SlideShare a Scribd company logo

ContinuousSecurity, Beyond Automation.pdf

Neelu Tripathy
Neelu Tripathy

This was a talk given by me at Cashfree. Focussed towards development teams, it talks about what each one of us can do to build a secure product. Here we discuss about how to make security everyone's responsibility

Technology
1 of 25
NEELU TRIPATHY NEELU TRIPATHY CONTINUOUS SECURITY: BEYOND AUTOMATION Continuous Security: Beyond Automation
NEELU TRIPATHY Work Conferences Contact Interests & Certifications § Security Practice Lead, Thoughtworks India § 13+ years of InfoSec experience § Establishing Security practices for client facing product development § Speaker/Trainer: c0c0n, BlackHat, BSidesDelhi, NSRCEL IIMB; Villages at Nullcon, DefCon, rootconf § Organizer: SecConf, Thoughtworks § Review Board: NullCon, bSides SGP, CySEK Karnataka § DevSecOps, Continuous Security, Vulnerability Assessments, Pentesting for Web & Networks, Red Teaming, Social Engineering, Threat Modelling & Design Reviews § OSCP, GraphQLParser for Burp @neelutripathy br3akp0int@Null/Git neelutripathy ABOUT ME
NEELU TRIPATHY § Affected: 23000 users/customers § Leaked Credentials in Docker image § Bash uploader Script modified § Created a backdoor from customer Cis § Stole Git creds, tokens, keys § Malware: APT29 § Affected: FireEye, US Treasury § § Target: NMS Orion; 300000 Customers(US Fed, DoD, 425/Fortune 500) § Build Server compromised § Wasn’t present in code § March – June – 2020 § Handcrafted: sleep b4 execute, custom to environments, avoid private IPs § 57 million customer and driver records stolen § $100,000 for cover-up § $148 million total cost to Uber § AWS credentials in Github § Github repo was exposed § CSO Joe Sullivan forced to leave LAST FEW YEARS..
NEELU TRIPATHY MAINTENANCE RELEASE DEPLYMENT TEST DEVELOPMENT DESIGN REQUIREMENTS REQUIREMENTS DESIGN DEVELOPMENT TEST DEPL0Y REVIEW RELEASE WATERFALL AGILE AGILE & WATERFALL DEVELOPMENT
NEELU TRIPATHY CONTINUOUS SECURITY VULNERABILITIES PREDICTABLE Automation TOOLS PRODUCTS NOT PREDICTABLE PEOPLE PROCESSES CONTINUOUS SECURITY: LIMITATIONS OF AUTOMATION
NEELU TRIPATHY Detective •SAST •DAST •Dependency Checking •IDE Static Analysis •RASP/IAST Preventive •Secrets Check-in prevention •pre-commit/push hooks •Security Unit tests •Compliance as Code •Security in IaC Environmental •Container Security •Version Controls •Network/Host/cloud •Hardening •Dev Components Configuration •WAF •Logging & Monitoring •DoS Protection AUTOMATING CONTROLS
NEELU TRIPATHY NEELU TRIPATHY SECURITY OF THE PRODUCT VS PRODUCT DELIVERY
NEELU TRIPATHY Security Practices Standards Supply Chain Security Product Security Awareness SECURING YOUR PRODUCT DEVELOPMENT
NEELU TRIPATHY Product Security SECURING YOUR PRODUCT DEVELOPMENT
NEELU TRIPATHY Product is secure(enough) Fewer vulnerabilities in the product Code is written securely Cannot be abused to cause damage
NEELU TRIPATHY PRODUCT SECURITY: KASEYA KASEYA • Ransomware attack • Kaseya's VSA software • Affected: 50 direct customers, and between 800 and 1,500 businesses down the chain • Cause: authentication bypass vulnerability in the Kaseya VSA • Authentication Bypass >> SQL injection >> code execution >> management agent update with REvil ransomware.
