SlideShare a Scribd company logo

Security Process in DevSecOps

Opsta
Opsta

The document discusses security processes in DevSecOps. It outlines how security can be automated and shifted left through the development pipeline. Key stages discussed are the precommit stage, acceptance stage, and production stage. At the precommit stage, tools like static application security testing, software composition analysis, and container scanning are used. The acceptance stage utilizes dynamic testing like penetration testing and vulnerability assessments. For production, automation security baselines, runtime protections, and monitoring are recommended. Automating security helps focus on agility while still maintaining security.

1 of 40
Downloaded 41 times
Security Process in Jirayut Nimsaeng (Dear) CEO & Founder, Opsta (Thailand) Co.,Ltd. TechTalkThai Conference: Enterprise Cybersecurity 2021 October 5, 2021 https://bit.ly/opsta-ttt-sec-in-devops
Security Process in DevSecOps #whoami Jirayut Nimsaeng (Dear) Jirayut has been involved in DevSecOps, Container, Cloud Technology and Open Source for over 10 years. He has experienced and succeeded in transforming several companies to deliver greater values and be more agile. ● He is Founder and CEO of Opsta (Thailand) Co.,Ltd. ● He is Cloud/DevSecOps Transformation Consultant and Solution Architecture ● He is the first Certified Kubernetes Security Specialist (CKS) and Certified Kubernetes Administrator (CKA) in Thailand
Security Process in DevSecOps Agenda ● Automation Security ● Precommit Stage ● Acceptance Stage ● Production Stage ● Wrap Up
Security Process in DevSecOps Security Process in Automation Security
Security Process in DevSecOps DevOps Flow Infrastructure Support Tools VCS Artifacts CI CD Dev Test Prod Monitoring Load Testing Automation & Infrastructure as Code Developer Operation & SRE Communication Security Security
Security Process in DevSecOps DevSecOps Flow Infrastructure Support Tools VCS Artifacts CI CD Dev Test Prod Monitoring Load Testing Automation & Infrastructure as Code Developer Operation & SRE Security Communication Security Shift Left with Automation
Security Process in DevSecOps Automation Security Infrastructure Support Tools VCS Artifacts CI CD Dev Test Prod Monitoring Load Testing Automation & Infrastructure as Code Developer Operation & SRE Security Automation Security Communication
Security Process in DevSecOps Security Automation in every steps Secure Coding SAST SCA Vulnerability Assessment Penetration Testing IAST Compliance Validation Threat Intelligence Secret Manager DAST Binary Analysis Threat Modelling SOC SOAR
Security Process in DevSecOps Automation Security Tools Code Build Secret Test Release Runtime Monitor Multi-purpose Commercial
Security Process in DevSecOps Security Stages on DevOps Flow Code Build Secret Test Release Runtime Monitor Precommit Stage Acceptance Stage Production Stage
Security Process in DevSecOps Security Process in Automation Security: Precommit Stage
Security Process in DevSecOps Secure Coding Secure coding is the practice of writing software that's protected from vulnerabilities. Some examples below refer from OWASP Secure Coding Practices ● Input Validation ● Authentication and Password Management ● Session Management ● Access Control ● Cryptographic Practices ● Error Handling and Logging ● Communication Security ● and much more...
Security Process in DevSecOps SAST (Static Application Security Testing) SAST is a testing methodology that analyzes source code to find security vulnerabilities. SAST scans an application before the code is compiled. It’s also known as white box testing.
Security Process in DevSecOps SAST (Static Application Security Testing)
Security Process in DevSecOps SCA (Software Composition Analysis) SCA scans source code to inventory all open-source components to eliminate vulnerabilities those listed in the National Vulnerability Database (NVD) and compatibility issues with open-source licenses.
Security Process in DevSecOps SCA (Software Composition Analysis)
Security Process in DevSecOps Security Process in Automation Security: Acceptance Stage
Security Process in DevSecOps Software Security Testing (1) Software security testing is the process of assessing and testing a system to discover security risks and vulnerabilities of the system and its data. ● Penetration Testing - The system undergoes analysis and attack from simulated malicious attackers. ● Fuzz Testing - is a brute-force reliability testing technique wherein you create and inject random data into a file or API in order to intentionally cause errors and then see what happens
Security Process in DevSecOps Software Security Testing (2) ● Vulnerability Assessment - The system is scanned and analyzed for security issues. ● DAST (Dynamic Application Security Testing) tools automate security tests for a variety of real-world threats. DAST is a black-box testing method to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization
Security Process in DevSecOps VA Scan and DAST
Security Process in DevSecOps IAST (Interactive Application Security Testing) IAST instruments applications by deploying agents and sensors in running applications and continuously analyzing all application interactions initiated by manual tests, automated tests, or a combination of both to identify vulnerabilities in real time
Security Process in DevSecOps IAST (Interactive Application Security Testing)
Security Process in DevSecOps Infrastructure as Code (IaC) Security IaC Security test and monitor your infrastructure as code such as Ansible, Terraform modules and Kubernetes YAML, JSON, and Helm charts to detect configuration issues that could open your deployments to attack and malicious behavior.
Security Process in DevSecOps Kubernetes Security ● Kubernetes Certificates ● Secret ● Network Policy ● Namespace ● Quota ● TLS Ingress Endpoint ● Secure Node Metadata ● CIS Benchmark ● Verify Platform Binary ● Harden Docker Image ● Image Policy Webhook ● Immutability ● RBAC ● Secure Service Account ● Secure API Endpoint ● Admission Controller ● Node Restriction ● Runtime Sandbox ● Non-Root Container ● Security Context ● Pod Security Policy ● Open Policy Agent ● Auditing
Security Process in DevSecOps Container Image Security Container security software is used to secure multiple components of containerized applications or files, along with their infrastructure and connected networks. Testing capabilities will assist in developing security policies, discover zero-day vulnerabilities, and simulate attacks from common threat sources.
Security Process in DevSecOps Container Image Security
Security Process in DevSecOps Signed Container Image
Security Process in DevSecOps Secrets Management Secrets management refers to the tools and methods for managing digital authentication credentials (secrets), including passwords, keys, APIs, and tokens for use in applications, services, privileged accounts and other sensitive parts of the IT ecosystem.
Security Process in DevSecOps Privileged Access Management (PAM) PAM software allows companies to secure their privileged credentials in a centralized, secure vault (a password safe). Additionally, these solutions control who has access to, and therefore who can use, the privileged credentials based on access policies (including user permissions and specific timeframes), often recording or logging user activity while using the credentials.
Security Process in DevSecOps Privileged Access Management (PAM)
Security Process in DevSecOps Security Process in Automation Security: Production Stage
Security Process in DevSecOps Automation Security Baseline Automation Security Baseline build standard hardening steps into your recipes instead of using scripts or manual checklists. This includes minimizing the attack surface by removing all packages that aren’t needed and that have known problems; and changing default configurations to be safe.
Security Process in DevSecOps Automation Security Baseline Tools
Security Process in DevSecOps Cloud Security Automation ● Monitoring - it is necessary that you monitor the workflow of all the tasks in your infrastructure. ● Evaluation - give you insights into which tasks can be automated like repetitive tasks, resource provisioning, deployments, creating security rules, etc. ● In-depth analysis - analyze the collected information in depth by differentiating it on the basis of severity as high, medium or low risk. ● Reporting - The automation processes should be configured to generate the reports to present the overview of the changes before or after. ● Remediations - implement remediation and improve overall security posture.
Security Process in DevSecOps RASP (Run-time Application Security Protection) RASP works inside the application. It’s plugged into an application or its runtime environment and can control application execution. RASP lets an app run continuous security checks on itself and respond to live attacks by terminating an attacker’s session and alerting defenders to the attack.
Security Process in DevSecOps WAF (Web Application Firewall) WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model)
Security Process in DevSecOps Security monitoring, sometimes referred to as "security information monitoring (SIM)" or "security event monitoring (SEM)," involves collecting and analysing information to detect suspicious behavior or unauthorised system changes on your network, defining which types of behavior should trigger alerts, and taking action on alerts as needed. Security Monitoring
Security Process in DevSecOps Security Process in Wrap Up
Security Process in DevSecOps Automation Security Agile Focus DevOps Focus on Automation Security in every steps with Automation Code Build Integrate Test Release Configure Monitor Plan Deploy
Security Process in DevSecOps More questions? jirayut@opsta.co.th Jirayut Nimsaeng CEO & Founder Opsta (Thailand) 086-069-4042 Facebook
Ad

