Secure your Azure and DevOps in a smart way

•

2 gefällt mir•1,168 views

Victoria Almazova, Cloud Security Architect, Microsoft Azure provides a set of security and governance controls to ensure that your environment is secure and complaint. Learn how to implement security on the subscription level, develop your applications securely, securely deploy, periodically scan production for compliance and security, and get a single security dashboard.

Technologie

Secure your Azure and
DevOps in a smart way

Mitä kuuluu?
I am Victoria
Security girl at MS
Find me at @texnokot
or victoria.almazova@microsoft.com

DevOps is the union of people,
process, and technology to enable
continuous delivery of value to your
end users
DevOps
Monitor
&
learn
Develop &
TestPlan &
Track
Build
&
Release
Continuous
delivery

automation
Why not to automate security then?

delivering the product
Pre-commit Commit (CI) Acceptance (CD) Production Operations

Pre-commit stage
✘ Threat modeling
✘ IDE Security plugins
✘ Pre-commit hooks
✘ Secure coding standards
✘ Peer review
Goal: ﬁx security from the ﬁrst line of a code

Commit stage
✘ Static code analysis
✘ Security unit tests
✘ Dependency management
Goal: provide fast feedback to developers

Acceptance stage
✘ Infrastructure as Code
✘ Security scanning
✘ Cloud conﬁguration
✘ Security acceptance testing
Goal: comprehensive check of the application and infrastructure

Production stage
✘ Security smoke tests
✘ Conﬁguration checks
✘ Penetration testing
Goal: ensure that setup follows security traditions

Operations
✘ Continuous monitoring
✘ Threat intelligence
✘ Vulnerability assessment
✘ Blameless postmortems
Goal: continuous security and lessons learned

We get DevSecOps
Pre-commit
✘ Threat modeling
✘ IDE Security plugins
✘ Pre-commit hooks
✘ Secure coding
standards
✘ Peer review
Commit (CI)
✘ Static code analysis
✘ Security unit tests
✘ Dependency
management
Acceptance (CD)
✘ IaC
✘ Security scanning
✘ Cloud conﬁguration
✘ Security acceptance
testing
Production
✘ Security smoke tests
✘ Conﬁguration checks
✘ Penetration testing
Operations
✘ Continuous
monitoring
✘ Threat intelligence
✘ Penetration testing
✘ Blameless
postmortems

Azure prod subsc
Azure DevOps
repository
Azure DevOps
pipelines
Azure DevOps
release
VS Studio/Code
Azure QA subsc
Azure dev subsc
develop
master
CI build
CI build
DevSkim, Puma
scan, Coverity,
Fortify
Pre-commit hooks
AzSK Secure
DevOps Kit
(AzSK),
MS Azure Policy,
Snyk,
WhiteSource Bolt,
Coverity,
Fortify
MS Azure Policy,
Azure Management,
Azure Monitor,
Microsoft Azure
Security Center

Resources
✘ SANS poster: https://www.sans.org/security-resources/posters/secure-devops-toolchain-swat-
checklist/60/download
✘ Azure security best practices: https://docs.microsoft.com/en-us/azure/security/security-best-practices-and-
patterns
✘ Secure DevOps Kit for Azure: https://github.com/azsk/DevOpsKit-docs
✘ Azure DevOps Services: https://azure.microsoft.com/en-us/services/devops/
✘ Azure applications design principles: https://docs.microsoft.com/en-us/azure/architecture/guide/design-
principles/
✘ WhiteSource Bolt extension for Azure DevOps Services: https://marketplace.visualstudio.com/items?
itemName=whitesource.ws-bolt
✘ The OWASP Foundation: https://www.owasp.org/index.php/Main_Page
✘ And me ☺ at github: https://github.com/texnokot/
✘ And of course twitter: https://twitter.com/texnokot

thanks!
Any questions?
You can ﬁnd me at
@texnokot
victoria.almazova@microsoft.com

Weitere ähnliche Inhalte

Was ist angesagt?