NEELU TRIPATHY Infrastructure § Threat Modeling § Architecture Review Design § Vulnerability assessment § Penetration testing § Mobile/Device Testing Dynamic Application/Service Static Code § Static Code Security review § License verification § Dependency checking § Network VA/PT (BB/GB) § Container Scanning § Cloud Security Assessment MAKING A SECURE SOFTWARE
NEELU TRIPATHY Supply Chain Security SECURING YOUR PRODUCT DEVELOPMENT
NEELU TRIPATHY Security of the DELIVERY Source:sysdig.com DEV TEST STAGING PROD SECURITY OF THE DELIVERY
NEELU TRIPATHY Source:sysdig.com DEV TEST STAGING PROD ATTACK SURFACE
NEELU TRIPATHY Standards Awareness SECURING YOUR PRODUCT DEVELOPMENT
NEELU TRIPATHY Tech Stack specific Role specific awareness General Security Awareness AWARENESS Developer Business Analyst QA Tech Lead Tech Architect
NEELU TRIPATHY Frameworks & Standards • NIST Cybersecurity Framework • ISO 27001 • GDPR • PCI • and so on.. Password Policy Mobile/Device security Endpoint Security Network security Risk Assessment & Treatment Physical environment Product security Communicatio ns & operations Maintenance, Patching STANDARDS
NEELU TRIPATHY Security Practices SECURING YOUR PRODUCT DEVELOPMENT
NEELU TRIPATHY 20 § Secure Baselines as a starting point § Hardening § Configuration § Security Acceptance Criteria § DevSecOps KPIs, SLAs/TATs § Observability & Threat Management § Backlog > Project Dashboard § Vulnerability Management § Create Feedback Loops § Security Unit Tests § Code Review Checkpoints § Audit/Secure Delivery Checklists § ITMs § Access Management § Change Management § Sustainable § Evolving Awareness SECURITY PRACTICES
NEELU TRIPATHY 21 Educate Dev Teams Define and design Security backlog Planning Team card wall/board 1 2 3 4 5 Feedback/Security Unit Tests Infra Security Review Container Scanning DAST Develop 10 9 8 7 6 Security Epic User Story-Sec ACs Epic User Story Epic Fix Story TO DO DOING DONE Analyze SCA SAST Test and review Network Vulnerability Assessment Inspect and adapt Priority Threat Modelling Technology & Automation Process People Sec Champ /Dev/QA/TL/BA Sec Champ/Expert: Optional DevOps Product Tech Principle/Lead Project Manager Security Expert Sec Champ /Dev/QA/TL/BA As the story goes
NEELU TRIPATHY 1 2 3 4 5 Promote security as code Secure by design Automating security gates Security is everyone’s responsibility Security in the definition of done Key Takeaways
NEELU TRIPATHY References • https://news.sophos.com/en-us/2021/07/02/kaseya-vsa-supply-chain- ransomware-attack/ • https://www.informationisbeautiful.net/visualizations/worlds-biggest- data-breaches-hacks/ • https://owasp.org/www-project-devsecops-maturity-model/ • https://owasp.org/www-project-application-security-verification- standard/ • https://martinfowler.com/articles/agile-threat-modelling.html
NEELU TRIPATHY Q & A
NEELU TRIPATHY THANK YOU! Contact @neelutripathy br3akp0int@Null/Git neelutripathy Neelu Tripathy Security Practice Lead, Thoughtworks India

