SlideShare ist ein Scribd-Unternehmen logo

DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in DevSecOps

DevSecCon
DevSecCon

Ofir Azoulay-Rozanes Senior Product Manager at JFrog

Technologie
1 von 39
Downloaden Sie, um offline zu lesen
Seattle | September 16-17, 2019 Liquid Software as the Security solution for DevSecOps delivery OFIR AZOULAY-ROZANES
Seattle | September 16-17, 2019 Have you been there? • Identified a vulnerability in your product and it took you a long time to test before delivering to customers? • Customers are pressing to have a fix but you don’t want to risk them with an unstable version? • You have provided a patch that included not only the vulnerability fix but also other fixes – making the patch much bigger? • And then it took the customer ages to deploy – waiting for a change window? • And then you found a bug at your patch that required another one?
Seattle | September 16-17, 2019 Whoami • JFrog – Artifactory, Bintray, Jcenter, GoCenter • PM for Xray • Insta – ofiraz • #LiquidSoftware • www.liquidsoftware.com
Seattle | September 16-17, 2019
Seattle | September 16-17, 2019 Whoami 2 • Started learning to code in the mid 80s (Basic, Fortran, Pascal, Cobol) • Joined the work force at the beginning of the 90s (PowerBuilder) • Unix Admin • C (Linux Kernel) and C++ developer, team and group manager • Using Open Source • 2009 joined the Cyber Securiry industry • Product Manager in Cyber companies (Imperva, Exabeam) • @JFrog - Product Manager for Xray
Seattle | September 16-17, 2019 The 3 phases in the life cycle of a vulnerability • Identifying • Fixing • Getting the fix to customers
Seattle | September 16-17, 2019 Identifying the vulnerability • SAST • DAST • IAST • SCA • Runtime • …
Seattle | September 16-17, 2019 Fixing the vulnerability • Fixing our code • Updating 3rd party/OSS
Seattle | September 16-17, 2019 Fixing and testing can take time • Updating a dependency can break your code • How many of you are updating their libraries/dependencies that often? • If it works don’t touch it • Long testing cycle • To make sure nothing breaks
Seattle | September 16-17, 2019 And then starts the journey of getting the fix to customers…
Seattle | September 16-17, 2019 Customers do not trust your patches • How many of you witnessed a bug in prod that was not identified in • In house testing? • Beta testing? • Acceptance testing at a customer? • My DB2 story
Seattle | September 16-17, 2019 Big patches with too many changes • Facetime vulnerability in iPhone • Why did it took so much time to get released? • Why was it released only as part of a bigger patch? • Windows Service Packs • And then there is the issue of downloading big patches • For IoT devices with low bandwidth
@jfrog #LiquidSoftware www.liquidsoftware.com
Seattle | September 16-17, 2019 Sometimes the customer need to be proactive to find that there is a patch available • How many of you updated their router FW/SW?
Seattle | September 16-17, 2019 Patches require downtime • Need to wait for a change window • Can take a long time to get there in an enterprise • Virtual patching…
Seattle | September 16-17, 2019 Testing in pre-prod can take days/weeks/months
Seattle | September 16-17, 2019 Not using the latest patch • Because of the fear it will break • Keep on being vulnerable • NHS WannaCry – using Windows XP in 2018
Do we want it? Let’s update! Are there any high risks? Can we verify the update? How about no Do we trust the update? Update available No Yes Yes Yes Yes NoNoNo Time consuming verification
Features that we want Acceptance tests costs
Seattle | September 16-17, 2019 So what is the solution?
Seattle | September 16-17, 2019 Liquid Software - Continuous updates
Seattle | September 16-17, 2019 What is it? • Constantly update your prod env with small chunks • Software updates like water - constantly flowing • A vision, as well as a mindset shift • Not everything is baked • How can we get there? Some ideas/thoughts in the next slides • Only DevSecOps can make the revolution
Seattle | September 16-17, 2019 Already being done today • Elite teams are doing it – especially in the SaaS environment • Not all SaaS solutions are there • And for non-SaaS solutions • We don’t have control on the machines in which our SW runs • Servers, mobile devices, IoT, etc
Seattle | September 16-17, 2019 Continuous updates pattern - Frequent Updates • Problems • Seldom deployments generate anxiety and stress, leading to errors • In batch updates important features wait for non-important features • Batch updates are large in size • The solution - update frequently in small chunks
Seattle | September 16-17, 2019 Continuous updates pattern - Canary Releases • The problem • Releasing a patch with a bug affects ALL users • The solution • Release to a small number of users • Such that we have visibility into their environment
Seattle | September 16-17, 2019 Continuous updates pattern – Observability • The problem • Some problems are hard to trace relying on user feedback only • The solution • Implement tracing, monitoring and logging to identify problems
Seattle | September 16-17, 2019 Continuous updates pattern - Local rollback • The problem • Updates can fail • The solution • Have a previous version saved on the device prior to update • Rollback automatically in the case of a problem • Dynamic DB formats (NoSQL) to support going back while keeping the data • Parallel systems in critical cases
Seattle | September 16-17, 2019 Continuous updates pattern - Zero Downtime Updates • The problem • Some systems cannot be brought down • The solution • Upgrade the SW in phases • Rolling updates of DB content based on the new DB schema
Seattle | September 16-17, 2019 Continuous updates pattern – Automate Everything • Eliminate any chance of human errors • Automatic testing and Security scanning as a gate
Seattle | September 16-17, 2019 Other patterns/thoughts • Automatic updates – not asking the customer for approval • Mindset change all way long - think of the need to support upgrade/rollback/zero downtime when developing the feature • Constantly update to newer versions of third party internally • Use wrapper APIs
Seattle | September 16-17, 2019 Other patterns/thoughts • Updating libs to end targets • Automating acceptance tests on the customer side • Collect back info from deployments to improve testing • Collect meta data on the processes done • AI to identify problems, to help in the go-no-go decisions
Do we want it? Let’s update! Are there any high risks? Do we trust the update? Update available No Yes Yes Yes Sure, why not? (auto update)
@jfrog #LiquidSoftware www.liquidsoftware.com
Seattle | September 16-17, 2019 Thank you!

