SlideShare ist ein Scribd-Unternehmen logo

DEVSECOPS.pptx

‱Als PPTX, PDF herunterladen‱
‱
M
MohammadSaif904342

DevSecOps (short for development, security, and operations) is a development practice that integrates security initiatives at every stage of the software development lifecycle to deliver robust and secure applications.

Ingenieurwesen
1 von 28
Devsecops development, security, and operations Here is where your presentation begins
TABLE OF CONTENTS 01 02 03 08 DevSecOps Case Study Breakdown/ Tools Analysis 07 Challenges and pitfalls 06 Tutorial 05 Overview
DevSecOps is a subset of DevOps that focuses on integrating security practices into the development and operations process, ensuring that software is not only delivered quickly but also securely. DevOps VS Devsecops DevOps is a methodology that aims to improve collaboration and communication between development and operations teams, leading to faster and more efficient software delivery.
“The benefits of the DevSecOps approach are numerous. By embedding security practices into the development process, organizations can identify and fix potential vulnerabilities early on, reducing the risk of a security breach
Due to lack of collaboration between the development, security, and operations teams. lack of integration resulted in a high number of security vulnerabilities in the applications significant amount of money was spent on fixing security vulnerabilities and responding to cyber attacks Case Study Slow development process Security vulnerabilities High costs XYZ Inc. is a software development company that specializes in creating custom applications for businesses in the finance industry. The company has been in operation for over 10 years and has a team of 30 developers, 5 security experts, and 10 operations specialists. Challenges they faced were,
To overcome these challenges, XYZ Inc. decided to implement DevSecOps practices in their development process. Continuous monitoring of their applications and infrastructure to reduce impact of cyberattacks and vulnerabilities Continuous monitoring Security considerations and reduced the risk of vulnerabilities Collaboration and integration This reduced the time and effort required for manual tasks, such as code reviews and testing Automation
The collaboration and integration between the development, security, and operations teams reduced the time required for the development process. The integration of security considerations into the development process reduced the number of vulnerabilities in the applications. Faster development Improved security The Implementation of DevSecOps Practices resulted in
BreakDown of the Tools Static application security testing (SAST). 02 Software composition analysis (SCA). 03 Interactive application security testing (IAST). 04 Dynamic application security testing (DAST) 01
Static application security testing (SAST). 01 SAST tools scan proprietary or custom code for coding errors and design flaws that could lead to exploitable weaknesses. SAST tools, such as CoverityÂź, are used primarily during the code, build, and development phases of the SDLC.
Software composition analysis (SCA). 02 SCA tools such as Black DuckÂź scan source code and binaries to identify known vulnerabilities in open-source and third-party components. In addition, they can be integrated seamlessly into a CI/CD process to continuously detect new open-source vulnerabilities, from build integration to preproduction release
Interactive application security testing (IAST). 03 IAST tools work in the background during manual or automated functional tests to analyze web application runtime behavior. For example, the SeekerÂź IAST tool uses instrumentation to observe application requests/responses. This enables developers to focus their time and effort on critical vulnerabilities.
Dynamic application security testing (DAST) 04 DAST is an automated opaque box testing technology that mimics how a hacker would interact with your web application or API. It tests applications over a network connection and by examining the client-side rendering of the application
Tools OVERVIEW Automation tools ‱Jenkins ‱Bamboo ‱Ansible ‱Puppet Security testing tools Monitoring Solution ● Burp Suite ● Nessus ● WebInspet ● Checkmarx ● New Relic ● Datadog ● Zabbix ● Nagios
Tutotrial On Implementation of DevSecOps 01 Identify the current development processes and tools in use, and assess their security capabilities.
Tutotrial On Implementation of DevSecOps 02 Engage with the development team to understand their needs and concerns regarding security. 03 Develop a security strategy that aligns with the development processes and tools, and integrates security controls at every stage of the development lifecycle. 04 Implement automated security testing tools, such as static analysis, dynamic analysis, and penetration testing, to identify and remediate security vulnerabilities in the code.
Tutotrial On Implementation of DevSecOps 05 Collaborate with the development team to integrate security testing into the continuous integration/continuous delivery (CI/CD) pipeline, ensuring that security is considered as part of the development process 06 Monitor and assess the effectiveness of the security controls, and provide feedback to the development team to improve security practices and reduce vulnerabilities. 07 Educate and train the development team on best practices for secure coding, and provide guidance on how to incorporate security into the development process.
Tutotrial On Implementation of DevSecOps 08 Regularly review and update the security strategy to ensure it remains aligned with the changing needs of the development environment. 09 Collaborate with security experts and other stakeholders to ensure that the security controls are effective and aligned with industry standards and best practices. 10 Continuously monitor the development environment for security incidents and vulnerabilities, and respond to them quickly and effectively.
‱ Planning ‱ Development ‱ CI Process Pipeline Of CI CI process in DevSecOps
‱ Planning ‱ Development ‱ CI Process Pipeline Of CI CI process in DevSecOps
Example of a Base64 practice Easy to use routines for you to generate these Base64 strings. Because the strings are plain text, you also can easily send them using simple text transmission services such as SMS text messages on a mobile phone.
Example of a Base64 practice Decoding the string back is just as easy:
In the above quote, the encoded value of Man is TWFu. Encoded in ASCII, the letters "M", "a", and "n" are stored as the bytes 77, 97, and 110, which are equivalent to "01001101", "01100001", and "01101110" in base-2. These three bytes are joined together in a 24-bit buffer producing the binary sequence "010011010110000101101110". Packs of 6 bits (6 bits have a maximum of 64 different binary values) are converted into 4 numbers (24 = 4 * 6 bits) which are then converted to their corresponding values in Base64 Because DID YOU KNOW why Base64 isn’t a powerful practice...?
A Jenkins end-to-end DevSecOps pipeline
Demo code of implementation of devSecops
Some open-source tools 02 Find Sec Bugs 01 03 Owasp Zap Sql Map
Future of DevSecOps:
Because companies these days are trying to shift towards the continious integratiuon / monitering, collaboration and automation and for that purpose the Devsecop Engineers are in very high demand throughout the world especially in USA Avg PayScale of DevSecOps in USA DID YOU KNOW...? $119k-$160k $115k-$171k $90k-$100k
CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. THANKS! Do you have any questions?

