Anzeige
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps
DevOps or DevSecOps

Check these out next

Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
Amazon Web Services
DEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
Introduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
Demystifying DevSecOps
Demystifying DevSecOps
Archana Joshi
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
How to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC
1 von 63

DevOps or DevSecOps

3. Mar 2019
Downloaden Sie, um offline zu lesen
Ingenieurwesen

In 2009 Patrick Dubois coined the term "DevOps" when he organised the first "DevOpsDays" In Ghent, Belgium. Since then the term has become a term to explain the collaboration between all organisational stakeholders in IT projects (developers, operations, QA, marketing, security, legal, …) to deliver high quality, reliable solutions where issues are tackled early on in the value stream. But reality shows that many businesses that implement "DevOps" are actually talking about a collaboration between development, QA and operations (DQO). Solutions are being provided but lack the security and/or legal regulations causing hard-to-fix problems in production environments. In this talk I will explain how the original idea of Patrick to include all stakeholders got reduced to development, QA and operations and why it's so difficult to apply security or compliance improvements in this model. I will also talk about ways to make the DQO model welcoming for security experts and legal teams and why "DevSecOps" is now the term to be used to ensure security is no longer omitted from the value process. Finally we'll have a vote if we keep the term "DevOps" as an all-inclusive representation for all stakeholders or if we need to start using "DevSecOps" to ensure the business understands can no longer ignore the importance of security.

Michelangelo van Dam
Senior PHP architect & QA Specialist um In2IT
Anzeige
Anzeige
Anzeige

Recomendados

2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype 4.8K Aufrufe49 Folien
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS335 Aufrufe19 Folien
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett748 Aufrufe55 Folien
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier833 Aufrufe40 Folien
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi1.8K Aufrufe27 Folien
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash737 Aufrufe37 Folien

Más contenido relacionado

Presentaciones para ti(20)

Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
Amazon Web Services6.8K Aufrufe
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342934 Aufrufe
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services7.6K Aufrufe
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services6K Aufrufe
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie1.2K Aufrufe
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
Archana Joshi691 Aufrufe
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype 9.8K Aufrufe
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC837 Aufrufe
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia1.8K Aufrufe
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services494 Aufrufe
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
Rubal Jain1.2K Aufrufe
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran326 Aufrufe
DevSecOpsDevSecOps
DevSecOps
Tomas Honzak426 Aufrufe
DevSecOpsDevSecOps
DevSecOps
Joel Divekar274 Aufrufe
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP7K Aufrufe
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
Amazon Web Services920 Aufrufe
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
abhimanyubhogwan199 Aufrufe
Devops Devops DevopsDevops Devops Devops
Devops Devops Devops
Kris Buytaert3.6K Aufrufe
Dev ops != Dev+OpsDev ops != Dev+Ops
Dev ops != Dev+Ops
Shalu Ahuja1.5K Aufrufe
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier1.6K Aufrufe

Similar a DevOps or DevSecOps(20)

DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
James Wickett1.6K Aufrufe
DevSecOps with Microsoft TechDevSecOps with Microsoft Tech
DevSecOps with Microsoft Tech
Darin Morris135 Aufrufe
DevOps and the Future of InfoSecDevOps and the Future of InfoSec
DevOps and the Future of InfoSec
Darin Morris509 Aufrufe
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT LeadershipDevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Bryan Len41 Aufrufe
Top 5 Challenges in Scaling DevOps in Brownfield EnvironmentsTop 5 Challenges in Scaling DevOps in Brownfield Environments
Top 5 Challenges in Scaling DevOps in Brownfield Environments
Deborah Schalm601 Aufrufe
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett4.2K Aufrufe
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran675 Aufrufe
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran480 Aufrufe
DevOps and the Future of Information SecurityDevOps and the Future of Information Security
DevOps and the Future of Information Security
Darin Morris82 Aufrufe
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei318 Aufrufe
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
James Wickett607 Aufrufe
Winnipeg ISACA Security is Dead, Rugged DevOpsWinnipeg ISACA Security is Dead, Rugged DevOps
Winnipeg ISACA Security is Dead, Rugged DevOps
Gene Kim1.4K Aufrufe
Strategies on How to Overcome Security Challenges Unique to Cloud-Native AppsStrategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
Strategies on How to Overcome Security Challenges Unique to Cloud-Native Apps
VMware Tanzu410 Aufrufe
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran754 Aufrufe
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
James Wickett327 Aufrufe
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
DevOps Indonesia408 Aufrufe
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
Michael Man1.1K Aufrufe
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
James Wickett16.5K Aufrufe
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"
Aaron Rinehart184 Aufrufe
DevOps Torino Meetup Group Kickoff Meeting - Why a meetup group on DevOps, wh...DevOps Torino Meetup Group Kickoff Meeting - Why a meetup group on DevOps, wh...
DevOps Torino Meetup Group Kickoff Meeting - Why a meetup group on DevOps, wh...
Rauno De Pasquale132 Aufrufe
Anzeige