Empfohlen

DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon
 
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywhereNordic APIs
 
Your API Strategy: Why Boring is Best
Your API Strategy: Why Boring is BestYour API Strategy: Why Boring is Best
Your API Strategy: Why Boring is BestNordic APIs
 
Is There An API In That (IoT)?
Is There An API In That (IoT)?Is There An API In That (IoT)?
Is There An API In That (IoT)?ProgrammableWeb
 
Security Is a Concern, Let’s Make It an Enabler
Security Is a Concern, Let’s Make It an EnablerSecurity Is a Concern, Let’s Make It an Enabler
Security Is a Concern, Let’s Make It an EnablerNordic APIs
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Nordic APIs
 

Empfohlen

DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon
 
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon
 
Pain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywherePain Points In API Development? They’re Everywhere
Pain Points In API Development? They’re EverywhereNordic APIs
 
Your API Strategy: Why Boring is Best
Your API Strategy: Why Boring is BestYour API Strategy: Why Boring is Best
Your API Strategy: Why Boring is BestNordic APIs
 
Is There An API In That (IoT)?
Is There An API In That (IoT)?Is There An API In That (IoT)?
Is There An API In That (IoT)?ProgrammableWeb
 
Security Is a Concern, Let’s Make It an Enabler
Security Is a Concern, Let’s Make It an EnablerSecurity Is a Concern, Let’s Make It an Enabler
Security Is a Concern, Let’s Make It an EnablerNordic APIs
 
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Lessons Learned from Building Enterprise APIs (Gustaf Nyman)
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Nordic APIs
 
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays
 
Pure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsPure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsJosé Haro Peralta
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Nordic APIs
 
Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Alianna Inzana
 
Real world IoT for enterprises
Real world IoT for enterprisesReal world IoT for enterprises
Real world IoT for enterprisesIndicThreads
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?Nordic APIs
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?CA API Management
 
apidays LIVE London 2021 - API design is where culture and tech meet each oth...
apidays LIVE London 2021 - API design is where culture and tech meet each oth...apidays LIVE London 2021 - API design is where culture and tech meet each oth...
apidays LIVE London 2021 - API design is where culture and tech meet each oth...apidays
 
Api clarity webinar
Api clarity webinarApi clarity webinar
Api clarity webinarLibbySchulze
 
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon
 
New Enterprisre Capabilities in Telerik Platform
New Enterprisre Capabilities in Telerik PlatformNew Enterprisre Capabilities in Telerik Platform
New Enterprisre Capabilities in Telerik PlatformLohith Goudagere Nagaraj
 
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon
 
Open Source And the Internet Of Things
Open Source And the Internet Of ThingsOpen Source And the Internet Of Things
Open Source And the Internet Of ThingsProgrammableWeb
 