Empfohlen

Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 

Empfohlen

Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
abhimanyubhogwan
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
Archana Joshi
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Cheah Eng Soon
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
Opsta
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
Rubal Jain
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps Pipeline
Enov8
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOps
Anshulkichara3
 

Weitere Àhnliche Inhalte

Was ist angesagt?

The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
CloudPassage
 

Was ist angesagt? (20)

DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Integrating Security into DevOps
Integrating Security into DevOpsIntegrating Security into DevOps
Integrating Security into DevOps
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 

Ähnlich wie DEVSECOPS.pptx

Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
 
DevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docxDevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docx
Sun Technologies
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
Techugo
 
DevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and Delivery
Dev Software
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}
Ajeet Singh
 

Ähnlich wie DEVSECOPS.pptx (20)

DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps Pipeline
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOps
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secops
 
DevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docxDevSecOps - offpage blog final draft - 03.docx
DevSecOps - offpage blog final draft - 03.docx
 
DevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLCDevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLC
 
DevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdfDevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdf
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
 
Enterprise Devsecops
Enterprise DevsecopsEnterprise Devsecops
Enterprise Devsecops
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
 
The DevSecOps Advantage: A Comprehensive Guide
The DevSecOps Advantage: A Comprehensive Guide The DevSecOps Advantage: A Comprehensive Guide
The DevSecOps Advantage: A Comprehensive Guide
 
DevOps and Devsecops.pdf
DevOps and Devsecops.pdfDevOps and Devsecops.pdf
DevOps and Devsecops.pdf
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital LandscapeDevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital Landscape
 
DevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and DeliveryDevOps Security: How to Secure Your Software Development and Delivery
DevOps Security: How to Secure Your Software Development and Delivery
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}
 
Shift Left Save Resources DevSecOps and the CICD Pipeline
Shift Left Save Resources DevSecOps and the CICD PipelineShift Left Save Resources DevSecOps and the CICD Pipeline
Shift Left Save Resources DevSecOps and the CICD Pipeline
 
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptxHow DevSecOps Can Help You Deliver Software Faster and Safer.pptx
How DevSecOps Can Help You Deliver Software Faster and Safer.pptx
 

KĂŒrzlich hochgeladen

BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...
BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...
BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...
Call Girls Mumbai
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
mphochane1998
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
chumtiyababu
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
Kamal Acharya
 

KĂŒrzlich hochgeladen (20)

BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...
BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...
BhubaneswarđŸŒčCall Girls Bhubaneswar ❀Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best ServiceTamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
Tamil Call Girls Bhayandar WhatsApp +91-9930687706, Best Service
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
A Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna MunicipalityA Study of Urban Area Plan for Pabna Municipality
A Study of Urban Area Plan for Pabna Municipality
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Wadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptxWadi Rum luxhotel lodge Analysis case study.pptx
Wadi Rum luxhotel lodge Analysis case study.pptx
 
Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Verification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptxVerification of thevenin's theorem for BEEE Lab (1).pptx
Verification of thevenin's theorem for BEEE Lab (1).pptx
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 

