Dev Breakfast: Level up to DevSecOps

Preventing Devoops with DevSecOpsKieran JacobsenTechnical Lead – Infrastructure & Security

2016 was a big year…

2017 is getting of to a bad start…

Before DevOps

DevOps

But Where Is Security?

DevSecOps› Clear Communication Pathways› Streamlined Communication› Security As Code› Training› Integrate security into DevOps cycle

Communication PathwaysDevelopment Operations

Security

Streamlined CommunicationNO:› Excel checklists› Word document reports› Email Attachments

Streamlined CommunicationYES:› Backlogs/boards

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing› Markup and Git

Security As Code› Application Source Code› Azure ARM and AWS Cloud Formation› Server Configuration – Chef, Puppet, DSC

ARM Templates

PowerShell DSC

Training› We can’t be experts in Dev, Sec and Ops› We need cross pollination of skills› Starts at day 0› Hands on training for senior developers

Training: PhishingEmployee Breakdown

Technical Non-Technical

Click Break Down

Technical Victims Non-Technical VictimsPassed

Integrating Security

Plan› Integrate security into sprint planning and reviews

› Consider security user stories early

Code› Training!› Test driven development› Use of the correct tools› Pull Requests

Build› Static code analysis› Dynamic code analysis

Test› Develop security test cases› Fuzzing› Load testing

Release & Deploy› Automated scanning upon deployment

Operate & Monitor› Monitor logs› Rescan for vulnerabilities› Track dependencies

Thank You

Dev Breakfast: Level up to DevSecOps

Technology

DevOps, DevSecOps, and vArmour - Whitepaper DevSecOps, and... · DevOps and DevSecOps DevOps has become a well established practice within many organizations. It aims to improve the

Humanising DevSecOps

Modernizing your database processes with DevSecOps...DBmaestro Moderniing your database processes with DevSecOps 1 2 6 7 9 10 11 Introduction The Shift to DevSecOps Database Flow Comprehensive

Presentation: DoD Enterprise DevSecOps Initiative

Putting the Sec in DevSecOps

What is DevSecOps? Pipelines...What is DevSecOps? DevSecOps is a methodology in which security is integrated into the entire life cycle of application development. Rather than being

CP-DevSecOps...Automate Security tests in DevOps CP-DevSecOps is the surest way for you to practically experience contiuous security testing or DevSecOps using the most in demand

DevSecOps: Is it a Good Thing?

Taming rainbow shitting unicorns - PvIB · DevSecOps: summary •Align Dev, Sec, Bus, and Ops •Standardize and simplify •Automate, automate, automate •Know your value •Attack

AGENDA - CyFence 2020 - ASEAN | TradepassMoving to DevSecOps • Security in Fast Moving Development Companies • Dev and Security Teams Working Together • The Right SSDLC Yaron

DevSecOps - The big picture

Abbey Road’s Beatles’ Breakfast & Bloody Mary Barabbeyroadpub.com/dev/wp-content/uploads/2014/10/Abbey-Road-Be… · Abbey Road’s Beatles’ Breakfast & Bloody Mary Bar “Welcome

DevSecOps Journey - CSO50 Conference · DevSecOps Journey 2/28/2018. 3/3/2018 Confidential –Internal Distribution 2 Agenda • DevSecOps @ Fannie Mae o The Challenges and The Promises

DevSecOps SG Introduction - August Meetup

DevSecOps – Agility with Security...4 DevSecOps – Agility with Security In summary, DevSecOps aims to be a movement that extends all of the organisational benefits achieved through

Enterprise Cloud Security via DevSecOps

DevSecOps Fundamentals

DevSecOps and the DevOps Superpattern

DevSecOps - Building Rugged Software

DISA DevSecOps Enterprise Strategy · Web view2021/07/30 · A DevSecOps New World This document focuses on the DISA Enterprise DevSecOps Strategy to secure the Department of Defense