Más de Michelangelo van Dam(20)

GDPR Art. 25 - Privacy by design and defaultGDPR Art. 25 - Privacy by design and default
GDPR Art. 25 - Privacy by design and default
Michelangelo van Dam99 Aufrufe
Moving from app services to azure functionsMoving from app services to azure functions
Moving from app services to azure functions
Michelangelo van Dam563 Aufrufe
Privacy by designPrivacy by design
Privacy by design
Michelangelo van Dam700 Aufrufe
Privacy by designPrivacy by design
Privacy by design
Michelangelo van Dam1.1K Aufrufe
Continuous deployment 2.0Continuous deployment 2.0
Continuous deployment 2.0
Michelangelo van Dam1.4K Aufrufe
Let your tests drive your codeLet your tests drive your code
Let your tests drive your code
Michelangelo van Dam2.5K Aufrufe
General Data Protection Regulation, a developer's storyGeneral Data Protection Regulation, a developer's story
General Data Protection Regulation, a developer's story
Michelangelo van Dam1.5K Aufrufe
Leveraging a distributed architecture to your advantageLeveraging a distributed architecture to your advantage
Leveraging a distributed architecture to your advantage
Michelangelo van Dam1.5K Aufrufe
The road to php 7.1The road to php 7.1
The road to php 7.1
Michelangelo van Dam2.1K Aufrufe
Open source for a successful businessOpen source for a successful business
Open source for a successful business
Michelangelo van Dam587 Aufrufe
Decouple your framework now, thank me laterDecouple your framework now, thank me later
Decouple your framework now, thank me later
Michelangelo van Dam1K Aufrufe
Deploy to azure in less then 15 minutesDeploy to azure in less then 15 minutes
Deploy to azure in less then 15 minutes
Michelangelo van Dam780 Aufrufe
Azure and OSS, a match made in heavenAzure and OSS, a match made in heaven
Azure and OSS, a match made in heaven
Michelangelo van Dam1K Aufrufe
Getting hands dirty with php7Getting hands dirty with php7
Getting hands dirty with php7
Michelangelo van Dam3.1K Aufrufe
Zf2 how arrays will save your projectZf2 how arrays will save your project
Zf2 how arrays will save your project
Michelangelo van Dam1.3K Aufrufe
Create, test, secure, repeatCreate, test, secure, repeat
Create, test, secure, repeat
Michelangelo van Dam3.9K Aufrufe
The Continuous PHP PipelineThe Continuous PHP Pipeline
The Continuous PHP Pipeline
Michelangelo van Dam6.5K Aufrufe
PHPUnit Episode iv.iii: Return of the testsPHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the tests
Michelangelo van Dam870 Aufrufe
Easily extend your existing php app with an apiEasily extend your existing php app with an api
Easily extend your existing php app with an api
Michelangelo van Dam1.5K Aufrufe
Your code are my testsYour code are my tests
Your code are my tests
Michelangelo van Dam2.6K Aufrufe

