SlideShare a Scribd company logo

Dev secops for real

•
•
M
mradwan

All DevOps practices work towards speeding up the cadence of software delivery within an organisation. This though should never come at cost - compromising security and compliance. We should actually work towards improving and embedding the security practices as part of the DevOps adoption. Enter Rugged DevOps or DevSecOps. Continuous Assurance, shift-left and others are the new buzzwords of the moment, but their foundations are very solid. So, beside Continuous Integration, Continuous Deployment, Continuous Delivery and Continuous Testing we should start looking at adding Continuous Assurance.

Software
1 of 58
Download to read offline
Mohamed Radwan Principal DevOps Consultant Blog: www.mohamedradwan.com DevSecOps for Real!
Blog: www.mohamedradwan.com Twitter: @mradwan06
Mohamed Radwan www.mohamedradwan.com Activity Links http://mohamedradwan.com/ https://social.msdn.microsoft.com/profile/mohamed.radwan-mvp https://www.youtube.com/user/MRadwanMSF https://github.com/DevOpsFounder http://goo.gl/j8pD7U https://goo.gl/C48iey https://stackoverflow.com/users/386323/mohamed-radwan-mvp
Mohamed Radwan www.mohamedradwan.com Outline • Traditional Security Vs. DevSecOps (Rugged DevOps) • Security as a continuously varying state • Evolving DevOps • Continuous Practices & Shift Left • Security and Compliance within DevOps • Vulnerabilities overview • Overview about OWASP • High Overview Of Secure DevOps Kit for Azure • How to run different types of security scan ? • Azure Policy
Mohamed Radwan www.mohamedradwan.com Outline (P2) • Azure Policy and Release Management • Azure Blueprints • Microsoft Azure Security Centre • Automate Governance and Compliance • Continuous security validation within CI/CD pipeline • Passive penetration test VS. Active penetration test • Infrastructure validation • Track vulnerabilities • Demo
Mohamed Radwan www.mohamedradwan.com Traditional Security Vs. DevSecOps (Rugged DevOps)
Mohamed Radwan www.mohamedradwan.com Security as a continuously varying state • Continuous Integration (CI) • Continuous Deployment (CD) • Continuous Delivery (CD) • Continuous Testing (CT) • Continuous Assurance (CA)
Mohamed Radwan www.mohamedradwan.com
Mohamed Radwan www.mohamedradwan.com Develop Build Test Deploy Operate Continuous Practices & Shift Left SecuritySecurity Security Security Security
Mohamed Radwan www.mohamedradwan.com Verizon 2016 Data Breach Investigations Report In 2016, the distribution is very similar to last year, with the top 10 vulnerabilities accounting for 85% while they are very known due the lack of awareness and practices. The risk of OSS vulnerabilities
Mohamed Radwan www.mohamedradwan.com
Mohamed Radwan www.mohamedradwan.com
Mohamed Radwan www.mohamedradwan.com
Mohamed Radwan www.mohamedradwan.com Overview about OWASP Top 10 • Injection • Never trust any user input • Broken authentication • Sensitive data exposure • Broken access control • More….. hub
18 Subscription Security (Policy,RBAC Config, etc.) Continuous Assurance Runbooks CICD Build/Release Extensions Log Analytics for Alerting & Monitoring Security IntelliSense. Security Verification Tests (SVTs) Cloud Risk Governance Provision security in subscription❶ Develop securely, spot check security via scripts ❷ Deploy securely from Azure DevOps Using Azure Pipelines build/release ❸ Periodically scan in production to watch for drift ❹Single security dashboard across DevOps stages ❺ Manage data-driven improvement to security ❻ High Overview Of Secure DevOps Kit for Azure Mohamed Radwan www.mohamedradwan.com
Mohamed Radwan www.mohamedradwan.com Security IntelliSense
Mohamed Radwan www.mohamedradwan.com SVTs Ad-hoc scan
Mohamed Radwan www.mohamedradwan.com SVTs Continuous Assurance scan
Mohamed Radwan www.mohamedradwan.com SVTs build/deployment scan using AzSK pipeline extension
Mohamed Radwan www.mohamedradwan.com Install AzSK
Mohamed Radwan www.mohamedradwan.com Commands of AzSK
Mohamed Radwan www.mohamedradwan.com SVTs Ad-hoc scan
Mohamed Radwan www.mohamedradwan.com Scan Subscription using AzSK
Mohamed Radwan www.mohamedradwan.com Scan result .CSV