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , KongAPIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kongapidays
 
I Love APIs 2015: Apigee and Node.js Building Mock Backends Fast
I Love APIs 2015: Apigee and Node.js Building Mock Backends FastI Love APIs 2015: Apigee and Node.js Building Mock Backends Fast
I Love APIs 2015: Apigee and Node.js Building Mock Backends FastApigee | Google Cloud
 
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...APIdays Paris 2018 - A little less conversation, a little more action, Alain ...
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...apidays
 
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...apidays
 
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...apidays
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...Nordic APIs
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
0626 2014 01_toronto-smac meetup_io_t
0626 2014 01_toronto-smac meetup_io_t0626 2014 01_toronto-smac meetup_io_t
0626 2014 01_toronto-smac meetup_io_tRaul Chong
 

Weitere ähnliche Inhalte

Was ist angesagt?

apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays
 
Pure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsPure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsJosé Haro Peralta
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Nordic APIs
 
Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Alianna Inzana
 
Real world IoT for enterprises
Real world IoT for enterprisesReal world IoT for enterprises
Real world IoT for enterprisesIndicThreads
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?Nordic APIs
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?CA API Management
 
apidays LIVE London 2021 - API design is where culture and tech meet each oth...
apidays LIVE London 2021 - API design is where culture and tech meet each oth...apidays LIVE London 2021 - API design is where culture and tech meet each oth...
apidays LIVE London 2021 - API design is where culture and tech meet each oth...apidays
 
Api clarity webinar
Api clarity webinarApi clarity webinar
Api clarity webinarLibbySchulze
 
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon
 
New Enterprisre Capabilities in Telerik Platform
New Enterprisre Capabilities in Telerik PlatformNew Enterprisre Capabilities in Telerik Platform
New Enterprisre Capabilities in Telerik PlatformLohith Goudagere Nagaraj
 
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon
 
Open Source And the Internet Of Things
Open Source And the Internet Of ThingsOpen Source And the Internet Of Things
Open Source And the Internet Of ThingsProgrammableWeb
 
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , KongAPIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kongapidays
 
I Love APIs 2015: Apigee and Node.js Building Mock Backends Fast
I Love APIs 2015: Apigee and Node.js Building Mock Backends FastI Love APIs 2015: Apigee and Node.js Building Mock Backends Fast
I Love APIs 2015: Apigee and Node.js Building Mock Backends FastApigee | Google Cloud
 
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...APIdays Paris 2018 - A little less conversation, a little more action, Alain ...
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...apidays
 
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...apidays
 
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...apidays
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...Michael Kuehne-Schlinkert
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...Nordic APIs
 

Was ist angesagt? (20)

apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMGapidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
apidays LIVE New York 2021 - Service API design validation by Uchit Vyas, KPMG
 
Pure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrationsPure APIs: Development workflows for successful API integrations
Pure APIs: Development workflows for successful API integrations
 
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
Distributed Digital Manufacturing – How APIs are Powering the Next Industrial...
 
Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020Contract {Collaboration} Driven Development - APIdays Interface 2020
Contract {Collaboration} Driven Development - APIdays Interface 2020
 
Real world IoT for enterprises
Real world IoT for enterprisesReal world IoT for enterprises
Real world IoT for enterprises
 
API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?API Products: Who, What, Where, When, Why, and How?
API Products: Who, What, Where, When, Why, and How?
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?
 
apidays LIVE London 2021 - API design is where culture and tech meet each oth...
apidays LIVE London 2021 - API design is where culture and tech meet each oth...apidays LIVE London 2021 - API design is where culture and tech meet each oth...
apidays LIVE London 2021 - API design is where culture and tech meet each oth...
 
Api clarity webinar
Api clarity webinarApi clarity webinar
Api clarity webinar
 
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
 
New Enterprisre Capabilities in Telerik Platform
New Enterprisre Capabilities in Telerik PlatformNew Enterprisre Capabilities in Telerik Platform
New Enterprisre Capabilities in Telerik Platform
 
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
 
Open Source And the Internet Of Things
Open Source And the Internet Of ThingsOpen Source And the Internet Of Things
Open Source And the Internet Of Things
 
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , KongAPIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
 
I Love APIs 2015: Apigee and Node.js Building Mock Backends Fast
I Love APIs 2015: Apigee and Node.js Building Mock Backends FastI Love APIs 2015: Apigee and Node.js Building Mock Backends Fast
I Love APIs 2015: Apigee and Node.js Building Mock Backends Fast
 
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...APIdays Paris 2018 - A little less conversation, a little more action, Alain ...
APIdays Paris 2018 - A little less conversation, a little more action, Alain ...
 
