DevSecOps in 10 minutes

Preventing Devoops with DevSecOpsKieran JacobsenTechnical Lead – Infrastructure & Security

2016 was a big year…

2017 is getting of to a bad start…

Before DevOps

DevOps

But Where Is Security?

DevSecOps› Clear Communication Pathways› Streamlined Communication› Security As Code› Training› Integrate Security into DevOps cycle

Communication PathwaysDevelopment Operations

Security

Streamlined CommunicationNO:› Excel checklists› Word document reports› Email Attachments

Streamlined CommunicationYES:› Backlogs/boards

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing› Markup and Git

Security As Code› Application Source Code› Azure ARM and AWS Cloud Formation› Server Configuration – Chef, Puppet, DSC

ARM Templates

PowerShell DSC

Training› We can’t be experts in Dev, Sec and Ops› We need cross pollination of skills› Starts at day 0

Integrating Security

Plan› Integrate security into sprint planning and reviews

› Consider security stories early

Code› Training!› Test driven development› Use of the correct tools› Pull Requests

Build› Static code analysis› Dynamic code analysis

Test› Develop security test cases› Fuzzing› Load testing

Release & Deploy› Automated scanning upon deployment

Operate & Monitor› Monitor logs› Rescan for vulnerabilities› Track dependencies

Thank You

DevSecOps in 10 minutes

Software

Transcript of DevSecOps in 10 minutes

Introduccion a devops y devsecops

A DevSecOps Guide - Bitpipe... A DevSecOps Guide • 3 DevSecOps: Making It Happen After understanding the value of a DevOps mindset, making the cultural shift and reaping the benefits,

오픈소스로 만나보는 DevSecOps · 삼성 오픈소스 컨퍼런스 오픈소스로 만나보는 DevSecOps 우아한형제들 조민재 minjae.cho@gmail.com 2018년 10월 18일

DevSecOps Journey - CSO50 Conference · DevSecOps Journey 2/28/2018. 3/3/2018 Confidential –Internal Distribution 2 Agenda • DevSecOps @ Fannie Mae o The Challenges and The Promises

DevSecOps Overview - NYS Forum Home · 11/14/2018 · DevSecOps Overview November 14, 2018 ... 3 Benefits of DevSecOps 4 How to Implement DevSecOps 5 Summary / Questions. Security

Presentation: DoD Enterprise DevSecOps Initiative ...

DevSecOps: Why security is essential · DevSecOps doesn’t happen all at once for most organizations; it is a journey. Although the DevSecOps journey is enabled by technology, the

DISA DevSecOps Enterprise Strategy · Web view2021/07/30 · A DevSecOps New World This document focuses on the DISA Enterprise DevSecOps Strategy to secure the Department of Defense

DevSecOps Insights - Snyk

DevSecOps in Multi Account

DoD Enterprise DevSecOps Community of Practice · 2021. 6. 29. · ECMA and Army Software Factory's DevSecOps ... Project Ridgway are users of the DevSecOps ecosystem. 7. ... Continuous

DevSecOps Fundamentals Playbook

Overcoming DevSecOps Challenges

DevSecOps SG Introduction - August Meetup

addressing IoT challenges through DevSecOps.

DevSecOps Fundamentals

What is DevSecOps? Pipelines...What is DevSecOps? DevSecOps is a methodology in which security is integrated into the entire life cycle of application development. Rather than being

DevOps, DevSecOps, and vArmour - Whitepaper DevSecOps, and... · DevOps and DevSecOps DevOps has become a well established practice within many organizations. It aims to improve the

DoD Enterprise DevSecOps Fundamentals · 2021. 6. 11. · DevSecOps, including normalized definitions of DevSecOps concepts. Other pertinent information is captured in corresponding

DevSecOps PLAYBOOK - Cprime