DevSecOps: Key Controls to Modern Security Success

Puma Security, LLC

DevSecOps in Baby Steps

Priyanka Aash

Security Automation by integrating SAST(Static Application Security Testing),DAST(Dynamic Application Secuirty Testing) and SIEM (Security Information and Event Management) tools with Jenkins. By automating Security(SAST,DAST,SIEM) developers can them selves perform VA and monitor on application without going to IT and Security team Below Tools are used to Automate everything: SAST - Fortify,CheckMarx DAST - IBM App Scan,OWASP ZAP,HP Web Inspect SIEM - Alien Vault

DevSecOps

Spv Reddy

ABN AMRO DevSecOps Journey

Derek E. Weeks

Amazon EKS - Elastic Container Service for Kubernetes

Amazon Web Services

Attendees will learn how to leverage the identity and authorisation, network security and secrets management features of the wider AWS platform for their containers, including Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Container Service for Kubernetes (Amazon EKS). We also discuss best practices for the security of your container images such as scanning them for known vulnerabilities.

Advanced Container Security

Amazon Web Services

2019 DevSecOps Reference Architectures

Sonatype

Demystifying DevSecOps

Archana Joshi

#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale

Agile Testing Alliance

Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture. Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services

Implementing DevSecOps

Amazon Web Services

Kubernetes security

Thomas Fricke

An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future. Agenda: -DevSecOps Introduction -Key Challenges, Recommendations -DevSecOps Analysis -DevSecOps Core Practices -DevSecOps pipeline for Application & Infrastructure Security -DevSecOps Security Tools Selection Tips -DevSecOps Implementation Strategy -DevSecOps Final Checklist

Introduction to DevSecOps

Setu Parimi

** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification ** This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session: 1. What is Kubernetes 2. Features of Kubernetes 3. Kubernetes Architecture and Its Components 4. Components of Master Node and Worker Node 5. ETCD 6. Network Setup Requirements DevOps Tutorial Blog Series: https://goo.gl/P0zAfF

Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...

Edureka!

VMware Tanzu Introduction

VMware Tanzu

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Mohammed A. Imran

While DevOps is becoming a new norm for most of the companies, security is typically still behind. The new architectures create a number of new process considerations and technical issues. In this practical talk, we will present an overview of the practical issues that go into making security a part of DevOps processes. Will cover incorporating security into existing CI/CD pipelines and tools DevOps professionals need to know to implement the automation and adhere to secure coding practices. Join Stepan Ilyin, Chief Product Officer at Wallarm for an engaging conversation where you’ll learn: Methodologies and tooling for dynamic and static security testing Composite and OSS license analysis benefits Secrets and analysis and secrets management approaches in distributed applications Security automation and integration in CI/CD Apps, APIs and workloads protection in cloud-native K8s enabled environments

Security in CI/CD Pipelines: Tips for DevOps Engineers

DevOps.com

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

Tom Stiehm

DevSecOps Implementation Journey

DevOps Indonesia

Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.

Introduction to DevSecOps

Amazon Web Services

Learn about the threat detection capabilities of Amazon GuardDuty and the available remediation options by walking through some real-world threat scenarios. First, explore a scenario where an Amazon EC2 instance is compromised, then one where IAM credentials are compromised. In each scenario, we explore a method to remediate the threat. We use the following services: AWS CloudFormation, AWS CloudTrail, Amazon VPC flow logs, Amazon CloudWatch events, Amazon SNS, Amazon S3, AWS Lambda, and, of course, Amazon GuardDuty. Be sure you have an AWS account. This should be your own personal account and not one through your company. We provide AWS credits to help cover any costs incurred during the lab.

Amazon GuardDuty Threat Detection and Remediation

Amazon Web Services

Was ist angesagt? (20)

DevSecOps: Key Controls to Modern Security Success

DevSecOps in Baby Steps

DevSecOps

ABN AMRO DevSecOps Journey

Amazon EKS - Elastic Container Service for Kubernetes

Advanced Container Security

2019 DevSecOps Reference Architectures

Demystifying DevSecOps

#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale

Implementing DevSecOps

Kubernetes security

Introduction to DevSecOps

Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...

VMware Tanzu Introduction

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Security in CI/CD Pipelines: Tips for DevOps Engineers

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

DevSecOps Implementation Journey

Introduction to DevSecOps

Amazon GuardDuty Threat Detection and Remediation

Ähnlich wie Secure your Azure and DevOps in a smart way

Abstract: See how an Ottawa company has built a SOC2 Type 2 audited software delivery system with less pain, and more value. Build security, and compliance into the way software is delivered and operated to * Make secure development easier * Provide real customer value * Avoid security theatre * Reduce security and audit bottlenecks Bio: Dag Rowe is a BA in security and compliance. Passionate about improving systems of work, he is actively involved in the local software community. Dag helps to organize the Agile Ottawa Meetup group, and the Gatineau-Ottawa Agile Tour conference.