Último(20)

compositematerials-140309122625-phpapp02.pdfcompositematerials-140309122625-phpapp02.pdf
compositematerials-140309122625-phpapp02.pdf
whmonkey0 Aufrufe
Final PPT.pptxFinal PPT.pptx
Final PPT.pptx
Kiran Kumar B M0 Aufrufe
chap 1(Introduction) .pptxchap 1(Introduction) .pptx
chap 1(Introduction) .pptx
WendeDegefu0 Aufrufe
ECE Time Table .docxECE Time Table .docx
ECE Time Table .docx
MukulRawat400 Aufrufe
3. Ford Dunton Mark Freeman.pdf3. Ford Dunton Mark Freeman.pdf
3. Ford Dunton Mark Freeman.pdf
PROFIBUS and PROFINET InternationaI - PI UK0 Aufrufe
hina ppt.pptxhina ppt.pptx
hina ppt.pptx
NidaPrincess0 Aufrufe
Lec_6_N10.pdfLec_6_N10.pdf
Lec_6_N10.pdf
BorchalaDareje0 Aufrufe
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
PROFIBUS and PROFINET InternationaI - PI UK0 Aufrufe
12. PI_OPC_UK.pdf12. PI_OPC_UK.pdf
12. PI_OPC_UK.pdf
PROFIBUS and PROFINET InternationaI - PI UK0 Aufrufe
Control Strategies for Autonomous quadrotors.pptxControl Strategies for Autonomous quadrotors.pptx
Control Strategies for Autonomous quadrotors.pptx
MahiRanka20 Aufrufe
13. CEMA - AUTOMOTIVE.pdf13. CEMA - AUTOMOTIVE.pdf
13. CEMA - AUTOMOTIVE.pdf
PROFIBUS and PROFINET InternationaI - PI UK0 Aufrufe
Error Correction.pptError Correction.ppt
Error Correction.ppt
nasseralnemer0 Aufrufe
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
FernandoVizer0 Aufrufe
TIME FRAME OVERHAUL 3608 PT. SAIPEM.pdfTIME FRAME OVERHAUL 3608 PT. SAIPEM.pdf
TIME FRAME OVERHAUL 3608 PT. SAIPEM.pdf
danialkurnia0 Aufrufe
UEC747 Lecture 21.pdfUEC747 Lecture 21.pdf
UEC747 Lecture 21.pdf
AmanBatra310 Aufrufe
10. PI_Dunton - OT Security.pdf10. PI_Dunton - OT Security.pdf
10. PI_Dunton - OT Security.pdf
PROFIBUS and PROFINET InternationaI - PI UK0 Aufrufe
9. PA DIM presentation.pdf9. PA DIM presentation.pdf
9. PA DIM presentation.pdf
PROFIBUS and PROFINET InternationaI - PI UK0 Aufrufe
Searching.pptxSearching.pptx
Searching.pptx
DaejuswaramGopinath10 Aufrufe
Cold Plasma.pptxCold Plasma.pptx
Cold Plasma.pptx
014SamriddhiChakrabo0 Aufrufe
Presentation2.pptxPresentation2.pptx
Presentation2.pptx
WaqasGul90 Aufrufe
Anzeige

