Your Resolution for 2018: Five Principles For Securing DevOps
1 like1,097 views
Organizations in today’s market must strike a balance between competitive differentiation and meeting evolving compliance standards-particularly related to software security. They need to obtain faster release and deployment cycles, improved collaboration between business stakeholders and application development and operations teams, and automation tools. DevOps, an innovative organizational and cultural way of organizing development and IT operations work, is addressing this challenge – driven by mounting evidence of its benefits to the business. However reaping these gains requires rethinking application security to deliver more secure code at DevOps speed.
1 of 16
Downloaded 22 times
Ad
Recommended
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...
How Aporeto Secures Cloud-native Across Public, Private, & Hybrid Clouds with...DevOps.com Containerization has increased the pace of deployment but doesn't overcome the need for application security. Key to making your security teams comfortable with containers is to maintain visibility into the various software components and proactively patching vulnerabilities as they are disclosed. Aporeto provides a service mesh for application security on any orchestrator, including Kubernetes, and/or any on-premises or cloud infrastructure including AWS, Azure and Google. Their easy to deploy solution provides consistent security that is automated to eliminate both manual efforts and human errors.
Don Chouinard, Product Marketing lead at Aporeto, will share how Aporeto uses InfluxData to maintain visibility into the security state of the various application components whenever they run using automatically generated security policies.
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfiantoidsecconf This document discusses practical DevSecOps. It begins with an agenda and introduction of the presenter. It then describes the presenter's work background and organization. The document outlines the development lifecycle, from no versioning or automation to introducing versioning, continuous integration, and automated security analysis. It discusses competing priorities between business, development, security, and operations. The rest of the document covers why automation is important, what DevOps and DevSecOps are, an example GitLab CI configuration, lessons learned, and concludes by thanking the audience.
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSEric Smalling The document discusses securing modern applications in AWS. It begins with an overview of the risk profile of modern applications, noting that they often incorporate a large amount of open source code and are deployed rapidly using containers and infrastructure as code. It then demonstrates how to "live hack" an application running on AWS. Next, it discusses how Snyk can help prevent such exploits by empowering developers, automating fixes, and providing security throughout the entire codebase. It also outlines additional security practices like minimizing container footprints, using secrets safely, and implementing network policies. Finally, it promotes attending additional security sessions and provides references for further reading.
Implementing Fast IT Deploying Applications at the Pace of Innovation 
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet Fast innovation requires Fast IT: the new model for IT that transforms the way we deliver new business application capabilities to our clients.
Cisco IT has created solutions that enable automated provisioning of environments and fast deployment of cloud applications through “Software Development-as-a-Service”.
In this session, we’ll provide a hands-on experience of how application teams use an automated toolset to combine quality and agility, while reducing operational expense. We’ll also provide a view of the key technologies that enable this solution.
Finally, there’s a quick glimpse into what’s next: containerization and IOE Application Enablement.
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...
DevSecCon Boston 2018: Automated DevSecOps infrastructure deployment: recipes...DevSecCon This document discusses securing the DevOps pipeline with an automated and agile approach. It recommends including static code analysis, web application scanning, environment compliance checks, and a vulnerability management system in the pipeline. It then provides more details on configuring tasks for each of these tools: static code analysis, web application scanning, infrastructure inspection, and vulnerability management system. The presentation encourages questions and provides contact information for the speaker.
Extending GitHub to Meet your Open Source Policy
Extending GitHub to Meet your Open Source PolicyFINOS Jamie Jones, GitHub: Extending GitHub to Meet your Open Source Policy.
GitHub is often described as the home of the Open Source, but that doesn’t mean it comes easy. This talk will go over how you can use the features within GitHub (and that you can extend yourself) to meet many of your policy, security, and workflow needs. It includes looking at features such as Protected Branches, Code Approvals, and building your own integrations with PRobot. This presentation will give attendees the confidence to align Github with their own organizational needs and compliance requirements.
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...Wouter Bloeyaert Do you know that 90% of all vulnerabilities can be prevented by introducing security in every step of your software development lifecycle (SDLC)? Get ready to join Wouter on his journey on how he introduced security into the SDLC at a company.