Recommended

Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedBuilding an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedPrateek Mishra
 
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxDevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxTurja Narayan Chaudhuri
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용Amazon Web Services Korea
 
AWS Well-Architected Security とベストプラクティス
AWS Well-Architected Security とベストプラクティスAWS Well-Architected Security とベストプラクティス
AWS Well-Architected Security とベストプラクティスAmazon Web Services Japan
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsScaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsCarlos Santana
 
Resiliency-and-Availability-Design-Patterns-for-the-Cloud
Resiliency-and-Availability-Design-Patterns-for-the-CloudResiliency-and-Availability-Design-Patterns-for-the-Cloud
Resiliency-and-Availability-Design-Patterns-for-the-CloudAmazon Web Services
 

Recommended

Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedBuilding an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedPrateek Mishra
 
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxDevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptx
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxTurja Narayan Chaudhuri
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
 
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용
AWS Summit Seoul 2023 | 삼성전자/쿠팡의 대규모 트래픽 처리를 위한 클라우드 네이티브 데이터베이스 활용Amazon Web Services Korea
 
AWS Well-Architected Security とベストプラクティス
AWS Well-Architected Security とベストプラクティスAWS Well-Architected Security とベストプラクティス
AWS Well-Architected Security とベストプラクティスAmazon Web Services Japan
 
Scaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsScaling production grade EKS Multi-Cluster environments using GitOps
Scaling production grade EKS Multi-Cluster environments using GitOpsCarlos Santana
 
Resiliency-and-Availability-Design-Patterns-for-the-Cloud
Resiliency-and-Availability-Design-Patterns-for-the-CloudResiliency-and-Availability-Design-Patterns-for-the-Cloud
Resiliency-and-Availability-Design-Patterns-for-the-CloudAmazon Web Services
 
20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...Amazon Web Services Japan
 
AWS Migration Planning Roadmap
AWS Migration Planning RoadmapAWS Migration Planning Roadmap
AWS Migration Planning RoadmapAmazon Web Services
 
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)NTT DATA Technology & Innovation
 
20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したことAmazon Web Services Japan
 
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...New Relic
 
開発者におくるサーバーレスモニタリング
開発者におくるサーバーレスモニタリング開発者におくるサーバーレスモニタリング
開発者におくるサーバーレスモニタリングAmazon Web Services Japan
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSMassimo Ferre'
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield Advanced20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield AdvancedAmazon Web Services Japan
 
Secure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart waySecure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart wayEficode
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
Architecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesArchitecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesAmazon Web Services
 
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]オラクルエンジニア通信
 
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...Amazon Web Services Japan
 
脆弱性ハンドリングと耐える設計 -Vulnerability Response-
脆弱性ハンドリングと耐える設計 -Vulnerability Response-脆弱性ハンドリングと耐える設計 -Vulnerability Response-
脆弱性ハンドリングと耐える設計 -Vulnerability Response-Tomohiro Nakashima
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...Amazon Web Services Japan
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門Shuji Kikuchi
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
You think your WiFi is safe?
You think your WiFi is safe?You think your WiFi is safe?
You think your WiFi is safe?Rob Gillen
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 

More Related Content

What's hot

20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...Amazon Web Services Japan
 
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)NTT DATA Technology & Innovation
 
20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したことAmazon Web Services Japan
 
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...New Relic
 
開発者におくるサーバーレスモニタリング
開発者におくるサーバーレスモニタリング開発者におくるサーバーレスモニタリング
開発者におくるサーバーレスモニタリングAmazon Web Services Japan
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSMassimo Ferre'
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield Advanced20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield AdvancedAmazon Web Services Japan
 
Secure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart waySecure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart wayEficode
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりToru Makabe
 
Architecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesArchitecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesAmazon Web Services
 
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]オラクルエンジニア通信
 
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...Amazon Web Services Japan
 
脆弱性ハンドリングと耐える設計 -Vulnerability Response-
脆弱性ハンドリングと耐える設計 -Vulnerability Response-脆弱性ハンドリングと耐える設計 -Vulnerability Response-
脆弱性ハンドリングと耐える設計 -Vulnerability Response-Tomohiro Nakashima
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...Amazon Web Services Japan
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門Shuji Kikuchi
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 

What's hot (20)

20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190130 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
 
AWS Migration Planning Roadmap
AWS Migration Planning RoadmapAWS Migration Planning Roadmap
AWS Migration Planning Roadmap
 
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)
AWS Organizations連携サービスの罠(Security JAWS 第26回 発表資料)
 
20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと20220409 AWS BLEA 開発にあたって検討したこと
20220409 AWS BLEA 開発にあたって検討したこと
 
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...
SRE-iously: Defining the Principles, Habits, and Practices of Site Reliabilit...
 