Recommended

DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
MohammadSaif904342
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
abhimanyubhogwan
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
Archana Joshi
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
 
Scaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for EnterpriseScaling DevSecOps Culture for Enterprise
Scaling DevSecOps Culture for Enterprise
Opsta
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Albert Suwandhi
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
Edureka!
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
Rubal Jain
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital LandscapeDevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital Landscape
stevecooper930744
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
Ad

More Related Content

What's hot (20)

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
Edureka!
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
Rubal Jain
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and How
NotSoSecure Global Services
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
Edureka!
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Joel Divekar
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
Sonatype
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
DevOps Indonesia
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
CYBRIC
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
Rubal Jain
 
DevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to SecurityDevSecOps: Taking a DevOps Approach to Security
DevSecOps: Taking a DevOps Approach to Security
Alert Logic
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 

Similar to Security Process in DevSecOps (20)

DevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital LandscapeDevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital Landscape
stevecooper930744
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
Enov8
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Spv Reddy
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
What are DevSecOps Tools and Why Do You Need Them?
What are DevSecOps Tools and Why Do You Need Them?What are DevSecOps Tools and Why Do You Need Them?
What are DevSecOps Tools and Why Do You Need Them?
Dev Software
 
What are DevSecOps Tools and Why Do You Need Them.pptx
What are DevSecOps Tools and Why Do You Need Them.pptxWhat are DevSecOps Tools and Why Do You Need Them.pptx
What are DevSecOps Tools and Why Do You Need Them.pptx
Dev Software
 
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
mohitd6
 
Are You Ready to Ace Your DevSecOps Interview?
Are You Ready to Ace Your DevSecOps Interview?Are You Ready to Ace Your DevSecOps Interview?
Are You Ready to Ace Your DevSecOps Interview?
Azpirantz Technologies
 
🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨
🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨
🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨
Mansi Kandari
 
Top 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdfTop 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdf
infosec train
 
𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
InfosecTrain
 
Top 20 DevsecOps Interview Questions.pdf
Top 20 DevsecOps Interview Questions.pdfTop 20 DevsecOps Interview Questions.pdf
Top 20 DevsecOps Interview Questions.pdf
infosecTrain
 
Streamlining Your Security with These Essential DevSecOps Tools
Streamlining Your Security with These Essential DevSecOps ToolsStreamlining Your Security with These Essential DevSecOps Tools
Streamlining Your Security with These Essential DevSecOps Tools
Dev Software
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
Suman Sourav
 
DevSecOps - Background, Status and Future Challenges
DevSecOps - Background, Status and Future ChallengesDevSecOps - Background, Status and Future Challenges
DevSecOps - Background, Status and Future Challenges
dsc71656
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps Pipeline
Enov8
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital LandscapeDevSecOps Best Practices-Safeguarding Your Digital Landscape
DevSecOps Best Practices-Safeguarding Your Digital Landscape
stevecooper930744
 
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOpsTechTalk 2021: Peran IT Security dalam Penerapan DevOps
TechTalk 2021: Peran IT Security dalam Penerapan DevOps
DicodingEvent
 
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
Enov8
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
Spv Reddy
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
What are DevSecOps Tools and Why Do You Need Them?
What are DevSecOps Tools and Why Do You Need Them?What are DevSecOps Tools and Why Do You Need Them?
What are DevSecOps Tools and Why Do You Need Them?
Dev Software
 
What are DevSecOps Tools and Why Do You Need Them.pptx
What are DevSecOps Tools and Why Do You Need Them.pptxWhat are DevSecOps Tools and Why Do You Need Them.pptx
What are DevSecOps Tools and Why Do You Need Them.pptx
Dev Software
 
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
mohitd6
 
Are You Ready to Ace Your DevSecOps Interview?
Are You Ready to Ace Your DevSecOps Interview?Are You Ready to Ace Your DevSecOps Interview?
Are You Ready to Ace Your DevSecOps Interview?
Azpirantz Technologies
 
🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨
🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨
🚨 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐭𝐨 𝐀𝐜𝐞 𝐘𝐨𝐮𝐫 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰? 🚨
Mansi Kandari
 
Top 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdfTop 20 DevSecOps Interview Questions.pdf
Top 20 DevSecOps Interview Questions.pdf
infosec train
 
𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
𝐓𝐨𝐩 𝟐𝟎 𝐃𝐞𝐯𝐒𝐞𝐜𝐎𝐩𝐬 𝐈𝐧𝐭𝐞𝐫𝐯𝐢𝐞𝐰 𝐐𝐮𝐞𝐬𝐭𝐢𝐨𝐧𝐬
InfosecTrain
 
Top 20 DevsecOps Interview Questions.pdf
Top 20 DevsecOps Interview Questions.pdfTop 20 DevsecOps Interview Questions.pdf
Top 20 DevsecOps Interview Questions.pdf
infosecTrain
 
Streamlining Your Security with These Essential DevSecOps Tools
Streamlining Your Security with These Essential DevSecOps ToolsStreamlining Your Security with These Essential DevSecOps Tools
Streamlining Your Security with These Essential DevSecOps Tools
Dev Software
 
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOpsDevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps
Suman Sourav
 
DevSecOps - Background, Status and Future Challenges
DevSecOps - Background, Status and Future ChallengesDevSecOps - Background, Status and Future Challenges
DevSecOps - Background, Status and Future Challenges
dsc71656
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps PipelineDevSecOps Implement Making Security Central to Your DevOps Pipeline
DevSecOps Implement Making Security Central to Your DevOps Pipeline
Enov8
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
Ad

More from Opsta (20)

Deploy 22 microservices from scratch in 30 mins with GitOps
Deploy 22 microservices from scratch in 30 mins with GitOpsDeploy 22 microservices from scratch in 30 mins with GitOps
Deploy 22 microservices from scratch in 30 mins with GitOps
Opsta
 
Let's build Developer Portal with Backstage
Let's build Developer Portal with BackstageLet's build Developer Portal with Backstage
Let's build Developer Portal with Backstage
Opsta
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
Opsta
 
Introduction of CCE and DevCloud
Introduction of CCE and DevCloudIntroduction of CCE and DevCloud
Introduction of CCE and DevCloud
Opsta
 
How to build DevSecOps Platform on Huawei Cloud
How to build DevSecOps Platform on Huawei CloudHow to build DevSecOps Platform on Huawei Cloud
How to build DevSecOps Platform on Huawei Cloud
Opsta
 
Make a better DevOps with GitOps
Make a better DevOps with GitOpsMake a better DevOps with GitOps
Make a better DevOps with GitOps
Opsta
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
Opsta
 
Platform Engineering
Platform EngineeringPlatform Engineering
Platform Engineering
Opsta
 
Manage Kubernetes Clusters with Cluster API and ArgoCD
Manage Kubernetes Clusters with Cluster API and ArgoCDManage Kubernetes Clusters with Cluster API and ArgoCD
Manage Kubernetes Clusters with Cluster API and ArgoCD
Opsta
 
How we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on KubernetesHow we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on Kubernetes
Opsta
 
Introduction to Kubernetes with demo
Introduction to Kubernetes with demoIntroduction to Kubernetes with demo
Introduction to Kubernetes with demo
Opsta
 
Introduction to Kubernetes and GKE
Introduction to Kubernetes and GKEIntroduction to Kubernetes and GKE
Introduction to Kubernetes and GKE
Opsta
 
Introduction to Google Cloud Platform
Introduction to Google Cloud PlatformIntroduction to Google Cloud Platform
Introduction to Google Cloud Platform
Opsta
 
Managing traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshopManaging traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshop
Opsta
 
How to pass the Google Certification Exams
How to pass the Google Certification ExamsHow to pass the Google Certification Exams
How to pass the Google Certification Exams
Opsta
 
How to Become DevOps
How to Become DevOpsHow to Become DevOps
How to Become DevOps
Opsta
 
DevOps: The Future of Software Development
DevOps: The Future of Software DevelopmentDevOps: The Future of Software Development
DevOps: The Future of Software Development
Opsta
 