During his talk, Wouter will introduce you to how development, operations and security can be fitted together into “SecDevOps”.
The talk uses practical examples so that you will be able to experiment with “SecDevOps” yourself and know what you should pay attention to when implementing this into your own SDLC.
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon DevSecOps uses automation tools to integrate security practices into the development lifecycle. The document discusses DevSecOps and tools like Ansible, which allows quick and easy configuration management. It can automate tasks over SSH/WinRM using YAML files. Ansible has many ready-to-use modules for cloud infrastructure, virtualization, monitoring, security, and logging. The document promotes joining the #devseccon conversation to discuss DevSecOps tools and practices.
DevSecOps, The Good, Bad, and Ugly
DevSecOps, The Good, Bad, and Ugly4ndersonLin This document discusses DevSecOps and covers the good, bad, and ugly aspects. DevSecOps aims to integrate security practices into the development lifecycle like threat modeling, security testing, and monitoring. The good aspects include finding vulnerabilities early through testing and reviewable infrastructure policies. The bad parts are potential performance issues and loss of availability from tools. The ugly challenges are misunderstandings causing disasters, unstable new tools causing false alarms, and responsibility over security. Overall, DevSecOps is about people, process, and integrating security throughout the development lifecycle rather than just tools.
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE This document summarizes the PIACERE project, which aims to integrate security into DevSecOps processes. It receives funding from the EU Horizon 2020 program. The project develops tools like the DevSecOps Modeling Language (DOML) and Verification Tool to integrate security principles into infrastructure modeling and deployment. It also includes a Canary Sandbox Environment for testing deployments and an Infrastructure Optimization Platform for optimizing cloud resources. The overall goal is to provide a unified platform for secure, automated deployment to multiple clouds.
Bio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and TransparencyKevin Gilpin As more companies adopt DevOps programs and build new infrastructure, the quantity and sensitivity of data being processed outside of the traditional IT stack are growing. Few organizations know where the access points into this information are, or how to secure them. We outline best practices for establishing visibility and control in this new space, drawing real-world examples from environments large and small.
SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)Priyanka Aash This document discusses immutable infrastructure. It defines immutable infrastructure as servers that are never modified after deployment. It outlines some key rules and advantages of immutable infrastructure, such as increased security and consistency. The document also notes some potential drawbacks and provides recommendations for implementing immutable infrastructure using tools like containers and cloud platforms. It concludes with a demo of immutable containers and further reading suggestions.
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAaronLieberman5 With more APIs in circulation than ever before, there has been a direct correlation to the number of API abuses reported across industries. This is because APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. If you couple that with the fact that attacks on APIs have become more sophisticated, with some attackers even using AI themselves, then you can see why even some of the more security-conscious organizations can have trouble properly securing their APIs.
A robust API Security posture can be broken down into several areas including:
Proper design and coding during the development process
API governance and compliance through visibility of all your APIs (shadow too!) and a mapping of how they connect to each other.
General application and API protection from tools such as API gateways, WAFs, NG-WAF, and RASPS
An always-updating understanding of your user behaviors regarding your APIs.
You won’t have comprehensive API security without solutions in each of these areas.
We will also discuss:
The roles of API developers, infosec, support, and enterprise architects as it relates to API security
Microservices role in making it difficult to secure your APIs
The importance of inventorying your APIs
How technologies like Traceable can help protect your APIs against advanced attacks
Key takeaways:
Why your API's are a key attack surface for modern bad actors
Why APi's are so much harder to secure than traditional web traffic
What's necessary to secure your APIs
Why yesterday's solutions can't solve today's new API security challenges
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group Snyk continuously monitors your application’s dependencies and lets you quickly respond when new vulnerabilities are disclosed. Threadfix allows organizations to gain true visibility into a your project’s security posture by cross referencing results on an app from multiple sources (SCA, SAST, DAST, etc.), ultimately enabling better prioritization, while Snyk focuses on remediation at the source with the automated fix pull requests. Join us to see how, together, Snyk and ThreadFix can enhance application security and prevent risks, while preserving development scale and speed.