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...
apidays LIVE London 2021 - Moving from a Product as API to API as a Product b...
 
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...
apidays LIVE London 2021 - API Horror Stories from an Unnamed Coworking Compa...
 
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
TDD for APIs in a Microservice World (Short Version) by Michael Kuehne-Schlin...
 
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
The Magic Behind Faster API Development, Testing and Delivery with API Virtua...
 

Ähnlich wie DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in DevSecOps

Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
0626 2014 01_toronto-smac meetup_io_t
0626 2014 01_toronto-smac meetup_io_t0626 2014 01_toronto-smac meetup_io_t
0626 2014 01_toronto-smac meetup_io_tRaul Chong
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinMatt Tesauro
 
Building Networked Apps
Building Networked AppsBuilding Networked Apps
Building Networked AppsSean Meador
 
6 ways DevOps helped PrepSportswear move from monolith to microservices
6 ways DevOps helped PrepSportswear move from monolith to microservices6 ways DevOps helped PrepSportswear move from monolith to microservices
6 ways DevOps helped PrepSportswear move from monolith to microservicesDynatrace
 
A call to JS Developers - Let’s stop trying to impress each other and start b...
A call to JS Developers - Let’s stop trying to impress each other and start b...A call to JS Developers - Let’s stop trying to impress each other and start b...
A call to JS Developers - Let’s stop trying to impress each other and start b...Christian Heilmann
 
Verification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationVerification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationRogue Wave Software
 
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as CodeConfoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as CodeSteve Mercier
 
iPad Development Slides #ilta12
iPad Development Slides #ilta12iPad Development Slides #ilta12
iPad Development Slides #ilta12Ike Ellis
 
7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaSFrederik Denkens
 
Bootstrap SaaS startup using Open Source Tools
Bootstrap SaaS startup using Open Source ToolsBootstrap SaaS startup using Open Source Tools
Bootstrap SaaS startup using Open Source Toolsbotsplash.com
 
So many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS providerSo many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS providerSirris
 
QCon'17 talk: CI/CD at scale - lessons from LinkedIn and Mockito
QCon'17 talk: CI/CD at scale - lessons from LinkedIn and MockitoQCon'17 talk: CI/CD at scale - lessons from LinkedIn and Mockito
QCon'17 talk: CI/CD at scale - lessons from LinkedIn and MockitoSzczepan Faber
 
Why Do Mobile Projects Fail?
Why Do Mobile Projects Fail?Why Do Mobile Projects Fail?
Why Do Mobile Projects Fail?Indiginox
 
Scribe online 01 best practices for sol performance
Scribe online 01 best practices for sol performanceScribe online 01 best practices for sol performance
Scribe online 01 best practices for sol performanceScribe Software Corp.
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems
 
Les nouveautés ASP.NET 5 avec Visual Studio 2015
Les nouveautés ASP.NET 5 avec Visual Studio 2015Les nouveautés ASP.NET 5 avec Visual Studio 2015
Les nouveautés ASP.NET 5 avec Visual Studio 2015MSDEVMTL
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningSTePINForum
 
From Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtFrom Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtTechWell
 

Ähnlich wie DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in DevSecOps (20)

Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
0626 2014 01_toronto-smac meetup_io_t
0626 2014 01_toronto-smac meetup_io_t0626 2014 01_toronto-smac meetup_io_t
0626 2014 01_toronto-smac meetup_io_t
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
 
Building Networked Apps
Building Networked AppsBuilding Networked Apps
Building Networked Apps
 
6 ways DevOps helped PrepSportswear move from monolith to microservices
6 ways DevOps helped PrepSportswear move from monolith to microservices6 ways DevOps helped PrepSportswear move from monolith to microservices
6 ways DevOps helped PrepSportswear move from monolith to microservices
 
A call to JS Developers - Let’s stop trying to impress each other and start b...
A call to JS Developers - Let’s stop trying to impress each other and start b...A call to JS Developers - Let’s stop trying to impress each other and start b...
A call to JS Developers - Let’s stop trying to impress each other and start b...
 