Dev secops security and compliance at the speed of continuous delivery - owasp

Dag Rowe

Devops security-An Insight into Secure-SDLC

Suman Sourav

Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP. Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats. You will also learn what kind of security related testing you can do without having any infosec background.

What Every Developer And Tester Should Know About Software Security

Anne Oikarinen

Continuous Security Testing - DevSecCon

Stephen de Vries

This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.

Automating Security in Cloud Workloads with DevSecOps

Amazon Web Services

Continuous Security Testing with Devops - OWASP EU 2014

Stephen de Vries

Two models for running automated security tests in a CI/CD pipeline: either blocking or parallel security tests Integration depends on the level of cultural integration of security into DevOps. 3 Models of test ownership: 1. Owned by Security team - least desirable 2. Owned by DevOps, overseen by security - better 3. Owned by SecDevOps, look Ma, no silos. Overview of BDD-Security Configuring Jenkins with BDD-Security as inline tests

Automating security tests for Continuous Integration

Stephen de Vries

Strengthen and Scale Security for a dollar or less

Mohammed A. Imran

In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach made AppSec and InfoSec were a little left behind. The DevOps squad topology does not involve any of the organization's AppSec and InfoSec Engineer. Many DevOps team are also not included them since they lack the information on how to manage and configure DevOps CI / CD pipelines and DevSecOps approaches. There's no shortage of talent — you probably don't have a mission worth getting out of bed or a culture that fosters continuous learning such DevSecOps skill and tools and growth where people feel psychologically safe. Besides, there is no shortage of skills — most have a poor understanding of what they need to be successful or the skills that need to leverage to improve their security posture.

Why Security Engineer Need Shift-Left to DevSecOps?

Najib Radzuan

Security is tough and is even tougher to do, in complex environments with lots of dependencies and monolithic architecture. With emergence of Microservice architecture, security has become a bit easier however it introduces its own set of security challenges. This talk will showcase how we can leverage DevSecOps techniques to secure APIs/Microservices using free and open source software. We will also discuss how emerging technologies like Docker, Kubernetes, Clair, ansible, consul, vault, etc., can be used to scale/strengthen the security program for free. More details here - https://www.practical-devsecops.com/

Scale security for a dollar or less

Mohammed A. Imran

Application_security_Strategic

Ramesh VG

DevSecOps - It can change your life (cycle)

Qualitest

Succeeding-Marriage-Cybersecurity-DevOps final

rkadayam

DevOps

Jeremiah Tillman

Overcoming Security Challenges in DevOps

Alert Logic

Whether you're a huge enterprise or a small start-up, you can't escape global digitalization. As digital technologies like machine-2-machine communication, device-2-device telematics, connected cars, and the Internet of Things become more integral in today’s world, more threats will appear as hackers use new ways to exploit weaknesses in your organization and products. During SoftServe’s free security webinar, Nazar Tymoshyk will explore the reasons why recent victims of digital attacks couldn’t withstand a threat to their security and share how you can build secure and compliant software with the help of security experts. A real-life case study will demonstrate how SoftServe assessed and mitigated security threats for a top organization.

Digital Product Security

SoftServe

ONE Conference: Vulnerabilities in Web Applications

Netcetera

DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps

Suman Sourav

Cncf checkov and bridgecrew

LibbySchulze

Дмитро Терещенко, "How to secure your application with Secure SDLC"

Sigma Software

Ähnlich wie Secure your Azure and DevOps in a smart way (20)

Dev secops security and compliance at the speed of continuous delivery - owasp

Devops security-An Insight into Secure-SDLC

What Every Developer And Tester Should Know About Software Security

Continuous Security Testing - DevSecCon

Automating Security in Cloud Workloads with DevSecOps

Continuous Security Testing with Devops - OWASP EU 2014

Automating security tests for Continuous Integration

Strengthen and Scale Security for a dollar or less

Why Security Engineer Need Shift-Left to DevSecOps?