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5 Visibility into any system is a key component of creating a supportable platform. Without proper logging, support can be costly and inefficient. With the emergence of APIs, microservices, and distributed, decoupled architectures, logging becomes even more important because there are more components that make up a system than ever before. This is beneficial from the standpoint of creating reliable systems, but logging frameworks need to adapt to this architecture because the premise of logging remains the same as it always has: log clear messages that are easy to read with the goal of enhancing visibility into a system.
In this Meetup hosted by Big Compass, we will explore techniques of logging from the typical iPaas or always-on managed system like a custom application on an EC2, and we will balance that with a discussion on logging from serverless microservices such as AWS Lambda also. We’ll walk through a real system we have created and discuss how a logging framework can be created using AWS serverless services to enhance the visibility and supportability of the system.
You will learn:
Common best practices and blind spots of logging
Differences of logging from always-on systems versus serverless services (AWS Lambda)
Successful use cases where logging has been implemented to improve supportability of a system
Who should attend:
IT leaders who want to decrease support cost and have a system visibility pain point
Developers struggling with implementing a robust, highly visible logging solution
Anyone considering using serverless technology for an upcoming implementation
Reasons to attend:
Create a logging framework that garners deep visibility and a great experience for users, no matter the underlying architecture
Keynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.
DevSecOps Everything You Need To Know
DevSecOps Everything You Need To KnowCentextech DevSecOps integrates security practices into DevOps processes to allow for lean and agile security testing throughout software development without disrupting delivery cycles. It is necessary because DevOps failed to properly account for security and compliance issues, whereas DevSecOps facilitates collaboration between developers and security teams to identify and resolve vulnerabilities early. Key principles of DevSecOps include security, compliance, collaboration, threat intelligence, and continuous learning.
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Reuven Harrison An intro to DevOps for security professionals + Our latest innovation: auto-generated security policies in the CI/CD pipeline
José Vila - ¿Otro parche más? No, por favor. [rooted2018]![José Vila - ¿Otro parche más? No, por favor. [rooted2018]](https://cdn.slidesharecdn.com/ss_thumbnails/josevila-slides-180312223857-thumbnail.jpg?width=560&fit=bounds)
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON Sigue siendo una tendencia mayoritaria en el ámbito del desarrollo de software que el analizar la seguridad del producto se postergue a las últimas etapas del proceso. Uno de los motivos suele ser el impacto económico de contar con un ciclo seguro de desarrollo, pesa demasiado al inicio del proyecto y por tanto se descarta tener una metodología integrada durante todo el proceso.
Este planteamiento se está volviendo cada vez más en contra de los desarrolladores y demás actores implicados. Una vez lanzado el producto al mercado, acaban teniendo que invertir recursos inesperados por culpa de problemas de seguridad. Parches, hotfixes, actualizaciones… se convierten en la solución monótona que, lo que consigue es acabar dificultando la usabilidad del producto. Seguro que a todos se nos vienen nombres a la cabeza.
El propósito de esta presentación es el exponer la necesidad de integrar metodologías de seguridad desde las etapas más tempranas del ciclo de vida de sus productos, los beneficios de tener presente el desarrollo seguro de productos y mostrar buenas practicas que favorecen a la mejora de la seguridad de los productos, generando software de mayor calidad.
Y si esto ya te lo han contado en otra CON… ¿por qué no lo estás poniendo en práctica?
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource In Collaboration with DevOps.com, WhiteSource's Shiri Ivtsan discussed in this webinar the main security challenges organizations face when using containers.
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource This document provides an agenda for a webinar on securing CI/CD pipelines from start to finish with CircleCI and WhiteSource. The agenda includes brief introductions to CircleCI and WhiteSource, an overview of CircleCI Orbs and how they can simplify integrations, a discussion of the state of open source usage and security, and a demo of WhiteSource scanning functionality directly within a CircleCI pipeline using an Orb.