DevOps or DevSecOps

  1. DEVOPS OR DEVSECOPS? Why do we need to focus on security in development and operations?
  2. MICHELANGELO VAN DAM I'm a senior #php architect, co-founder and #ceo of @in2itvof, #community leader at @phpbenelux, coach at @CoderDojoBelgium, #MVP, #digitalnomad, likes #coffee. Follow me on Twitter: @DragonBe
  3. DEVOPS Let’s have a look at DevOps first
  4. PATRICK DEBOIS Patrick Debois coined the term “DevOps” at the first DevOpsDays in Ghent (Belgium) and started a very important movement in the tech industry.
  5. THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS
  6. THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS System thinking: performance of complete system
  7. THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS System thinking: performance of complete system Amplify feedback loops: notify issues early in the process
  8. THE THREE WAYS THE PRINCIPLES UNDERPINNING DEVOPS System thinking: performance of complete system Amplify feedback loops: notify issues early in the process Culture of continuous learning & experimenting
  9. DEVOPS
  10. DEVOPS Unifying software development & operations
  11. DEVOPS Unifying software development & operations Automation & monitoring of software construction
  12. DEVOPS Unifying software development & operations Automation & monitoring of software construction Shorter development cycles, increased deployment frequencies & produce dependable releases
  13. DEVELOPMENT & OPERATIONS
  14. DEVELOPMENT & OPERATIONS Project management & development
  15. DEVELOPMENT & OPERATIONS Project management & development Network & systems engineering
  16. DEVELOPMENT & OPERATIONS Project management & development Network & systems engineering Security, testing, legal, compliance & support
  17. DEVELOPMENT & OPERATIONS Project management, development & testing Network & systems engineering Security, testing, legal, compliance & support
  18. AUTOMATION & MONITORING
  19. AUTOMATION & MONITORING Infrastructure as code
  20. AUTOMATION & MONITORING Infrastructure as code Increased telemetry on whole application stack
  21. AUTOMATION & MONITORING Infrastructure as code Increased telemetry on whole application stack Repeatable processes for continuous improvement
  22. SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES
  23. SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES 10, 100, 1K, 10K commits a day
  24. SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES 10, 100, 1K, 10K commits a day Each N commits results in a deployment (could be 1)
  25. SHORTER DEVELOPMENT CYCLES, INCREASED DEPLOYMENT FREQUENCIES & DEPENDABLE RELEASES 10, 100, 1K, 10K commits a day Each N commits results in a deployment (could be 1) Each release is better than the previous
  26. TRUST ME, I’M A PROFESSIONAL Each commit has the potential of introducing a new risk or break the system. Without any safeguards, we’re just increasing the speed of creating a Pandora’s Box.
  27. DEVSECOPS
  28. DEVSECOPS
  29. DEVSECOPS Security integrated part of dev & ops
  30. DEVSECOPS Security integrated part of dev & ops Each commit & systems change must meet security standards
  31. DEVSECOPS Security integrated part of dev & ops Each commit & systems change must meet security standards Security by design
  32. THIS IS 2018
  33. THIS IS 2018
  34. THIS IS 2018
  35. THIS IS 2018
  36. SECURITY FOCUS
  37. SECURITY FOCUS Hackers
  38. SECURITY FOCUS Hackers Data loss prevention
  39. SECURITY FOCUS Hackers Data loss prevention Privacy protection
  40. SECURITY FOCUS Hackers Data loss prevention Privacy protection Bad configuration
  41. SECURITY FOCUS Hackers Data loss prevention Privacy protection Bad configuration Compliance
  42. SECURITY FOCUS Hackers Data loss prevention Privacy protection Bad configuration Compliance Verified trust
  43. WHAT’S YOUR OPINION? Raise your hand if you feel security needs to be emphasised with DevSecOps
  44. WHAT’S YOUR OPINION? Raise your hand if you feel security is part of DevOps
  45. SECURITY IS PART OF DEVOPS Project management, development & testing Network & systems engineering Security, testing, legal, compliance & support
  46. THE DEVOPS CYCLE
  47. A TYPICAL BUILD PROCESS
  48. A TYPICAL BUILD PROCESS
  49. SECURITY TESTING WITH RIPSTECH Project X 2019-03-02 16:43:11
  50. SECURITY TESTING WITH BURP SUITE
  51. SECURITY TESTING WITH ARACHNI
  52. SECURITY TESTING WITH BEHAT
  53. MANUAL SECURITY TESTING
  54. SUMMARY
  55. SUMMARY Security integrated part of dev & ops
  56. SUMMARY Security integrated part of dev & ops TRUE === ($this->DevOps || $this->DevSecOps)
  57. SUMMARY Security integrated part of dev & ops TRUE === ($this->DevOps || $this->DevSecOps) Security is a MUST: we can no longer ignore it!
  58. REFERENCES
  59. SHAMELESS PLUG DRAGONBE/HIBP
  60. QUESTIONS?
  61. QUESTIONS? Slides online slideshare.net/DragonBe
  62. QUESTIONS? Slides online slideshare.net/DragonBe Leave feedback joind.in/event
  63. QUESTIONS? Slides online slideshare.net/DragonBe Leave feedback joind.in/event Contact me
 twitter.com/DragonBe
Anzeige