Beschikbaar jr. HBO Netwerk/Security/DevOps Engineer

Jan 17, 2017Download as PPTX, PDF1 like308 views

Beschikbaar jr. HBO Netwerk/Security/DevOps Engineer regio Brabant via NOVA IT Solutions

Meer informatie?
sales@nova-itsolutions.nl  +31 40 245 01 06
HBO Junior Netwerk/Security/DevOps engineer
Regio Brabant
Per direct beschikbaar
De kandidaat heeft onder andere ervaring met :
CISCO/Microsoft/Linux
Network Forensic Research
C#, ASP.NET Web API, PHP, HTML5, CSS3
BESCHIKBAAR

The document discusses the DevOpsSec approach which aims to integrate security testing into the development process through automation. It outlines how DevOpsSec can help address issues that arise from the traditional separation of development and operations teams. The document provides examples of different types of tests that can be automated, such as unit testing, performance testing, and security testing of an application's attack surface. It promotes automating as many tests as possible and sharing test automation code to continuously monitor for vulnerabilities and issues.

Devops/Sysops securityLogicaltrust pl

The Retail Enterprise - And the rise of the omni-present consumer Part 2Zensar Technologies Ltd.

Zensar - supporting global Retailers in their transformation journey Shared Service: Support services delivered through a team of experienced functional and technical consultants. A single team of Oracle Retail experts led by an experienced service manager helps support multiple retailers. Through this model, the retailer is able to reduce the total cost of operations by up to 30%. Managed Service: Zensar takes on the responsibility for a set of pre-defined support activities and enhancements. The SLAs for response and resolution is agreed upon and this type of engagement fits retailers looking to engage in continuous improvement and long term fixes. Resource Augmentation: The management, allocation and SLA responsibility of resources in this model is completely dependent on the customer and the mode of client operations. Capacity Augmentation: Like with the management, allocation and SLA responsibility of resources in this model is completely dependent on the customer and the mode of operations. However this is suitable for larger engagements and team capacity and skill planning for project ramp-up and ramp-down based on customer requirement.

Application Secret Management with KMSSonatype

Andrey Utis - Sr. Manager, Software Engineering Managing application secrets, such as database passwords or API keys, can be a tricky problem in any environment. It becomes even trickier when we have an end-to-end Continuous Delivery pipeline, deploying an application with no human intervention. The question becomes: how do we maintain secrets in source control, along with the infrastructure and functional code, without exposing them to everyone? Additionally, CapitalOne, being a large financial institution, is subject to regulations like "segregation of duties", which prohibits developers from having admin access to production. Using a combination of AWS KMS, IAM, and iptables, we were able to design a simple, cheap, and scalable solution that satisfies our security needs, as well as the regulatory requirements.

What's My Security Policy Doing to My Help Desk w/ Chris SwanSonatype

Software Security in DevOps: Synthesizing Practitioners’ Perceptions and Prac...Akond Rahman

In organizations that use DevOps practices, software changes can be deployed as fast as 500 times or more per day. Without adequate involvement of the security team, rapidly deployed software changes are more likely to contain vulnerabilities due to lack of adequate reviews. The goal of this paper is to aid software practitioners in integrating security and DevOps by summarizing experiences in utilizing security practices in a DevOps environment. We analyzed a selected set of Internet artifacts and surveyed representatives of nine organizations that are using DevOps to systematically explore experiences in utilizing security practices. We observe that the majority of the software practitioners have expressed the potential of common DevOps activities, such as automated monitoring, to improve the security of a system. Furthermore, organizations that integrate DevOps and security utilize additional security activities, such as security requirements analysis and performing security configurations. Additionally, these teams also have established collaboration between the security team and the development and operations teams.

Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider

Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur Überwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im Übergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit „Security-DevOps“ dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe übertragen. Durch frühe Rückkopplung sicherheitstechnischer Findings an die Entwicklung im Rahmen der Automatisierung haben Ihre Pentester die Möglichkeit, sich auf die kniffligeren Sicherheitschecks zu konzentrieren – trotz geforderter kurzer Releasezyklen.

Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...Sonatype

George Parris III, Capital One In many companies, the cornerstone of their continuous integration and continuous deployment strategy is a few, well known pieces of automation software that are absolutely vital to the way companies are building software these days using agile methodologies. Many times though, someone with some infrastructure experience will just spin up a server and install the packages, building and iterating upon that same install for the following years that they're using it, which puts them in a shaky place every time they have to make changes to it. On the Online Account Opening project at Capital One, we’ve strived to maintain our entire infrastructure as immutable as possible. In doing so, it was decided that we should apply that principle to our core CI/CD automation tools as well. By using Config As Code, Implementing a useful backup and testing strategy, and utilizing some AWS capabilities, we’re able to make that happen.

Security and dev ops for high velocity organizationsChef

This document discusses Chef Compliance and how it helps with security and DevOps for organizations that move quickly. It introduces InSpec, an open source framework that allows defining infrastructure compliance and security checks as code. With InSpec, compliance checks can be automated and run continuously alongside infrastructure code. Traditional compliance is time-consuming and separate from development workflows, but defining compliance specifications in InSpec code allows integrating compliance into DevOps pipelines for continuous verification.

Security, Identity, and DevOps, oh my - PrintChris Sanchez

My talk from All Day DevOps 2016 introducing IdentityOps. IdentityOps is a set of strategies that integrates security, Identity and DevOps to solve common use cases for technical operations. Key take aways of IdentityOps: * Centralized policy for access management to resources * Uniform application of policy and real-time enforcement * Better operational efficiency * Enable use cases: least privilege, nonrepudiation, segregation of duties, and audibility

DevOps and IT securitych.osme

The document discusses various challenges and responsibilities faced by developers and operations staff. It mentions pushing code to production by the weekend, needing to add new features by the holidays, the importance of performance testing and automated builds. It also discusses security issues like vulnerabilities in Linux servers, handling many tasks at once, and the need for log and password management. Operations staff are pulled in many directions with meetings and various other responsibilities. The document advocates for DevOps with continuous development, integration, deployment, monitoring and security to help address these challenges.

Prepare to defend thyself with Blue/GreenSonatype

The document describes an automated continuous integration and continuous deployment (CICD) pipeline using a blue-green deployment strategy. It begins by showing a basic CICD pipeline and then introduces blue-green deployment to reduce downtime when deploying new changes. It demonstrates how blue-green deployment works step-by-step and discusses how it helps minimize downtime, preserve the last known good deployment, enable robust infrastructure, and allow for parallel pipelines. The document then provides recommendations for implementing blue-green deployment, including using virtualization, automating the process, and incorporating security testing. It emphasizes securing the entire CICD pipeline, not just the final application.

DevOps in a Regulated and Embedded Environment (AgileDC)Arjun Comar

Embedded environments greatly restrict the tools available for a DevOps pipeline. A regulated environment changes the processes a development team can use to deliver software. The combination results in a highly restricted environment that forces the team back to first principles, finding what can actually work. In this talk, we'll consider the options, develop a set of helpful tools and discuss the challenges facing any team working on DevOps in unfavorable environments. Together, we'll examine my experiences with a medical device company, where I built a DevOps pipeline for software controlling a heart pump. I would like to discuss the tools that worked as well as the principles that lead our team to success.

Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys

Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck. Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things. While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers. Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about: • The evolving DevOps and software security assurance lifecycle in the age of open source • The software security considerations CISOs, security, and development teams must address when using open source • An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.

Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedSeniorStoryteller

This document discusses the intersection between release engineering and rugged DevOps approaches. It outlines similarities between release engineering and security operations roles, and how release engineering impacts and relates to security. Specifically, it notes challenges around software supply chains and containerization. It also discusses missed heuristics during development and production processes that could help identify issues. Finally, it suggests ways to better engage release engineering and security teams, such as researching software supply chains and starting collaborative projects.

Automated Infrastructure Security: Monitoring using FOSSSonatype

Madhu Akula, Automation Ninja We can see attacks happening in real time using a dashboard. By collecting logs from various sources we will monitor & analyse. Using data gleaned from the logs, we can apply defensive rules against the attackers. We will use AWS for managing and securing the infrastructure discussed in our talk. For most network engineers who monitor the perimeter for malicious content, it is very important to respond to an imminent threat originating from outside the boundaries of their network. Having to crunch through all the logs that the various devices (firewalls, routers, security appliances etc.) spit out, correlating that data and in real time making the right choices can prove to be a nightmare. Even with the solutions already available in the market. As I have experienced this myself, as part of the Internal DevOps and Incident Response Teams, in several cases, I would want to create a space for interested folks to design, build, customise and deploy their very own FOSS based centralised visual attack monitoring dashboard. This setup would be able to perform real time analysis using the trusted ELK stack and visually denote what popular attack hotspots exist on a network.

Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group

A web application’s attack surface is the combination of URLs it will respond to as well as the inputs to those URLs that can change the behavior of the application. Understanding an application’s attack surface is critical to being able to provide sufficient security test coverage, and by watching an application’s attack surface change over time security and development teams can help target and optimize testing activities. This presentation looks at methods of calculating web application attack surface and tracking the evolution of attack surface over time. In addition, it looks at metrics and thresholds that can be used to craft policies for integrating different testing activities into Continuous Integration / Continuous Delivery (CI/CD) pipelines for teams integrating security into their DevOps practices.

Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionSeniorStoryteller

Security & DevOps- Ways To Make Sure Your Apps & Infrastructure Are SecurePuppet

This webinar on DevOps and security will cover the definition of DevOps, common security challenges with the DevOps model, and how to take a "SecDevOps" approach to embed security into the development process. The presenters will discuss recommendations like increasing trust between development and security teams, using a continuous delivery pipeline to incrementally improve security, and including security as acceptance criteria for user stories. Questions from attendees will be answered at the end.

BsidesMCR_2016-what-can-infosec-learn-from-devopsJames '-- Mckinlay

The document discusses the history and evolution of DevOps practices over time, from concepts like daily builds in the 1990s to more recent approaches like infrastructure as code and serverless architectures. It provides an overview of key figures and texts that helped establish ideas like continuous integration, continuous delivery, and site reliability engineering. The document also shares the author's perspective on what commercial security tools have been developed for DevOps workflows and mentions some open source collaboration and automation tools.

Making Security Agile - Oleg GrybSeniorStoryteller

This document discusses challenges with integrating security into agile development processes and proposes solutions. It notes that traditional security approaches like threat modeling and penetration testing don't work well in agile environments with short release cycles. The document recommends automating security scans and tests to run with each code change. It also suggests integrating security findings into existing bug tracking tools to streamline remediation. The overall goal is to make security practices more agile and collaborative to improve cycle times for fixing issues.

Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype

Justin Collins, Brakeman Security It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews. This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.

DevOps and Application SecurityShahee Mirza

1. The document discusses introducing DevOpsSec which integrates security into the DevOps process. 2. It recommends making a plan for security, educating the entire team on security, and automating security testing and analysis within the continuous deployment pipeline. 3. The goal is to implement security earlier in the development process rather than as a last step, and establish a security-focused culture and team.

Building Security In - A Tale of Two Stories - Laksh RaghavanSeniorStoryteller

This document provides a summary of how PayPal adapted its Secure Product Lifecycle (SPLC) process to work within an Agile development model at scale. It describes how PayPal transitioned to having over 400 Scrum teams globally in a "big bang" transformation. It also details how PayPal implemented "Security Stories" to make security requirements equal citizens alongside user stories. This allows automated security controls and tools to handle most projects, with human involvement only for higher risk projects. Metrics like adoption rates and completed security stories are used to measure success.

Security and DevOps - Managing Security in a DevOps EnterpriseClaudia Ring

Looking at security and DevOps requires a view across two dimensions: Securing the application; and Securing the application delivery pipeline Securing the application focuses on ensuring the application being developed and delivered, and the associated data, are secure. This means building and delivering them using secure engineering practices that ensure their security and integrity, as well as that of the business and end-users. Securing the application delivery pipeline focuses on securing the delivery platform itself, so that the application development and delivery tools, the Infrastructure and environments, configurations, automation tools, repositories, and associated services and APIs are all secure. Join us to hear an overview of these concepts, how they can be applied across the software delivery pipeline and IBM offerings that can help you on your journey to secure DevOps.

Security DevOps: Wie Sie in agilen Projekten trotzdem sicher bleiben // JAX 2015Christian Schneider

Beschikbaarheidslijst 48Marc Servaes (06-47841367)

Software engineer j2EEMarc Servaes (06-47841367)

Beschikbaarheidslijst ICT NOVA week 47Marc Servaes (06-47841367)