Verification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationVerification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integration
 
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as CodeConfoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
Confoo-Montreal-2016: Controlling Your Environments using Infrastructure as Code
 
iPad Development Slides #ilta12
iPad Development Slides #ilta12iPad Development Slides #ilta12
iPad Development Slides #ilta12
 
7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS
 
Automation and Technical Debt
Automation and Technical DebtAutomation and Technical Debt
Automation and Technical Debt
 
Bootstrap SaaS startup using Open Source Tools
Bootstrap SaaS startup using Open Source ToolsBootstrap SaaS startup using Open Source Tools
Bootstrap SaaS startup using Open Source Tools
 
So many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS providerSo many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS provider
 
QCon'17 talk: CI/CD at scale - lessons from LinkedIn and Mockito
QCon'17 talk: CI/CD at scale - lessons from LinkedIn and MockitoQCon'17 talk: CI/CD at scale - lessons from LinkedIn and Mockito
QCon'17 talk: CI/CD at scale - lessons from LinkedIn and Mockito
 
Why Do Mobile Projects Fail?
Why Do Mobile Projects Fail?Why Do Mobile Projects Fail?
Why Do Mobile Projects Fail?
 
Scribe online 01 best practices for sol performance
Scribe online 01 best practices for sol performanceScribe online 01 best practices for sol performance
Scribe online 01 best practices for sol performance
 
DevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a StartupDevOps for Enterprise Systems : Innovate like a Startup
DevOps for Enterprise Systems : Innovate like a Startup
 
Les nouveautés ASP.NET 5 avec Visual Studio 2015
Les nouveautés ASP.NET 5 avec Visual Studio 2015Les nouveautés ASP.NET 5 avec Visual Studio 2015
Les nouveautés ASP.NET 5 avec Visual Studio 2015
 
Code to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine LearningCode to Release using Artificial Intelligence and Machine Learning
Code to Release using Artificial Intelligence and Machine Learning
 
From Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical DebtFrom Monoliths to Services: Paying Your Technical Debt
From Monoliths to Services: Paying Your Technical Debt
 

Mehr von DevSecCon

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon
 
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon
 
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon
 
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon
 
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon
 
DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon
 

Mehr von DevSecCon (20)

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heel
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOps
 
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
 
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
 
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
 
DevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless worldDevSecCon London 2018: Security in the serverless world
DevSecCon London 2018: Security in the serverless world
 
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
DevSecCon London 2018: Enabling shift-left for 12k banking developers from sc...
 
DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?
 

Kürzlich hochgeladen

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 

Kürzlich hochgeladen (20)

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...React JS; all concepts. Contains React Features, JSX, functional & Class comp...
React JS; all concepts. Contains React Features, JSX, functional & Class comp...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 

DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in DevSecOps

  • 1. Seattle | September 16-17, 2019 Liquid Software as the Security solution for DevSecOps delivery OFIR AZOULAY-ROZANES
  • 2. Seattle | September 16-17, 2019 Have you been there? • Identified a vulnerability in your product and it took you a long time to test before delivering to customers? • Customers are pressing to have a fix but you don’t want to risk them with an unstable version? • You have provided a patch that included not only the vulnerability fix but also other fixes – making the patch much bigger? • And then it took the customer ages to deploy – waiting for a change window? • And then you found a bug at your patch that required another one?
  • 3. Seattle | September 16-17, 2019 Whoami • JFrog – Artifactory, Bintray, Jcenter, GoCenter • PM for Xray • Insta – ofiraz • #LiquidSoftware • www.liquidsoftware.com
  • 4. Seattle | September 16-17, 2019
  • 5. Seattle | September 16-17, 2019 Whoami 2 • Started learning to code in the mid 80s (Basic, Fortran, Pascal, Cobol) • Joined the work force at the beginning of the 90s (PowerBuilder) • Unix Admin • C (Linux Kernel) and C++ developer, team and group manager • Using Open Source • 2009 joined the Cyber Securiry industry • Product Manager in Cyber companies (Imperva, Exabeam) • @JFrog - Product Manager for Xray
  • 6. Seattle | September 16-17, 2019 The 3 phases in the life cycle of a vulnerability • Identifying • Fixing • Getting the fix to customers
  • 7. Seattle | September 16-17, 2019 Identifying the vulnerability • SAST • DAST • IAST • SCA • Runtime • …
  • 8. Seattle | September 16-17, 2019 Fixing the vulnerability • Fixing our code • Updating 3rd party/OSS
  • 9. Seattle | September 16-17, 2019 Fixing and testing can take time • Updating a dependency can break your code • How many of you are updating their libraries/dependencies that often? • If it works don’t touch it • Long testing cycle • To make sure nothing breaks
  • 10.
  • 11.
  • 12.
  • 13. Seattle | September 16-17, 2019 And then starts the journey of getting the fix to customers…
  • 14. Seattle | September 16-17, 2019 Customers do not trust your patches • How many of you witnessed a bug in prod that was not identified in • In house testing? • Beta testing? • Acceptance testing at a customer? • My DB2 story
  • 15. Seattle | September 16-17, 2019 Big patches with too many changes • Facetime vulnerability in iPhone • Why did it took so much time to get released? • Why was it released only as part of a bigger patch? • Windows Service Packs • And then there is the issue of downloading big patches • For IoT devices with low bandwidth
  • 17. Seattle | September 16-17, 2019 Sometimes the customer need to be proactive to find that there is a patch available • How many of you updated their router FW/SW?
  • 18. Seattle | September 16-17, 2019 Patches require downtime • Need to wait for a change window • Can take a long time to get there in an enterprise • Virtual patching…
  • 19. Seattle | September 16-17, 2019 Testing in pre-prod can take days/weeks/months
  • 20. Seattle | September 16-17, 2019 Not using the latest patch • Because of the fear it will break • Keep on being vulnerable • NHS WannaCry – using Windows XP in 2018
  • 21. Do we want it? Let’s update! Are there any high risks? Can we verify the update? How about no Do we trust the update? Update available No Yes Yes Yes Yes NoNoNo Time consuming verification
  • 22.
  • 24. Seattle | September 16-17, 2019 So what is the solution?
  • 25. Seattle | September 16-17, 2019 Liquid Software - Continuous updates
  • 26. Seattle | September 16-17, 2019 What is it? • Constantly update your prod env with small chunks • Software updates like water - constantly flowing • A vision, as well as a mindset shift • Not everything is baked • How can we get there? Some ideas/thoughts in the next slides • Only DevSecOps can make the revolution
  • 27.
  • 28. Seattle | September 16-17, 2019 Already being done today • Elite teams are doing it – especially in the SaaS environment • Not all SaaS solutions are there • And for non-SaaS solutions • We don’t have control on the machines in which our SW runs • Servers, mobile devices, IoT, etc
  • 29. Seattle | September 16-17, 2019 Continuous updates pattern - Frequent Updates • Problems • Seldom deployments generate anxiety and stress, leading to errors • In batch updates important features wait for non-important features • Batch updates are large in size • The solution - update frequently in small chunks
  • 30. Seattle | September 16-17, 2019 Continuous updates pattern - Canary Releases • The problem • Releasing a patch with a bug affects ALL users • The solution • Release to a small number of users • Such that we have visibility into their environment
  • 31. Seattle | September 16-17, 2019 Continuous updates pattern – Observability • The problem • Some problems are hard to trace relying on user feedback only • The solution • Implement tracing, monitoring and logging to identify problems
  • 32. Seattle | September 16-17, 2019 Continuous updates pattern - Local rollback • The problem • Updates can fail • The solution • Have a previous version saved on the device prior to update • Rollback automatically in the case of a problem • Dynamic DB formats (NoSQL) to support going back while keeping the data • Parallel systems in critical cases
  • 33. Seattle | September 16-17, 2019 Continuous updates pattern - Zero Downtime Updates • The problem • Some systems cannot be brought down • The solution • Upgrade the SW in phases • Rolling updates of DB content based on the new DB schema
  • 34. Seattle | September 16-17, 2019 Continuous updates pattern – Automate Everything • Eliminate any chance of human errors • Automatic testing and Security scanning as a gate
  • 35. Seattle | September 16-17, 2019 Other patterns/thoughts • Automatic updates – not asking the customer for approval • Mindset change all way long - think of the need to support upgrade/rollback/zero downtime when developing the feature • Constantly update to newer versions of third party internally • Use wrapper APIs
  • 36. Seattle | September 16-17, 2019 Other patterns/thoughts • Updating libs to end targets • Automating acceptance tests on the customer side • Collect back info from deployments to improve testing • Collect meta data on the processes done • AI to identify problems, to help in the go-no-go decisions
  • 37. Do we want it? Let’s update! Are there any high risks? Do we trust the update? Update available No Yes Yes Yes Sure, why not? (auto update)
  • 39. Seattle | September 16-17, 2019 Thank you!