SlideShare ist ein Scribd-Unternehmen logo

Alfresco Virtual DevCon 2020 - Security First!

Als PPTX, PDF herunterladen
Jason Jolley
Jason Jolley

Impress your security team and avoid becoming a cautionary tale! Security needs to come first, but how? What do you do if you're not a security expert? From secure development to dealing with cloud-native infrastructure, and being ready for trouble, this presentation will help you feel secure.

Software
1 von 34
Security First! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley
Objective © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 2 To empower Alfresco development teams to implement their solutions in a secure manner.
Agenda © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 3 SECURITY REQUIREMENTS SECURE DEVELOPMENT CLOUD SECURITY RESOURCES
Security Requirements © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 4 Understand Current State Security Authentication Authorization Content Security Regulations Governance Controlled Distribution Redaction Annotation Compliance Going Paperless Business Continuity Business Process Automation Auditing Detect mass downloads or deletions Viruses & Malware
Alfresco and Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 5 › Core Alfresco Features › Alfresco Enterprise Viewer › Alfresco Governance Services › Alfresco Cloud › Alfresco Encrypted Content Store › Core Alfresco Architecture › SAML Single Sign-On › Identity Services › Vulnerability Alerts › Partner Solutions
Alfresco and Security Tips & Tricks Alfresco Security Best Practices Checklist https://www.slideshare.net/toniblyx/alfresco- security-best-practices-check-list-only © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 6 Alfresco’s configuration can be tweaked in many ways. The Alfresco Security Best Practices Checklist presented by Toni de la Fuente details recommended configurations. This document is five years old, but still has many useful recommendations. For example: • Disable Unneeded services • Change File Permissions • Encrypt Passwords
Alfresco and Security Tips & Tricks Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption-atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 7 Additional Alfresco Security presentations with valuable tips and tricks:
Developer Security Myths 1. Security is just a task. 2. Security is just a feature. 3. You need to be a security expert. 4. We have a security team so we’re okay. 5. This project is a small target. Hackers won’t bother. 6. We need to overhaul everything to be secure. 7. Security can wait until the end. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 8
Building A Secure Development Culture Security Training Onboarding/Offboarding Checklist Add Security to your Agenda Be Ready for an Incident Have an Escalation Path Have a Contained Sandbox © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 9
Have a Developer Code of Conduct © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 10 1. Only Ship Quality Software 2. Stable Productivity 3. Inexpensive Adaptability 4. Continuous Improvement 5. Fearless Competence 6. Extreme Quality 7. QA Will Find Nothing! 8. Automation 9. Honest Estimates 10. Say No When We Can't Commit 11. Continuous Aggressive Learning 12. Mentor Each Other 13. Not Be A Knowledge Silo 14. Be Safe *This list is influenced by Robert C. Martin’s presentation: “The Reasonable Expectations of your CTO” https://vimeo.com/54025415
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 11 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 12 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Where is Security?
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 13 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Security is Pervasive!
Secure Development – Automated Builds Manage the Security Risk of Using Third-Party Components “Dependency Management” Use Approved Tools Perform Static Analysis Security Testing Perform Dynamic Analysis Security Testing Penetration Testing Track New Vulnerabilities, Release Notes © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 14
Secure Development – Monitoring & Analytics Safe Logging Log Collection, Archival & Access Define Metrics and Compliance Reporting Triggered Alerts © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 15
Secure Development – Incident Response “Better to have, and not need, than to need, and not have” F. Kafka © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 16
Any organization looking to establish their own incident response plan can benefit from the below best practices: https://msrc-blog.microsoft.com/2019/07/01/inside-the-msrc-building-your-own-security-incident-response-process/ Secure Development – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 17 Plan Stakeholder support Practice Leadership Empower Communication Collaborate Multithread Synch Learn
Secure Development – Incident Handling Checklist Computer Security Incident Handling Guide Incident Handling Checklist https://nvlpubs.nist.gov/nistpubs/SpecialPublic ations/NIST.SP.800-61r2.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 18
Shared Responsibility Model © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 19 In the cloud, security is a partnership with your vendor. You need to be aligned on security responsibilities.
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 20 Shared Responsibility Model - AWS
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 21 Shared Responsibility Model - Azure
Cloud Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 22 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer OperationsMost Cloud Vendors have similar Security Concerns. These concerns can be grouped into six areas. Recommendations & Policies Cloud Security
Cloud Security Basics – Data Protection © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 23 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Encrypt data at rest Encrypt data in transit Protect data in use Use mechanisms to keep people away from data Recommendations & Policies Cloud Security
Cloud Security Basics – Identity Access Management © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 24 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Secure your account Use Centralized Identity Provider Use Multi-Factor Authentication Store Secrets Securely Recommendations & Policies Cloud Security
Cloud Security Basics – Detection & Monitoring © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 25 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Service and Application logging Monitoring and Alerts Investigate Events Use Analytics to discover malicious behavior Automatic Escalation of Events Recommendations & Policies Cloud Security
Cloud Security Basics – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 26 Data Protection Identity Access Management Detection & MonitoringIncident Response Developer Operations Have an Incident Plan Practice Responding to Events Ensure security contacts are valid and notified. Automate Responses where possible Recommendations & Policies Cloud Security
Cloud Security Basics – Recommendations & Policies © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 27 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Follow Vendor Recommendations Patch everything Secure Endpoints, Firewall, Network Define & Audit Policies Recommendations & Policies Cloud Security
Cloud Security Basics – Developer Operations © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 28 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Infrastructure as Code Continuous Integration & Deployment/Delivery Automation Release Management Auto-Scale & Load Testing Security Testing Recommendations & Policies Cloud Security
Additional References and Recommended Reading Setting up authentication and security https://docs.alfresco.com/6.2/concepts/auth-intro.html Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption- atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 29
Additional References and Recommended Reading AWS Security Checklist https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pd f AWS Well-Architected Framework https://aws.amazon.com/architecture/well-architected/ AWS Well-Architected Framework: Security Pillar https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf AWS Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/ © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 30
Additional References and Recommended Reading Azure operational security checklist https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist Microsoft Security Development Lifecycle https://www.microsoft.com/en-us/securityengineering/sdl/practices Planning and operations guide https://docs.microsoft.com/en-us/azure/security-center/security-center-planning- and-operations-guide Shared responsibility in the cloud https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 31
Additional References and Recommended Reading Cloud-native security practices in IBM Cloud https://www.ibm.com/cloud/architecture/files/ibm-cloud-security- white-paper.pdf IBM Cloud Security: An Essential Guide https://www.ibm.com/cloud/learn/cloud-security IBM Cloud Security https://www.ibm.com/security/cloud Shared responsibilities for using IBM Cloud offerings https://cloud.ibm.com/docs/overview?topic=overview-shared- responsibilities © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 32
Additional References and Recommended Reading Google Cloud security best practices center https://cloud.google.com/security/best-practices Best practices for enterprise organizations https://cloud.google.com/docs/enterprise/best- practices-for-enterprise-organizations Google Cloud security foundations guide https://services.google.com/fh/files/misc/google- cloud-security-foundations-guide.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 33
Thank You! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley

Empfohlen

Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomwarePrathan Phongthiproek
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersSynopsys Software Integrity Group
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Microsoft Tech Community
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

Empfohlen

Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomwarePrathan Phongthiproek
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy Nur Shiqim Chok
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersSynopsys Software Integrity Group
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Microsoft Tech Community
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleSynopsys Software Integrity Group
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Amazon Web Services
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedMoti Sagey מוטי שגיא
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)Priyanka Aash
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationVMware Tanzu
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity OverviewMoti Sagey מוטי שגיא
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 

Weitere ähnliche Inhalte

Was ist angesagt?

Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Amazon Web Services
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Berezha Security Group
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)Priyanka Aash
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomwaremarketingunitrends
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationVMware Tanzu
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksSynopsys Software Integrity Group
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 

Was ist angesagt? (19)

Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - Detailed
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity Overview
 

Ähnlich wie Alfresco Virtual DevCon 2020 - Security First!

Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesMighty Guides, Inc.
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Software Integrity Group
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRockwell Automation
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporePractical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporeAmazon Web Services
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security SessionSplunk
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 

Ähnlich wie Alfresco Virtual DevCon 2020 - Security First! (20)

Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporePractical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 

Kürzlich hochgeladen

Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolsosttopstonverter
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldRoberto Pérez Alcolea
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxAndreas Kunz
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonApplitools
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfmaor17
 

Kürzlich hochgeladen (20)

Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
eSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration toolseSoftTools IMAP Backup Software and migration tools
eSoftTools IMAP Backup Software and migration tools
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Keeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository worldKeeping your build tool updated in a multi repository world
Keeping your build tool updated in a multi repository world
 
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptxUI5ers live - Custom Controls wrapping 3rd-party libs.pptx
UI5ers live - Custom Controls wrapping 3rd-party libs.pptx
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + KobitonLeveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
Leveraging AI for Mobile App Testing on Real Devices | Applitools + Kobiton
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
Zer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdfZer0con 2024 final share short version.pdf
Zer0con 2024 final share short version.pdf
 

Alfresco Virtual DevCon 2020 - Security First!