DEVSECOPS.pptx

  • 1. Devsecops development, security, and operations Here is where your presentation begins
  • 2. TABLE OF CONTENTS 01 02 03 08 DevSecOps Case Study Breakdown/ Tools Analysis 07 Challenges and pitfalls 06 Tutorial 05 Overview
  • 3. DevSecOps is a subset of DevOps that focuses on integrating security practices into the development and operations process, ensuring that software is not only delivered quickly but also securely. DevOps VS Devsecops DevOps is a methodology that aims to improve collaboration and communication between development and operations teams, leading to faster and more efficient software delivery.
  • 4. “The benefits of the DevSecOps approach are numerous. By embedding security practices into the development process, organizations can identify and fix potential vulnerabilities early on, reducing the risk of a security breach
  • 5. Due to lack of collaboration between the development, security, and operations teams. lack of integration resulted in a high number of security vulnerabilities in the applications significant amount of money was spent on fixing security vulnerabilities and responding to cyber attacks Case Study Slow development process Security vulnerabilities High costs XYZ Inc. is a software development company that specializes in creating custom applications for businesses in the finance industry. The company has been in operation for over 10 years and has a team of 30 developers, 5 security experts, and 10 operations specialists. Challenges they faced were,
  • 6. To overcome these challenges, XYZ Inc. decided to implement DevSecOps practices in their development process. Continuous monitoring of their applications and infrastructure to reduce impact of cyberattacks and vulnerabilities Continuous monitoring Security considerations and reduced the risk of vulnerabilities Collaboration and integration This reduced the time and effort required for manual tasks, such as code reviews and testing Automation
  • 7. The collaboration and integration between the development, security, and operations teams reduced the time required for the development process. The integration of security considerations into the development process reduced the number of vulnerabilities in the applications. Faster development Improved security The Implementation of DevSecOps Practices resulted in
  • 8. BreakDown of the Tools Static application security testing (SAST). 02 Software composition analysis (SCA). 03 Interactive application security testing (IAST). 04 Dynamic application security testing (DAST) 01
  • 9. Static application security testing (SAST). 01 SAST tools scan proprietary or custom code for coding errors and design flaws that could lead to exploitable weaknesses. SAST tools, such as CoverityÂź, are used primarily during the code, build, and development phases of the SDLC.
  • 10. Software composition analysis (SCA). 02 SCA tools such as Black DuckÂź scan source code and binaries to identify known vulnerabilities in open-source and third-party components. In addition, they can be integrated seamlessly into a CI/CD process to continuously detect new open-source vulnerabilities, from build integration to preproduction release
  • 11. Interactive application security testing (IAST). 03 IAST tools work in the background during manual or automated functional tests to analyze web application runtime behavior. For example, the SeekerÂź IAST tool uses instrumentation to observe application requests/responses. This enables developers to focus their time and effort on critical vulnerabilities.
  • 12. Dynamic application security testing (DAST) 04 DAST is an automated opaque box testing technology that mimics how a hacker would interact with your web application or API. It tests applications over a network connection and by examining the client-side rendering of the application
  • 13. Tools OVERVIEW Automation tools ‱Jenkins ‱Bamboo ‱Ansible ‱Puppet Security testing tools Monitoring Solution ● Burp Suite ● Nessus ● WebInspet ● Checkmarx ● New Relic ● Datadog ● Zabbix ● Nagios
  • 14. Tutotrial On Implementation of DevSecOps 01 Identify the current development processes and tools in use, and assess their security capabilities.
  • 15. Tutotrial On Implementation of DevSecOps 02 Engage with the development team to understand their needs and concerns regarding security. 03 Develop a security strategy that aligns with the development processes and tools, and integrates security controls at every stage of the development lifecycle. 04 Implement automated security testing tools, such as static analysis, dynamic analysis, and penetration testing, to identify and remediate security vulnerabilities in the code.
  • 16. Tutotrial On Implementation of DevSecOps 05 Collaborate with the development team to integrate security testing into the continuous integration/continuous delivery (CI/CD) pipeline, ensuring that security is considered as part of the development process 06 Monitor and assess the effectiveness of the security controls, and provide feedback to the development team to improve security practices and reduce vulnerabilities. 07 Educate and train the development team on best practices for secure coding, and provide guidance on how to incorporate security into the development process.
  • 17. Tutotrial On Implementation of DevSecOps 08 Regularly review and update the security strategy to ensure it remains aligned with the changing needs of the development environment. 09 Collaborate with security experts and other stakeholders to ensure that the security controls are effective and aligned with industry standards and best practices. 10 Continuously monitor the development environment for security incidents and vulnerabilities, and respond to them quickly and effectively.
  • 18. ‱ Planning ‱ Development ‱ CI Process Pipeline Of CI CI process in DevSecOps
  • 19. ‱ Planning ‱ Development ‱ CI Process Pipeline Of CI CI process in DevSecOps
  • 20. Example of a Base64 practice Easy to use routines for you to generate these Base64 strings. Because the strings are plain text, you also can easily send them using simple text transmission services such as SMS text messages on a mobile phone.
  • 21. Example of a Base64 practice Decoding the string back is just as easy:
  • 22. In the above quote, the encoded value of Man is TWFu. Encoded in ASCII, the letters "M", "a", and "n" are stored as the bytes 77, 97, and 110, which are equivalent to "01001101", "01100001", and "01101110" in base-2. These three bytes are joined together in a 24-bit buffer producing the binary sequence "010011010110000101101110". Packs of 6 bits (6 bits have a maximum of 64 different binary values) are converted into 4 numbers (24 = 4 * 6 bits) which are then converted to their corresponding values in Base64 Because DID YOU KNOW why Base64 isn’t a powerful practice...?
  • 23. A Jenkins end-to-end DevSecOps pipeline
  • 24. Demo code of implementation of devSecops
  • 25. Some open-source tools 02 Find Sec Bugs 01 03 Owasp Zap Sql Map
  • 27. Because companies these days are trying to shift towards the continious integratiuon / monitering, collaboration and automation and for that purpose the Devsecop Engineers are in very high demand throughout the world especially in USA Avg PayScale of DevSecOps in USA DID YOU KNOW...? $119k-$160k $115k-$171k $90k-$100k
  • 28. CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. THANKS! Do you have any questions?