Scale security for a dollar or less

Application_security_Strategic

DevSecOps - It can change your life (cycle)

Succeeding-Marriage-Cybersecurity-DevOps final

DevOps

Overcoming Security Challenges in DevOps

Digital Product Security

ONE Conference: Vulnerabilities in Web Applications

DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps

Cncf checkov and bridgecrew

Дмитро Терещенко, "How to secure your application with Secure SDLC"

Mehr von Eficode

Saving money with Consolidations

Eficode

DevOps Automation with Puppet Bolt & Puppet Enterprise

Eficode

**Link for the video below** In this presentation, Kalle Sirkesalo, Platform Director of Eficode, tells of how Eficode has seen big companies scale DevOps in good and bad ways, and explains why certain models work and others don’t in general. Additionally, Kalle teaches ways you can easily empower teams and gain a foothold on scalable solutions. View the recording: https://www.youtube.com/watch?v=QjbRN1H6v94

Scaling DevOps: Pitfalls to avoid

Eficode

Microservices, IoT, DevOps: A Case Study

Eficode

Building a Knowledge Graph at Zalando

Eficode

How to build the Cloud Native applications the way you want – not the way the...

Eficode

The Future of Enterprise Applications is Serverless

Eficode

Why Serverless is scary without DevSecOps and Observability

Eficode

Securing Modern Applications: The Data Behind DevSecOps

Eficode

Ed Seymour Containerisation Lead – Red Hat Ed has over 20 years experience working in software development and IT automation. With a career that started with a small software start-up, working efficiently and with agility was a necessity, and through his experience working at a global IT services company, gained valuable experience in promoting and effecting organisational change, adoption of agile methods, and automation of the software development life-cycle. At Red Hat, Ed’s role has focused on enabling customers as they embrace new organisational behaviours and structures, for example DevOps, and developing new IT services through adoption of emerging technologies, such as Cloud Management, OpenStack; Ed specialises in solutions based on containers through Docker, Kubernetes and OpenShift.

Can I Contain This?

Eficode

Johannes Brüderl Lead Software Engineer – E.ON SE Johannes is a Software Engineer for life. He enjoys working on distributed systems and open source products. His preferred tech-stack at this time includes Kubernetes, Apache Kafka and Go. Currently he is working in the IoT Area and leads the development of E.ON’s global IoT Platform to serve E.ON’s products. He is also an active open source contributor and enjoys fixing bugs & writing enhancements for upstream open source projects.

The Mono-repo – a contradiction with Microservices

Eficode

Using Go in DevOps

Eficode

Why Should You Be Thinking About DesignOps?

Eficode

A beginners guide to scaling DevOps

Eficode

From Zero to SAFe

Eficode

Bringing value to the business and for your customer through DevOps

Eficode

Andreas Prins Vice President Product Development – XebiaLabs Andreas Prins is Vice President of Product Development for XebiaLabs. Andreas brings real-world experience building and scaling teams to deliver mission-critical software applications. He has extensive experience as an Agile Transformation coach and as a former manager of DevOps team. At XebiaLabs he is responsible for product development and product management to build Enterprise DevOps solutions that enable the digital transformation of the customers.

Disconnected Pipelines: The Missing Link

Eficode

The Best & Worst Uses of AI in Software Testing

Eficode

Model-based programming and AI-assisted software development

Eficode

Sally Reade, Partner Manager, Puppet Puppet's State of DevOps report is the most comprehensive study in the field, making it a must-read for practitioners and technological leaders alike. Sally Reade distills key takeaways, including practical tips like "start with the practices that are closest to production; then address processes that happen earlier in the software delivery cycle." Why do C-suite have too rosy a view of DevOps on the ground?

2018 State Of DevOps Report Key Findings

Eficode

Mehr von Eficode (20)

Saving money with Consolidations

DevOps Automation with Puppet Bolt & Puppet Enterprise

Scaling DevOps: Pitfalls to avoid

Microservices, IoT, DevOps: A Case Study

Building a Knowledge Graph at Zalando

How to build the Cloud Native applications the way you want – not the way the...

The Future of Enterprise Applications is Serverless

Why Serverless is scary without DevSecOps and Observability

Securing Modern Applications: The Data Behind DevSecOps

Can I Contain This?

The Mono-repo – a contradiction with Microservices

Using Go in DevOps

Why Should You Be Thinking About DesignOps?

A beginners guide to scaling DevOps

From Zero to SAFe

Bringing value to the business and for your customer through DevOps

Disconnected Pipelines: The Missing Link

The Best & Worst Uses of AI in Software Testing

Model-based programming and AI-assisted software development

2018 State Of DevOps Report Key Findings

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Discover the innovative features and strategic vision that keep WSO2 an industry leader. Explore the exciting 2024 roadmap of WSO2 API management, showcasing innovations, unified APIM/APK control plane, natural language API interaction, and cloud native agility. Discover how open source solutions, microservices architecture, and cloud native technologies unlock seamless API management in today's dynamic landscapes. Leave with a clear blueprint to revolutionize your API journey and achieve industry success!

