Suche senden
Hochladen
DevOps and Application Security
•
3 gefällt mir
•
1,151 views
Shahee Mirza
Folgen
DevOps is an opportunity to make security an integral part of application development.
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 24
Empfohlen
CSSLP Course
CSSLP Course
Masoud Ostad
Security testing
Security testing
Tabăra de Testare
Web application security & Testing
Web application security & Testing
Deepu S Nath
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
Application Security
Application Security
Reggie Niccolo Santos
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Web Application Security Testing
Web Application Security Testing
Marco Morana
Web application security
Web application security
Kapil Sharma
Empfohlen
CSSLP Course
CSSLP Course
Masoud Ostad
Security testing
Security testing
Tabăra de Testare
Web application security & Testing
Web application security & Testing
Deepu S Nath
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
Application Security
Application Security
Reggie Niccolo Santos
Penetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
Web Application Security Testing
Web Application Security Testing
Marco Morana
Web application security
Web application security
Kapil Sharma
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
Introduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
Web Application Security 101
Web Application Security 101
Jannis Kirschner
Security testing fundamentals
Security testing fundamentals
Cygnet Infotech
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Secure coding practices
Secure coding practices
Mohammed Danish Amber
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic Attacks
Marco Morana
Web Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
Introduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
Secure code practices
Secure code practices
Hina Rawal
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Security Testing.pptx
Security Testing.pptx
osandadeshan
Software security testing
Software security testing
nehabsairam
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
Shahee Mirza
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
Weitere ähnliche Inhalte
Was ist angesagt?
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
Introduction to DevSecOps
Introduction to DevSecOps
Amazon Web Services
Web Application Security 101
Web Application Security 101
Jannis Kirschner
Security testing fundamentals
Security testing fundamentals
Cygnet Infotech
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Netsparker
Secure coding practices
Secure coding practices
Mohammed Danish Amber
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic Attacks
Marco Morana
Web Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
Introduction to Malware Analysis
Introduction to Malware Analysis
Andrew McNicol
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
Secure code practices
Secure code practices
Hina Rawal
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
Security Testing.pptx
Security Testing.pptx
osandadeshan
Software security testing
Software security testing
nehabsairam
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
Was ist angesagt?
(20)
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
DevSecOps: Minimizing Risk, Improving Security
DevSecOps: Minimizing Risk, Improving Security
Introduction to DevSecOps
Introduction to DevSecOps
Web Application Security 101
Web Application Security 101
Security testing fundamentals
Security testing fundamentals
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Secure coding practices
Secure coding practices
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
Security Exploit of Business Logic Flaws, Business Logic Attacks
Security Exploit of Business Logic Flaws, Business Logic Attacks
Web Application Security and Awareness
Web Application Security and Awareness
Introduction to Malware Analysis
Introduction to Malware Analysis
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Secure code practices
Secure code practices
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Security Testing.pptx
Security Testing.pptx
Software security testing
Software security testing
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Andere mochten auch
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
Shahee Mirza
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
A simple model of consumer behavior
A simple model of consumer behavior
Md. Samid Razzak
Bug bounty programs
Bug bounty programs
Dan Vasile
5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program
bugcrowd
Icebreaking how to break the ice and give an awesome presentation
Icebreaking how to break the ice and give an awesome presentation
Imtiaz alam
Case solving Tips shown in Brandwitz'15 RoadShow
Case solving Tips shown in Brandwitz'15 RoadShow
Akib Hasan Srabon
Sending a for ahuh. win32 exploit development old school
Sending a for ahuh. win32 exploit development old school
Nahidul Kibria
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
Abhijeth D
A designer resume
A designer resume
Md. Samid Razzak
Bug Bounty for - Beginners
Bug Bounty for - Beginners
Himanshu Kumar Das
Brandwitz'14 biggest branding competition of the country
Brandwitz'14 biggest branding competition of the country
Ayman Sadiq
10 Mind blowing facts about Greece's Economy
10 Mind blowing facts about Greece's Economy
Md. Samid Razzak
10 Life Lessons by Bill Gates
10 Life Lessons by Bill Gates
Md. Samid Razzak
Brandwitz'15 Semi Finals-Team 360 degree
Brandwitz'15 Semi Finals-Team 360 degree
Azizul Hasan
Team Dexters-Socio Camp Slides
Team Dexters-Socio Camp Slides
Md. Samid Razzak
My Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is Magic
Apollo Clark
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
Devops security
Devops security
Logicaltrust pl
The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2
Zensar Technologies Ltd.