Real World CI/CD with Kubernetes
Real World CI/CD with KubernetesReal World CI/CD with Kubernetes
Real World CI/CD with Kubernetes
Opsta
 
Journey of Kubernetes Scaling
Journey of Kubernetes ScalingJourney of Kubernetes Scaling
Journey of Kubernetes Scaling
Opsta
 
DevOps Transformation in Technical
DevOps Transformation in TechnicalDevOps Transformation in Technical
DevOps Transformation in Technical
Opsta
 
Deploy 22 microservices from scratch in 30 mins with GitOps
Deploy 22 microservices from scratch in 30 mins with GitOpsDeploy 22 microservices from scratch in 30 mins with GitOps
Deploy 22 microservices from scratch in 30 mins with GitOps
Opsta
 
Let's build Developer Portal with Backstage
Let's build Developer Portal with BackstageLet's build Developer Portal with Backstage
Let's build Developer Portal with Backstage
Opsta
 
Kubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with DemoKubernetes Secrets Management on Production with Demo
Kubernetes Secrets Management on Production with Demo
Opsta
 
Introduction of CCE and DevCloud
Introduction of CCE and DevCloudIntroduction of CCE and DevCloud
Introduction of CCE and DevCloud
Opsta
 
How to build DevSecOps Platform on Huawei Cloud
How to build DevSecOps Platform on Huawei CloudHow to build DevSecOps Platform on Huawei Cloud
How to build DevSecOps Platform on Huawei Cloud
Opsta
 
Make a better DevOps with GitOps
Make a better DevOps with GitOpsMake a better DevOps with GitOps
Make a better DevOps with GitOps
Opsta
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
Opsta
 
Platform Engineering
Platform EngineeringPlatform Engineering
Platform Engineering
Opsta
 
Manage Kubernetes Clusters with Cluster API and ArgoCD
Manage Kubernetes Clusters with Cluster API and ArgoCDManage Kubernetes Clusters with Cluster API and ArgoCD
Manage Kubernetes Clusters with Cluster API and ArgoCD
Opsta
 
How we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on KubernetesHow we can do Multi-Tenancy on Kubernetes
How we can do Multi-Tenancy on Kubernetes
Opsta
 
Introduction to Kubernetes with demo
Introduction to Kubernetes with demoIntroduction to Kubernetes with demo
Introduction to Kubernetes with demo
Opsta
 
Introduction to Kubernetes and GKE
Introduction to Kubernetes and GKEIntroduction to Kubernetes and GKE
Introduction to Kubernetes and GKE
Opsta
 
Introduction to Google Cloud Platform
Introduction to Google Cloud PlatformIntroduction to Google Cloud Platform
Introduction to Google Cloud Platform
Opsta
 
Managing traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshopManaging traffic routing with istio and envoy workshop
Managing traffic routing with istio and envoy workshop
Opsta
 
How to pass the Google Certification Exams
How to pass the Google Certification ExamsHow to pass the Google Certification Exams
How to pass the Google Certification Exams
Opsta
 
How to Become DevOps
How to Become DevOpsHow to Become DevOps
How to Become DevOps
Opsta
 
DevOps: The Future of Software Development
DevOps: The Future of Software DevelopmentDevOps: The Future of Software Development
DevOps: The Future of Software Development
Opsta
 
Real World CI/CD with Kubernetes
Real World CI/CD with KubernetesReal World CI/CD with Kubernetes
Real World CI/CD with Kubernetes
Opsta
 
Journey of Kubernetes Scaling
Journey of Kubernetes ScalingJourney of Kubernetes Scaling
Journey of Kubernetes Scaling
Opsta
 
DevOps Transformation in Technical
DevOps Transformation in TechnicalDevOps Transformation in Technical
DevOps Transformation in Technical
Opsta
 
Ad

Recently uploaded (20)

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Heap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and DeletionHeap, Types of Heap, Insertion and Deletion
Heap, Types of Heap, Insertion and Deletion
Jaydeep Kale
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025Splunk Security Update | Public Sector Summit Germany 2025
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 