開発者におくるサーバーレスモニタリング
開発者におくるサーバーレスモニタリング開発者におくるサーバーレスモニタリング
開発者におくるサーバーレスモニタリング
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWS
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield Advanced20200818 AWS Black Belt Online Seminar AWS Shield Advanced
20200818 AWS Black Belt Online Seminar AWS Shield Advanced
 
Secure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart waySecure your Azure and DevOps in a smart way
Secure your Azure and DevOps in a smart way
 
Azure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえりAzure Kubernetes Service 2019 ふりかえり
Azure Kubernetes Service 2019 ふりかえり
 
Architecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesArchitecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-Practices
 
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]
【旧版】Oracle Database Cloud Service:サービス概要のご紹介 [2021年7月版]
 
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
 
脆弱性ハンドリングと耐える設計 -Vulnerability Response-
脆弱性ハンドリングと耐える設計 -Vulnerability Response-脆弱性ハンドリングと耐える設計 -Vulnerability Response-
脆弱性ハンドリングと耐える設計 -Vulnerability Response-
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
 
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
20190129 AWS Black Belt Online Seminar AWS Identity and Access Management (AW...
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門
[AKIBA.AWS] AWS Elemental MediaConvertから学ぶコーデック入門
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 

Similar to ContinuousSecurity, Beyond Automation.pdf

You think your WiFi is safe?
You think your WiFi is safe?You think your WiFi is safe?
You think your WiFi is safe?Rob Gillen
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDocker, Inc.
 
AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019 AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019 Aaron Rinehart
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experiencegaurav sharma
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15Ed Bellis
 
ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsNetcetera
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014Amazon Web Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-mspMike Saunders
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsKaspersky
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 

Similar to ContinuousSecurity, Beyond Automation.pdf (20)

You think your WiFi is safe?
You think your WiFi is safe?You think your WiFi is safe?
You think your WiFi is safe?
 
Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudCloud Security vs Security in the Cloud
Cloud Security vs Security in the Cloud
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
 
AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019 AllDayDevOps Security Chaos Engineering 2019
AllDayDevOps Security Chaos Engineering 2019
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's Tail
 
Gaurav security profile_5_years_experience
Gaurav security profile_5_years_experienceGaurav security profile_5_years_experience
Gaurav security profile_5_years_experience
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
Tech t18
Tech t18Tech t18
Tech t18
 
ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web ApplicationsONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web Applications
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 
Vinoth babu b new
Vinoth babu b newVinoth babu b new
Vinoth babu b new
 
Vinoth Babu B-New
Vinoth Babu B-NewVinoth Babu B-New
Vinoth Babu B-New
 
Vinoth babu b new
Vinoth babu b newVinoth babu b new
Vinoth babu b new
 
SeattleFall1
SeattleFall1SeattleFall1
SeattleFall1
 
Ashwin Resume
Ashwin ResumeAshwin Resume
Ashwin Resume
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 

More from Neelu Tripathy

Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Neelu Tripathy
 
Mobile Security Risks & Mitigations
Mobile Security Risks & MitigationsMobile Security Risks & Mitigations
Mobile Security Risks & MitigationsNeelu Tripathy
 
Pentesting GraphQL Applications
Pentesting GraphQL ApplicationsPentesting GraphQL Applications
Pentesting GraphQL ApplicationsNeelu Tripathy
 
PHP Mailer Remote Code Execution
PHP Mailer Remote Code ExecutionPHP Mailer Remote Code Execution
PHP Mailer Remote Code ExecutionNeelu Tripathy
 
Understanding Burp Replicator
Understanding Burp ReplicatorUnderstanding Burp Replicator
Understanding Burp ReplicatorNeelu Tripathy
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 

More from Neelu Tripathy (7)

Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0Security Testing ModernApps_v1.0
Security Testing ModernApps_v1.0
 
Mobile Security Risks & Mitigations
Mobile Security Risks & MitigationsMobile Security Risks & Mitigations
Mobile Security Risks & Mitigations
 
Pentesting GraphQL Applications
Pentesting GraphQL ApplicationsPentesting GraphQL Applications
Pentesting GraphQL Applications
 
Burp Suite Extensions
Burp Suite ExtensionsBurp Suite Extensions
Burp Suite Extensions
 
PHP Mailer Remote Code Execution
PHP Mailer Remote Code ExecutionPHP Mailer Remote Code Execution
PHP Mailer Remote Code Execution
 
Understanding Burp Replicator
Understanding Burp ReplicatorUnderstanding Burp Replicator
Understanding Burp Replicator
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering Techniques
 

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

ContinuousSecurity, Beyond Automation.pdf