DevSecOps March 2018 - Extract

•Download as PPTX, PDF•

0 likes•58 views

M

Elements to consider for practicing DevSecOps.

Dev Workstation Build Server
Centralize Report (Vulnerability Management) Server
SCM
Static Code Analysis
(SAST)
Dynamic Testing
(DAST)
Interactive Testing
(IAST)
Open Source Component Security
Manual Penetration Testing – Out of Band
Scope: Application and Network layer – White/Black box
Defect
Management
AUTOMATION
INTEGRATION POINTS
SECURITYASSURANCEMODEL
Legend
Black Box: Development Stack
Blue Box: Automation - Integration
Red Box: Security Tools and Controls
Infrastructure Scanning

More Related Content

More from Michael Man

DevSecOps Manchester - May 2019

DevSecOps Manchester - May 2019

DevSecOps Manchester - May 2019

Chris Rutter: Avoiding The Security Brick

Chris Rutter: Avoiding The Security Brick

Chris Rutter: Avoiding The Security Brick

Extract: DevSecOps - London Gathering (March 2019)

Extract: DevSecOps - London Gathering (March 2019)

Extract: DevSecOps - London Gathering (March 2019)

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Rolling slides to kick of the event. *** Description of the main talk *** Threat Modelling can be a laborious and time-consuming exercise, which is not a happy marriage with CI and DevOps methodologies. In this talk, I shall outline my Rapid Threat Model Prototyping paradigm, which I have successfully been using both at Visa and Photobox. My method enables automation and inclusion into fast-moving development cycles and is well-suited for today's IT environments.

August 2018: DevSecOps - London Gathering

August 2018: DevSecOps - London Gathering

August 2018: DevSecOps - London Gathering

DevSecOps - London Gathering : June 2018

DevSecOps - London Gathering : June 2018

DevSecOps - London Gathering : June 2018

Information Security departments often view containers as challenging to manage (code moves too fast for risk analysis, thousands of containers with limited visibility or control). Government organizations such as NIST have come out with guidelines for Application Container Security, while serverless technologies such as Azure Container Instances or AWS Fargate create additional challenges regarding how security risks are managed.

Continuous Security: From tins to containers - now what!

Continuous Security: From tins to containers - now what!

Continuous Security: From tins to containers - now what!

The mechanics behind how attackers exploit simple programming mistakes ...

The mechanics behind how attackers exploit simple programming mistakes ...

The mechanics behind how attackers exploit simple programming mistakes ...

Secret Management Journey - In the beginning there was a file and it contained all the passwords in the plain text, but then someone stole all the passwords, so we don't do that anymore. In this talk I will explore how secret management has evolved over the years, what is the common path to maturity, what good looks like and why "Just use HashiCorp Vault" is a good heuristic. Explore with me the perils of storing secrets in Jenkins, how ansible-vault leads to disasters and where does CyberArk Conjur sit in all of this.

Secret Management Journey - Here Be Dragons aka Secret Dragons

Secret Management Journey - Here Be Dragons aka Secret Dragons

Secret Management Journey - Here Be Dragons aka Secret Dragons

DevSecOps The Evolution of DevOps

DevSecOps The Evolution of DevOps

DevSecOps The Evolution of DevOps

Dynaminet -DevSecOps

Dynaminet -DevSecOps

Dynaminet -DevSecOps

DevSecOps: Test Automation

DevSecOps: Test Automation

DevSecOps: Test Automation

Project management experience security in agile 1309

Project management experience security in agile 1309

Project management experience security in agile 1309

More from Michael Man (15)

DevSecOps Manchester - May 2019

DevSecOps Manchester - May 2019

DevSecOps Manchester - May 2019

Chris Rutter: Avoiding The Security Brick

Chris Rutter: Avoiding The Security Brick

Chris Rutter: Avoiding The Security Brick

Extract: DevSecOps - London Gathering (March 2019)

Extract: DevSecOps - London Gathering (March 2019)

Extract: DevSecOps - London Gathering (March 2019)

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...

August 2018: DevSecOps - London Gathering

August 2018: DevSecOps - London Gathering

August 2018: DevSecOps - London Gathering

DevSecOps - London Gathering : June 2018

DevSecOps - London Gathering : June 2018

DevSecOps - London Gathering : June 2018

Continuous Security: From tins to containers - now what!

Continuous Security: From tins to containers - now what!

Continuous Security: From tins to containers - now what!

The mechanics behind how attackers exploit simple programming mistakes ...

The mechanics behind how attackers exploit simple programming mistakes ...

The mechanics behind how attackers exploit simple programming mistakes ...

Secret Management Journey - Here Be Dragons aka Secret Dragons

Secret Management Journey - Here Be Dragons aka Secret Dragons

Secret Management Journey - Here Be Dragons aka Secret Dragons

DevSecOps The Evolution of DevOps

DevSecOps The Evolution of DevOps

DevSecOps The Evolution of DevOps

Dynaminet -DevSecOps

Dynaminet -DevSecOps

Dynaminet -DevSecOps

DevSecOps: Test Automation

DevSecOps: Test Automation

DevSecOps: Test Automation

Project management experience security in agile 1309

Project management experience security in agile 1309

Project management experience security in agile 1309

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Automating Google Workspace (GWS) & more with Apps Script

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

🐬 The future of MySQL is Postgres 🐘

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

GenCyber Cyber Security Day Presentation

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

What Are The Drone Anti-jamming Systems Technology?

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Year of the Servo Reboot: Where Are We Now?

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

A Domino Admins Adventures (Engage 2024)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Axa Assurance Maroc - Insurer Innovation Award 2024

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

Driving Behavioral Change for Information Management through Data-Driven Gree...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Handwritten Text Recognition for manuscripts and early printed texts

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

DevSecOps March 2018 - Extract

1. Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Legend Black Box: Development Stack Blue Box: Automation - Integration Red Box: Security Tools and Controls Infrastructure Scanning