Security Process in DevSecOps

  • 1. Security Process in Jirayut Nimsaeng (Dear) CEO & Founder, Opsta (Thailand) Co.,Ltd. TechTalkThai Conference: Enterprise Cybersecurity 2021 October 5, 2021 https://bit.ly/opsta-ttt-sec-in-devops
  • 2. Security Process in DevSecOps #whoami Jirayut Nimsaeng (Dear) Jirayut has been involved in DevSecOps, Container, Cloud Technology and Open Source for over 10 years. He has experienced and succeeded in transforming several companies to deliver greater values and be more agile. ● He is Founder and CEO of Opsta (Thailand) Co.,Ltd. ● He is Cloud/DevSecOps Transformation Consultant and Solution Architecture ● He is the first Certified Kubernetes Security Specialist (CKS) and Certified Kubernetes Administrator (CKA) in Thailand
  • 3. Security Process in DevSecOps Agenda ● Automation Security ● Precommit Stage ● Acceptance Stage ● Production Stage ● Wrap Up
  • 4. Security Process in DevSecOps Security Process in Automation Security
  • 5. Security Process in DevSecOps DevOps Flow Infrastructure Support Tools VCS Artifacts CI CD Dev Test Prod Monitoring Load Testing Automation & Infrastructure as Code Developer Operation & SRE Communication Security Security
  • 6. Security Process in DevSecOps DevSecOps Flow Infrastructure Support Tools VCS Artifacts CI CD Dev Test Prod Monitoring Load Testing Automation & Infrastructure as Code Developer Operation & SRE Security Communication Security Shift Left with Automation
  • 7. Security Process in DevSecOps Automation Security Infrastructure Support Tools VCS Artifacts CI CD Dev Test Prod Monitoring Load Testing Automation & Infrastructure as Code Developer Operation & SRE Security Automation Security Communication
  • 8. Security Process in DevSecOps Security Automation in every steps Secure Coding SAST SCA Vulnerability Assessment Penetration Testing IAST Compliance Validation Threat Intelligence Secret Manager DAST Binary Analysis Threat Modelling SOC SOAR
  • 9. Security Process in DevSecOps Automation Security Tools Code Build Secret Test Release Runtime Monitor Multi-purpose Commercial
  • 10. Security Process in DevSecOps Security Stages on DevOps Flow Code Build Secret Test Release Runtime Monitor Precommit Stage Acceptance Stage Production Stage
  • 11. Security Process in DevSecOps Security Process in Automation Security: Precommit Stage
  • 12. Security Process in DevSecOps Secure Coding Secure coding is the practice of writing software that's protected from vulnerabilities. Some examples below refer from OWASP Secure Coding Practices ● Input Validation ● Authentication and Password Management ● Session Management ● Access Control ● Cryptographic Practices ● Error Handling and Logging ● Communication Security ● and much more...
  • 13. Security Process in DevSecOps SAST (Static Application Security Testing) SAST is a testing methodology that analyzes source code to find security vulnerabilities. SAST scans an application before the code is compiled. It’s also known as white box testing.
  • 14. Security Process in DevSecOps SAST (Static Application Security Testing)
  • 15. Security Process in DevSecOps SCA (Software Composition Analysis) SCA scans source code to inventory all open-source components to eliminate vulnerabilities those listed in the National Vulnerability Database (NVD) and compatibility issues with open-source licenses.
  • 16. Security Process in DevSecOps SCA (Software Composition Analysis)
  • 17. Security Process in DevSecOps Security Process in Automation Security: Acceptance Stage
  • 18. Security Process in DevSecOps Software Security Testing (1) Software security testing is the process of assessing and testing a system to discover security risks and vulnerabilities of the system and its data. ● Penetration Testing - The system undergoes analysis and attack from simulated malicious attackers. ● Fuzz Testing - is a brute-force reliability testing technique wherein you create and inject random data into a file or API in order to intentionally cause errors and then see what happens
  • 19. Security Process in DevSecOps Software Security Testing (2) ● Vulnerability Assessment - The system is scanned and analyzed for security issues. ● DAST (Dynamic Application Security Testing) tools automate security tests for a variety of real-world threats. DAST is a black-box testing method to identify vulnerabilities in their applications from an external perspective to better simulate threats most easily accessed by hackers outside their organization
  • 20. Security Process in DevSecOps VA Scan and DAST
  • 21. Security Process in DevSecOps IAST (Interactive Application Security Testing) IAST instruments applications by deploying agents and sensors in running applications and continuously analyzing all application interactions initiated by manual tests, automated tests, or a combination of both to identify vulnerabilities in real time
