devsecops in 10 minutes
TRANSCRIPT
![Page 1: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/1.jpg)
Preventing Devoops with DevSecOpsKieran JacobsenTechnical Lead – Infrastructure & Security
![Page 2: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/2.jpg)
/ Copyright ©2017 by Readify Limited2Page
2016 was a big year…
![Page 3: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/3.jpg)
/ Copyright ©2017 by Readify Limited3Page
2017 is getting of to a bad start…
![Page 4: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/4.jpg)
/ Copyright ©2017 by Readify Limited4Page
Before DevOps
![Page 5: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/5.jpg)
/ Copyright ©2017 by Readify Limited5Page
DevOps
![Page 6: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/6.jpg)
/ Copyright ©2017 by Readify Limited6Page
But Where Is Security?
![Page 7: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/7.jpg)
/ Copyright ©2017 by Readify Limited7Page
DevSecOps› Clear Communication Pathways› Streamlined Communication› Security As Code› Training› Integrate Security into DevOps cycle
![Page 8: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/8.jpg)
/ Copyright ©2017 by Readify Limited9Page
Communication PathwaysDevelopment Operations
Security
![Page 9: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/9.jpg)
/ Copyright ©2017 by Readify Limited10Page
Streamlined CommunicationNO:› Excel checklists› Word document reports› Email Attachments
![Page 10: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/10.jpg)
/ Copyright ©2017 by Readify Limited11Page
Streamlined CommunicationYES:› Backlogs/boards
![Page 11: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/11.jpg)
/ Copyright ©2017 by Readify Limited12Page
Streamlined CommunicationYES:› Backlogs/boards› Support ticketing
![Page 12: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/12.jpg)
/ Copyright ©2017 by Readify Limited13Page
Streamlined CommunicationYES:› Backlogs/boards› Support ticketing› Markup and Git
![Page 13: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/13.jpg)
/ Copyright ©2017 by Readify Limited14Page
Security As Code› Application Source Code› Azure ARM and AWS Cloud Formation› Server Configuration – Chef, Puppet, DSC
![Page 14: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/14.jpg)
/ Copyright ©2017 by Readify Limited15Page
ARM Templates
![Page 15: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/15.jpg)
/ Copyright ©2017 by Readify Limited16Page
PowerShell DSC
![Page 16: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/16.jpg)
/ Copyright ©2017 by Readify Limited17Page
Training› We can’t be experts in Dev, Sec and Ops› We need cross pollination of skills› Starts at day 0
![Page 17: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/17.jpg)
/ Copyright ©2017 by Readify Limited18Page
Integrating Security
![Page 18: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/18.jpg)
/ Copyright ©2017 by Readify Limited19Page
Plan› Integrate security into sprint planning and reviews
› Consider security stories early
![Page 19: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/19.jpg)
/ Copyright ©2017 by Readify Limited20Page
Code› Training!› Test driven development› Use of the correct tools› Pull Requests
![Page 20: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/20.jpg)
/ Copyright ©2017 by Readify Limited21Page
Build› Static code analysis› Dynamic code analysis
![Page 21: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/21.jpg)
/ Copyright ©2017 by Readify Limited22Page
Test› Develop security test cases› Fuzzing› Load testing
![Page 22: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/22.jpg)
/ Copyright ©2017 by Readify Limited23Page
Release & Deploy› Automated scanning upon deployment
![Page 23: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/23.jpg)
/ Copyright ©2017 by Readify Limited24Page
Operate & Monitor› Monitor logs› Rescan for vulnerabilities› Track dependencies
![Page 24: DevSecOps in 10 minutes](https://reader035.vdocument.in/reader035/viewer/2022062400/58d15a931a28ab41128b6aa1/html5/thumbnails/24.jpg)
Thank You