Mohamed Radwan www.mohamedradwan.com Auto fix script
Mohamed Radwan www.mohamedradwan.com SVTs Continuous Assurance scan
Mohamed Radwan www.mohamedradwan.com Run Continuous Assurance scan for subscription using AzSK
Mohamed Radwan www.mohamedradwan.com SVTs build/deployment scan using AzSK pipeline extension
Mohamed Radwan www.mohamedradwan.com Check Security in CICD pipelines Code Complete Dev Envmt Test Envmt Prod Envmt
Mohamed Radwan www.mohamedradwan.com Azure Policy Enforce and Audit
Mohamed Radwan www.mohamedradwan.com Create and assign Azure Policy
Dev 1:n Developer environments ReleaseManagerse Production Environment ReleaseManagerse For Pre-Prod Like Usage With Real Data QA For Functionality Test (End-To- End) QA 1:n QA For Feature Test Quick review about deployemnt to enviroments Enviroments Approvers Mohamed Radwan www.mohamedradwan.com
ReleaseManagerse For Pre-Prod Like Usage With Real Data QA For Functionality Test (End-To- End) QA 1:n QA For Feature Test Sing-in and Sing-off process and automation Enviroments Approvers • Accept release to be deployed here • Accepted that this release has all prerequisites DoD • Accept to start working on this release • Approved this release is completed and ready for next stage • Next stage is ready and secure Sign-in Sign-off Mohamed Radwan www.mohamedradwan.com
Mohamed Radwan www.mohamedradwan.com Release Gate using Azure Policy
Mohamed Radwan www.mohamedradwan.com Policy violation failed release
Mohamed Radwan www.mohamedradwan.com AzSK pipeline extension (Release)
Mohamed Radwan www.mohamedradwan.com Azure Blueprints Deploy and update cloud environments in a repeatable manner using composable artifacts Role Based Access Controls Policy Definitions ARM Templates Azure Blueprints Subscription 1 Subscription 2 Subscription 3 Subscription N compose manage scale
Mohamed Radwan www.mohamedradwan.com Azure Blueprints Getting started
Mohamed Radwan www.mohamedradwan.com Centralized policy management Continuous security assessment Actionable recommendations Advanced cloud defenses. Prioritized alerts and incidents Integrated security solutions
Mohamed Radwan www.mohamedradwan.com
Mohamed Radwan www.mohamedradwan.com Automate Governance and Compliance Azure Policy Azure Blueprint Azure Automation Azure Pipelines AzSK Continuous Assurance
Mohamed Radwan www.mohamedradwan.com Continuous security validation within CI/CD pipeline Application CI /CD Nightly Test Runs CI Dev Static Code Analysis Code Review Work Item Linking Static Code Analysis OSS Vulnerability Scan Unit Tests Code Metrics Passive Pen Test SSL Scanner Infrastructure Scan Passive Pen Test SSL Scanner Infrastructure Scan Load and Performance Testing Automated Regression Testing Infrastructure Scan Active Pen Test Load and Performance Testing Automated Regression Testing Infrastructure Scan Feedback OSS Vulnerability Scan OSS License Violations Failed Unit Tests Static Code Rule Warnings Pen Test Issues SSL Issues Performance Issues Regression Bugs Infrastructure Issues Code Review Comments Static Code Rule Warnings Pen Test Issues SSL Issues Performance Issues Regression Bugs Infrastructure Issue Test IDE/Pull Request
Passive penetration test VS. Active penetration test Build Static Security Scan Deploy Package Passive Pentest Pull OWASP Zap Weekly Start Container Report Results Run Baseline (1 to 2 min) High Alerts – Fail Release All Alerts – Create Bugs Nightly Schedule Application Full Active Scan Pull OWASP Zap Weekly Start Container Spider Site High Alerts – Fail Release All Alerts – Create Bugs Run Active Scan Report Results Application CI/CD Pipeline Nightly OWASP ZAP Pipeline
Infrastructure validation Continuous Assurance Azure Scanner Whitelisted Endpoints and Ports Any non-whitelisted public endpoint/port detected will create a bug
Mohamed Radwan www.mohamedradwan.com Track vulnerabilities
Mohamed Radwan www.mohamedradwan.com SonarCloud
Mohamed Radwan www.mohamedradwan.com SonarCloud result
Mohamed Radwan www.mohamedradwan.com WhiteSource Bolt extension
Mohamed Radwan www.mohamedradwan.com WhiteSource Bolt result
Mohamed Radwan Principal DevOps Consultant Blog: www.mohamedradwan.com Thank you!

