 25CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
  • 26. Shaping the future of digital business 26CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
  • 27. Shaping the future of digital business 27CONFIDENTIALGFT GROUP API Management Aspects OWASP – SQL Injection
  • 28. Shaping the future of digital business 28CONFIDENTIALGFT GROUP Trends for 2019 / 2020 #DevSecOps #SRE #BeTransformationAgent
  • 29. Shaping the future of digital business 29CONFIDENTIALGFT GROUP 29/08/2019 DevOps – Landscape 2019
  • 30. Shaping the future of digital business 30CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
  • 31. Shaping the future of digital business 31CONFIDENTIALGFT GROUP 29/08/2019
  • 32. Shaping the future of digital business 32CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2019
  • 33. Shaping the future of digital business 33CONFIDENTIALGFT GROUP Agosto - 2019 We Innovate, Transform, Deliver UFSCar – SeCoT XI DevSecOps: Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil diego.cardoso@gft.com #TeamGFT #UFSCarSecotXI Muito Obrigado! Perguntas?