  • 1. Security First! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley
  • 2. Objective © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 2 To empower Alfresco development teams to implement their solutions in a secure manner.
  • 3. Agenda © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 3 SECURITY REQUIREMENTS SECURE DEVELOPMENT CLOUD SECURITY RESOURCES
  • 4. Security Requirements © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 4 Understand Current State Security Authentication Authorization Content Security Regulations Governance Controlled Distribution Redaction Annotation Compliance Going Paperless Business Continuity Business Process Automation Auditing Detect mass downloads or deletions Viruses & Malware
  • 5. Alfresco and Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 5 › Core Alfresco Features › Alfresco Enterprise Viewer › Alfresco Governance Services › Alfresco Cloud › Alfresco Encrypted Content Store › Core Alfresco Architecture › SAML Single Sign-On › Identity Services › Vulnerability Alerts › Partner Solutions
  • 6. Alfresco and Security Tips & Tricks Alfresco Security Best Practices Checklist https://www.slideshare.net/toniblyx/alfresco- security-best-practices-check-list-only © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 6 Alfresco’s configuration can be tweaked in many ways. The Alfresco Security Best Practices Checklist presented by Toni de la Fuente details recommended configurations. This document is five years old, but still has many useful recommendations. For example: • Disable Unneeded services • Change File Permissions • Encrypt Passwords
  • 7. Alfresco and Security Tips & Tricks Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption-atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 7 Additional Alfresco Security presentations with valuable tips and tricks:
  • 8. Developer Security Myths 1. Security is just a task. 2. Security is just a feature. 3. You need to be a security expert. 4. We have a security team so we’re okay. 5. This project is a small target. Hackers won’t bother. 6. We need to overhaul everything to be secure. 7. Security can wait until the end. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 8
  • 9. Building A Secure Development Culture Security Training Onboarding/Offboarding Checklist Add Security to your Agenda Be Ready for an Incident Have an Escalation Path Have a Contained Sandbox © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 9
  • 10. Have a Developer Code of Conduct © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 10 1. Only Ship Quality Software 2. Stable Productivity 3. Inexpensive Adaptability 4. Continuous Improvement 5. Fearless Competence 6. Extreme Quality 7. QA Will Find Nothing! 8. Automation 9. Honest Estimates 10. Say No When We Can't Commit 11. Continuous Aggressive Learning 12. Mentor Each Other 13. Not Be A Knowledge Silo 14. Be Safe *This list is influenced by Robert C. Martin’s presentation: “The Reasonable Expectations of your CTO” https://vimeo.com/54025415
  • 11. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 11 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer
  • 12. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 12 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Where is Security?
  • 13. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 13 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Security is Pervasive!
  • 14. Secure Development – Automated Builds Manage the Security Risk of Using Third-Party Components “Dependency Management” Use Approved Tools Perform Static Analysis Security Testing Perform Dynamic Analysis Security Testing Penetration Testing Track New Vulnerabilities, Release Notes © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 14
  • 15. Secure Development – Monitoring & Analytics Safe Logging Log Collection, Archival & Access Define Metrics and Compliance Reporting Triggered Alerts © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 15
  • 16. Secure Development – Incident Response “Better to have, and not need, than to need, and not have” F. Kafka © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 16
  • 17. Any organization looking to establish their own incident response plan can benefit from the below best practices: https://msrc-blog.microsoft.com/2019/07/01/inside-the-msrc-building-your-own-security-incident-response-process/ Secure Development – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 17 Plan Stakeholder support Practice Leadership Empower Communication Collaborate Multithread Synch Learn
  • 18. Secure Development – Incident Handling Checklist Computer Security Incident Handling Guide Incident Handling Checklist https://nvlpubs.nist.gov/nistpubs/SpecialPublic ations/NIST.SP.800-61r2.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 18
  • 19. Shared Responsibility Model © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 19 In the cloud, security is a partnership with your vendor. You need to be aligned on security responsibilities.
  • 20. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 20 Shared Responsibility Model - AWS