WSO2's API Vision: Unifying Control, Empowering Developers

WSO2

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

ICT role in 21st century education and its challenges

rafiqahmad00786416

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Kürzlich hochgeladen (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

WSO2's API Vision: Unifying Control, Empowering Developers

Artificial Intelligence Chap.5 : Uncertainty

Six Myths about Ontologies: The Basics of Formal Ontology

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

[BuildWithAI] Introduction to Gemini.pdf

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

ICT role in 21st century education and its challenges

MS Copilot expands with MS Graph connectors

Secure your Azure and DevOps in a smart way

1. Secure your Azure and DevOps in a smart way

2. Mitä kuuluu? I am Victoria Security girl at MS Find me at @texnokot or victoria.almazova@microsoft.com

3. 100:10:1

4. DevOps is the union of people, process, and technology to enable continuous delivery of value to your end users DevOps Monitor & learn Develop & TestPlan & Track Build & Release Continuous delivery

5. automation Why not to automate security then?

6. delivering the product Pre-commit Commit (CI) Acceptance (CD) Production Operations

7. Pre-commit stage ✘ Threat modeling ✘ IDE Security plugins ✘ Pre-commit hooks ✘ Secure coding standards ✘ Peer review Goal: ﬁx security from the ﬁrst line of a code

8. Commit stage ✘ Static code analysis ✘ Security unit tests ✘ Dependency management Goal: provide fast feedback to developers

9. Acceptance stage ✘ Infrastructure as Code ✘ Security scanning ✘ Cloud conﬁguration ✘ Security acceptance testing Goal: comprehensive check of the application and infrastructure

10. Production stage ✘ Security smoke tests ✘ Conﬁguration checks ✘ Penetration testing Goal: ensure that setup follows security traditions

11. Operations ✘ Continuous monitoring ✘ Threat intelligence ✘ Vulnerability assessment ✘ Blameless postmortems Goal: continuous security and lessons learned

12. We get DevSecOps Pre-commit ✘ Threat modeling ✘ IDE Security plugins ✘ Pre-commit hooks ✘ Secure coding standards ✘ Peer review Commit (CI) ✘ Static code analysis ✘ Security unit tests ✘ Dependency management Acceptance (CD) ✘ IaC ✘ Security scanning ✘ Cloud conﬁguration ✘ Security acceptance testing Production ✘ Security smoke tests ✘ Conﬁguration checks ✘ Penetration testing Operations ✘ Continuous monitoring ✘ Threat intelligence ✘ Penetration testing ✘ Blameless postmortems

13. Azure prod subsc Azure DevOps repository Azure DevOps pipelines Azure DevOps release VS Studio/Code Azure QA subsc Azure dev subsc develop master CI build CI build DevSkim, Puma scan, Coverity, Fortify Pre-commit hooks AzSK Secure DevOps Kit (AzSK), MS Azure Policy, Snyk, WhiteSource Bolt, Coverity, Fortify MS Azure Policy, Azure Management, Azure Monitor, Microsoft Azure Security Center

14. 14

15. Resources ✘ SANS poster: https://www.sans.org/security-resources/posters/secure-devops-toolchain-swat- checklist/60/download ✘ Azure security best practices: https://docs.microsoft.com/en-us/azure/security/security-best-practices-and- patterns ✘ Secure DevOps Kit for Azure: https://github.com/azsk/DevOpsKit-docs ✘ Azure DevOps Services: https://azure.microsoft.com/en-us/services/devops/ ✘ Azure applications design principles: https://docs.microsoft.com/en-us/azure/architecture/guide/design- principles/ ✘ WhiteSource Bolt extension for Azure DevOps Services: https://marketplace.visualstudio.com/items? itemName=whitesource.ws-bolt ✘ The OWASP Foundation: https://www.owasp.org/index.php/Main_Page ✘ And me ☺ at github: https://github.com/texnokot/ ✘ And of course twitter: https://twitter.com/texnokot

16. “

17. thanks! Any questions? You can ﬁnd me at @texnokot victoria.almazova@microsoft.com

Secure your Azure and DevOps in a smart way

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Secure your Azure and DevOps in a smart way

Ähnlich wie Secure your Azure and DevOps in a smart way (20)

Mehr von Eficode

Mehr von Eficode (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Secure your Azure and DevOps in a smart way