  • 22. Security Process in DevSecOps IAST (Interactive Application Security Testing)
  • 23. Security Process in DevSecOps Infrastructure as Code (IaC) Security IaC Security test and monitor your infrastructure as code such as Ansible, Terraform modules and Kubernetes YAML, JSON, and Helm charts to detect configuration issues that could open your deployments to attack and malicious behavior.
  • 24. Security Process in DevSecOps Kubernetes Security ● Kubernetes Certificates ● Secret ● Network Policy ● Namespace ● Quota ● TLS Ingress Endpoint ● Secure Node Metadata ● CIS Benchmark ● Verify Platform Binary ● Harden Docker Image ● Image Policy Webhook ● Immutability ● RBAC ● Secure Service Account ● Secure API Endpoint ● Admission Controller ● Node Restriction ● Runtime Sandbox ● Non-Root Container ● Security Context ● Pod Security Policy ● Open Policy Agent ● Auditing
  • 25. Security Process in DevSecOps Container Image Security Container security software is used to secure multiple components of containerized applications or files, along with their infrastructure and connected networks. Testing capabilities will assist in developing security policies, discover zero-day vulnerabilities, and simulate attacks from common threat sources.
  • 26. Security Process in DevSecOps Container Image Security
  • 27. Security Process in DevSecOps Signed Container Image
  • 28. Security Process in DevSecOps Secrets Management Secrets management refers to the tools and methods for managing digital authentication credentials (secrets), including passwords, keys, APIs, and tokens for use in applications, services, privileged accounts and other sensitive parts of the IT ecosystem.
  • 29. Security Process in DevSecOps Privileged Access Management (PAM) PAM software allows companies to secure their privileged credentials in a centralized, secure vault (a password safe). Additionally, these solutions control who has access to, and therefore who can use, the privileged credentials based on access policies (including user permissions and specific timeframes), often recording or logging user activity while using the credentials.
  • 30. Security Process in DevSecOps Privileged Access Management (PAM)
  • 31. Security Process in DevSecOps Security Process in Automation Security: Production Stage
  • 32. Security Process in DevSecOps Automation Security Baseline Automation Security Baseline build standard hardening steps into your recipes instead of using scripts or manual checklists. This includes minimizing the attack surface by removing all packages that aren’t needed and that have known problems; and changing default configurations to be safe.
  • 33. Security Process in DevSecOps Automation Security Baseline Tools
  • 34. Security Process in DevSecOps Cloud Security Automation ● Monitoring - it is necessary that you monitor the workflow of all the tasks in your infrastructure. ● Evaluation - give you insights into which tasks can be automated like repetitive tasks, resource provisioning, deployments, creating security rules, etc. ● In-depth analysis - analyze the collected information in depth by differentiating it on the basis of severity as high, medium or low risk. ● Reporting - The automation processes should be configured to generate the reports to present the overview of the changes before or after. ● Remediations - implement remediation and improve overall security posture.
  • 35. Security Process in DevSecOps RASP (Run-time Application Security Protection) RASP works inside the application. It’s plugged into an application or its runtime environment and can control application execution. RASP lets an app run continuous security checks on itself and respond to live attacks by terminating an attacker’s session and alerting defenders to the attack.
  • 36. Security Process in DevSecOps WAF (Web Application Firewall) WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model)
  • 37. Security Process in DevSecOps Security monitoring, sometimes referred to as "security information monitoring (SIM)" or "security event monitoring (SEM)," involves collecting and analysing information to detect suspicious behavior or unauthorised system changes on your network, defining which types of behavior should trigger alerts, and taking action on alerts as needed. Security Monitoring
  • 38. Security Process in DevSecOps Security Process in Wrap Up
  • 39. Security Process in DevSecOps Automation Security Agile Focus DevOps Focus on Automation Security in every steps with Automation Code Build Integrate Test Release Configure Monitor Plan Deploy
  • 40. Security Process in DevSecOps More questions? [email protected] Jirayut Nimsaeng CEO & Founder Opsta (Thailand) 086-069-4042 Facebook