Recommended

Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsAmazon Web Services
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application SecurityShahee Mirza
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessPuma Security, LLC
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterAlert Logic
 

Recommended

Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsAmazon Web Services
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityDevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving SecurityFranklin Mosley
 
DevOps and Application Security
DevOps and Application SecurityDevOps and Application Security
DevOps and Application SecurityShahee Mirza
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
DevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessDevSecOps: Key Controls to Modern Security Success
DevSecOps: Key Controls to Modern Security SuccessPuma Security, LLC
 
CSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterCSS17: Houston - Stories from the Security Operations Center
CSS17: Houston - Stories from the Security Operations CenterAlert Logic
 
DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondPriyanka Aash
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
Android pentesting
Android pentestingAndroid pentesting
Android pentestingMykhailo Antonishyn
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudAlert Logic
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramPriyanka Aash
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureDevSecCon
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsabhimanyubhogwan
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}opsSteven Carlson
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsSuman Sourav
 

More Related Content

What's hot

DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017kieranjacobsen
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondPriyanka Aash
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudAlert Logic
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's lifeOWASP
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramPriyanka Aash
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureDevSecCon
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsAlert Logic
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsabhimanyubhogwan
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudAlert Logic
 

What's hot (20)

DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017DevSecOps - CrikeyCon 2017
DevSecOps - CrikeyCon 2017
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondOffice 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
 
Android pentesting
Android pentestingAndroid pentesting
Android pentesting
 
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the CloudCSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
 
[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life[OWASP Poland Day] Security in developer's life
[OWASP Poland Day] Security in developer's life
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Building and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security ProgramBuilding and Adopting a Cloud-Native Security Program
Building and Adopting a Cloud-Native Security Program
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Alfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azureAlfredo Reino - Monitoring aws and azure
Alfredo Reino - Monitoring aws and azure
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web ApplicationsCSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOCCSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the CloudCSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
 

Similar to Dev secops for real

DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsSuman Sourav
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Jeremy Gray
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
MLOps with Azure DevOps
MLOps with Azure DevOpsMLOps with Azure DevOps
MLOps with Azure DevOpsMarco Parenzan
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrewLibbySchulze
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityFrank Kim
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Microsoft Azure Cloud and DevOps
Microsoft Azure Cloud and DevOpsMicrosoft Azure Cloud and DevOps
Microsoft Azure Cloud and DevOpsRavikanth Chaganti
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014Amazon Web Services
 
Platform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalPlatform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalAviran Mordo
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfMIlton788007
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessMohammed A. Imran
 
DevSecOps with Confidence
DevSecOps with ConfidenceDevSecOps with Confidence
DevSecOps with ConfidenceVMware Tanzu
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Amazon Web Services
 

Similar to Dev secops for real (20)

Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
MLOps with Azure DevOps
MLOps with Azure DevOpsMLOps with Azure DevOps
MLOps with Azure DevOps
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise Security
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
Microsoft Azure Cloud and DevOps
Microsoft Azure Cloud and DevOpsMicrosoft Azure Cloud and DevOps
Microsoft Azure Cloud and DevOps
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
 
Platform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - FinalPlatform as a Runtime - PaaR QCON 2024 - Final
Platform as a Runtime - PaaR QCON 2024 - Final
 
TechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdfTechnicalTerraformLandingZones121120229238.pdf
TechnicalTerraformLandingZones121120229238.pdf
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
DevSecOps with Confidence
DevSecOps with ConfidenceDevSecOps with Confidence
DevSecOps with Confidence
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
 

Recently uploaded

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 

Recently uploaded (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 

Dev secops for real