Andere mochten auch
(20)
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
Bug Bounty 101
Bug Bounty 101
A simple model of consumer behavior
A simple model of consumer behavior
Bug bounty programs
Bug bounty programs
5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program
Icebreaking how to break the ice and give an awesome presentation
Icebreaking how to break the ice and give an awesome presentation
Case solving Tips shown in Brandwitz'15 RoadShow
Case solving Tips shown in Brandwitz'15 RoadShow
Sending a for ahuh. win32 exploit development old school
Sending a for ahuh. win32 exploit development old school
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
A designer resume
A designer resume
Bug Bounty for - Beginners
Bug Bounty for - Beginners
Brandwitz'14 biggest branding competition of the country
Brandwitz'14 biggest branding competition of the country
10 Mind blowing facts about Greece's Economy
10 Mind blowing facts about Greece's Economy
10 Life Lessons by Bill Gates
10 Life Lessons by Bill Gates
Brandwitz'15 Semi Finals-Team 360 degree
Brandwitz'15 Semi Finals-Team 360 degree
Team Dexters-Socio Camp Slides
Team Dexters-Socio Camp Slides
My Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is Magic
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Devops security
Devops security
The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2
Ähnlich wie DevOps and Application Security
Scale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
Amazon Web Services
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabad
kunwaratul hax0r
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
Time To Get Your DevOps E-Degree Now !!
Time To Get Your DevOps E-Degree Now !!
John Alex
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
DevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier
Devops Engineer E-Degree In Just 3 Months
Devops Engineer E-Degree In Just 3 Months
John Alex
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Edureka!
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Wouter Bloeyaert
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6
Dinis Cruz
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Siddharth Joshi
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
Duran Hsieh
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
OWASP Delhi
DevSecOps Integrating Security in to the DevOps Lifecycle
DevSecOps Integrating Security in to the DevOps Lifecycle
Robert Risch
Ähnlich wie DevOps and Application Security
(20)
Scale security for a dollar or less
Scale security for a dollar or less
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabad
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Time To Get Your DevOps E-Degree Now !!
Time To Get Your DevOps E-Degree Now !!
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOps - The big picture
Devops Engineer E-Degree In Just 3 Months
Devops Engineer E-Degree In Just 3 Months
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOps
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
DevSecOps Integrating Security in to the DevOps Lifecycle
DevSecOps Integrating Security in to the DevOps Lifecycle
Kürzlich hochgeladen
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Kürzlich hochgeladen
(20)
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
DevOps and Application Security
1.
DevOps and Application
Security Shahee Mirza Co-Founder : BEETLES Twitter: @shaheemirza
2.
DevOps?
3.
But Where is
the Security?
4.
TRADITIONAL
5.
QA and OPS:
Devs:
6.
Security is last
task? • Security Testing • Firewall Configuration • Source Code Analysis
7.
Security Testing, Firewall
configuration and Code analysis – Takes time
8.
But, the investor
has no time
9.
So, What have
we got:
10.
But, What we
planned :
11.
… is that
end of everything?
12.
Required: Security in
DevOps
13.
Welcome to DevOpsSec
!!
14.
But, How will
I introduce DevOpsSec to my team?
15.
Module 1: Make
a plan for Security
16.
Module 2: Connect
entire Team
17.
Module 3: Make
a culture of Self- Learning about Security for Devs + QA.
18.
Module 4: Automate
everything.
19.
Develop Code Commit Source Control Build Trigger Tests Deploy to ProductionDeploy to Test Env Report & Notify Publish to release repository Automatic security test SCA Test Security
within Continuous Deployment
20.
Module 5: Build
a Security Team
21.
Now, you have…
22.
Summary
23.
1. Make a
plan for security 2. Educate your team 3. Integrate security into automatic build process.
24.
Thank you