  • 21. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 21 Shared Responsibility Model - Azure
  • 22. Cloud Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 22 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer OperationsMost Cloud Vendors have similar Security Concerns. These concerns can be grouped into six areas. Recommendations & Policies Cloud Security
  • 23. Cloud Security Basics – Data Protection © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 23 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Encrypt data at rest Encrypt data in transit Protect data in use Use mechanisms to keep people away from data Recommendations & Policies Cloud Security
  • 24. Cloud Security Basics – Identity Access Management © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 24 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Secure your account Use Centralized Identity Provider Use Multi-Factor Authentication Store Secrets Securely Recommendations & Policies Cloud Security
  • 25. Cloud Security Basics – Detection & Monitoring © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 25 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Service and Application logging Monitoring and Alerts Investigate Events Use Analytics to discover malicious behavior Automatic Escalation of Events Recommendations & Policies Cloud Security
  • 26. Cloud Security Basics – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 26 Data Protection Identity Access Management Detection & MonitoringIncident Response Developer Operations Have an Incident Plan Practice Responding to Events Ensure security contacts are valid and notified. Automate Responses where possible Recommendations & Policies Cloud Security
  • 27. Cloud Security Basics – Recommendations & Policies © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 27 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Follow Vendor Recommendations Patch everything Secure Endpoints, Firewall, Network Define & Audit Policies Recommendations & Policies Cloud Security
  • 28. Cloud Security Basics – Developer Operations © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 28 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Infrastructure as Code Continuous Integration & Deployment/Delivery Automation Release Management Auto-Scale & Load Testing Security Testing Recommendations & Policies Cloud Security
  • 29. Additional References and Recommended Reading Setting up authentication and security https://docs.alfresco.com/6.2/concepts/auth-intro.html Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption- atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 29
  • 30. Additional References and Recommended Reading AWS Security Checklist https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pd f AWS Well-Architected Framework https://aws.amazon.com/architecture/well-architected/ AWS Well-Architected Framework: Security Pillar https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf AWS Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/ © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 30
  • 31. Additional References and Recommended Reading Azure operational security checklist https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist Microsoft Security Development Lifecycle https://www.microsoft.com/en-us/securityengineering/sdl/practices Planning and operations guide https://docs.microsoft.com/en-us/azure/security-center/security-center-planning- and-operations-guide Shared responsibility in the cloud https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 31
  • 32. Additional References and Recommended Reading Cloud-native security practices in IBM Cloud https://www.ibm.com/cloud/architecture/files/ibm-cloud-security- white-paper.pdf IBM Cloud Security: An Essential Guide https://www.ibm.com/cloud/learn/cloud-security IBM Cloud Security https://www.ibm.com/security/cloud Shared responsibilities for using IBM Cloud offerings https://cloud.ibm.com/docs/overview?topic=overview-shared- responsibilities © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 32
  • 33. Additional References and Recommended Reading Google Cloud security best practices center https://cloud.google.com/security/best-practices Best practices for enterprise organizations https://cloud.google.com/docs/enterprise/best- practices-for-enterprise-organizations Google Cloud security foundations guide https://services.google.com/fh/files/misc/google- cloud-security-foundations-guide.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 33
  • 34. Thank You! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley

Hinweis der Redaktion

  1. Hi there. Thank you for coming to my talk on Security and Development
  2. It is not a question of “if” but “when” Security is important for EVERYONE Secure By Design Security & Quality are Interdependent! What – he’s gone? I have to remove him from x.. Multiple backups -current backup or current resume Sandbox needs to be separate from other environment
  3. Security is Pervasive?
  4. Security is Pervasive?
  5. Security is Pervasive?