Top Banner
Preventing Devoops with DevSecOps Kieran Jacobsen Technical Lead – Infrastructure & Security
25

Dev Breakfast: Level up to DevSecOps

Mar 21, 2017

Download

Technology

kieranjacobsen
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Dev Breakfast: Level up to DevSecOps

Preventing Devoops with DevSecOpsKieran JacobsenTechnical Lead – Infrastructure & Security

Page 2: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited2Page

2016 was a big year…

Page 3: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited3Page

2017 is getting of to a bad start…

Page 4: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited4Page

Before DevOps

Page 5: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited5Page

DevOps

Page 6: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited6Page

But Where Is Security?

Page 7: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited7Page

DevSecOps› Clear Communication Pathways› Streamlined Communication› Security As Code› Training› Integrate security into DevOps cycle

Page 8: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited9Page

Communication PathwaysDevelopment Operations

Security

Page 9: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited10Page

Streamlined CommunicationNO:› Excel checklists› Word document reports› Email Attachments

Page 10: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited11Page

Streamlined CommunicationYES:› Backlogs/boards

Page 11: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited12Page

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing

Page 12: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited13Page

Streamlined CommunicationYES:› Backlogs/boards› Support ticketing› Markup and Git

Page 13: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited14Page

Security As Code› Application Source Code› Azure ARM and AWS Cloud Formation› Server Configuration – Chef, Puppet, DSC

Page 14: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited15Page

ARM Templates

Page 15: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited16Page

PowerShell DSC

Page 16: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited17Page

Training› We can’t be experts in Dev, Sec and Ops› We need cross pollination of skills› Starts at day 0› Hands on training for senior developers

Page 17: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited18Page

Training: PhishingEmployee Breakdown

Technical Non-Technical

Click Break Down

Technical Victims Non-Technical VictimsPassed

Page 18: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited19Page

Integrating Security

Page 19: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited20Page

Plan› Integrate security into sprint planning and reviews

› Consider security user stories early

Page 20: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited21Page

Code› Training!› Test driven development› Use of the correct tools› Pull Requests

Page 21: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited22Page

Build› Static code analysis› Dynamic code analysis

Page 22: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited23Page

Test› Develop security test cases› Fuzzing› Load testing

Page 23: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited24Page

Release & Deploy› Automated scanning upon deployment

Page 24: Dev Breakfast: Level up to DevSecOps

/ Copyright ©2017 by Readify Limited25Page

Operate & Monitor› Monitor logs› Rescan for vulnerabilities› Track dependencies

Page 25: Dev Breakfast: Level up to DevSecOps

Thank You


Related Documents
DoD Enterprise DevSecOps Fundamentals · 2021. 6. 11. · DevSecOps, including normalized definitions of DevSecOps concepts. Other pertinent information is captured in corresponding

DoD Enterprise DevSecOps Fundamentals · 2021. 6. 11. ·.....

Category: Documents
DevSecOps PLAYBOOK - Cprime

DevSecOps PLAYBOOK - Cprime

Category: Documents
DevSecOps - CrikeyCon 2017

DevSecOps - CrikeyCon 2017

Category: Software
Humanising DevSecOps

Humanising DevSecOps

Category: Documents
PLATAFORMA FT DEVSECOPS - UdeA

PLATAFORMA FT DEVSECOPS - UdeA

Category: Documents
Presentation: DoD Enterprise DevSecOps Initiative ...

Presentation: DoD Enterprise DevSecOps Initiative ...

Category: Documents
addressing IoT challenges through DevSecOps.

addressing IoT challenges through DevSecOps.

Category: Documents
DevSecOps - Building Rugged Software

DevSecOps - Building Rugged Software

Category: Technology
DevSecOps Overview - NYS Forum Home · 11/14/2018  · DevSecOps Overview November 14, 2018 ... 3 Benefits of DevSecOps 4 How to Implement DevSecOps 5 Summary / Questions. Security

DevSecOps Overview - NYS Forum Home · 11/14/2018  ·...

Category: Documents
DevSecOps SG Introduction - August Meetup

DevSecOps SG Introduction - August Meetup

Category: Technology
DevOps, DevSecOps, and vArmour - Whitepaper DevSecOps, and... · DevOps and DevSecOps DevOps has become a well established practice within many organizations. It aims to improve the

DevOps, DevSecOps, and vArmour - Whitepaper DevSecOps,...

Category: Documents
DevSecOps Fundamentals

DevSecOps Fundamentals

Category: Documents