Chefdevseccon2015
Chefdevseccon2015sc0ttruss This document discusses quantifying security through automation. It provides examples of using the Chef infrastructure automation tool and the CIS audit cookbook to codify and automate security policies and compliance checks. The challenges discussed include making security tools more API-friendly to integrate with continuous deployment pipelines, dynamically configuring firewalls, and automating security testing across multiple builds and applications. Overall, the document advocates expressing security policies in code and integrating security automation into continuous delivery processes from the start.
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach made AppSec and InfoSec were a little left behind. The DevOps squad topology does not involve any of the organization's AppSec and InfoSec Engineer. Many DevOps team are also not included them since they lack the information on how to manage and configure DevOps CI / CD pipelines and DevSecOps approaches. There's no shortage of talent — you probably don't have a mission worth getting out of bed or a culture that fosters continuous learning such DevSecOps skill and tools and growth where people feel psychologically safe. Besides, there is no shortage of skills — most have a poor understanding of what they need to be successful or the skills that need to leverage to improve their security posture.
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge WhiteSource It’s no secret that open source components form the backbone of today’s software, comprising between 60-80% of modern applications. But with this, comes the alarming rise in open source vulnerabilities – more than 3,500 open source vulnerabilities were reported in 2017 – that’s 60% higher than the previous year, and the trend continued in 2018.
The question arises: how can DevOps teams ensure a visible and continuous delivery pipeline for software releases without letting security slow them down?
Join WhiteSource’s Product Manager, Shiri Ivtsan, as she discusses:
- The current state of open source vulnerabilities management;
- The latest innovations in the open source security world; and
- The best DevOps tools to protect organizations against open source vulnerabilities and ensure agility, visibility and control regarding their open source.
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentDevOps.com Today, running applications in the cloud is a must-have. But that doesn’t mean it’s risk-free. In this webinar, CircleCI and xMatters will discuss security issues in the application lifecycle, and demo solutions so your team can be confident you’re deploying safely and securely. Join to understand:
Common risks and vulnerabilities in cloud deployments
Patterns and best practices for ease of testing and deployment management
How CircleCi and xMatters make deploying to cloud (especially multi-cloud environments) safer and more secure
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...WhiteSource This document discusses open source security challenges and recommendations for addressing them. It notes that over 96% of developers rely on open source components but open source vulnerabilities are rising. While companies prioritize fixes, over half do not do so efficiently based on real business impact. The document recommends integrating scanning for vulnerabilities into the entire software development lifecycle from code to deployment. Automating scanning, prioritization of issues, and remediation helps ensure open source security.
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource by Andre Kurniawan and Alan Adi Prasetyo
DevSecOps outline
DevSecOps outlineNickleus Jimenez DevSecOps aims to define success, assign responsibilities and milestones, discover the code pipeline by treating code as infrastructure and implementing quality control, inventory security tools by understanding what is owned and the costs, assess gaps by picking frameworks and balancing controls with complexity, and iterate quickly by continuously improving and focusing on platforms over individual tools. The presentation outlines steps for organizations to implement DevSecOps practices by defining objectives, understanding code movement, taking inventory of security tools, assessing gaps, and iterating processes.
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com As security and privacy permeate companies’ business practices, DevOps is leading a transformation in the way software is built and delivered. And despite its substantial organizational, cultural and technological requirements, DevOps continues to grow in popularity. Companies that are adopting continuous delivery disciplines demonstrate better IT and organizational performance.
To achieve this level of performance, IT organizations must embrace a new way of thinking about application security. It is critical to understand how DevOps and continuous integration/continuous deployment (CI/CD) differ from agile development and how this changes the requirements for your application security. In this webinar, one of CA Veracode’s product and development experts will provide the latest update to the "Five Principles of Secure DevOps." Much has evolved in this space, and CA Veracode continues to share examples and best practices on how organizations can make the transition to DevSecOps to gain a competitive advantage.
Webinar – Risk-based adaptive DevSecOps 
Webinar – Risk-based adaptive DevSecOps Synopsys Software Integrity Group During a recent webinar, Meera Rao, DevSecOps Practice Director with Synopsys Software Integrity Group spoke on Risk Based Adaptive DevSecOps.
Building security automation into the DevOps pipeline is a key pain point for many organizations. Some firms deploy to production as frequently as every five minutes—a velocity that security struggles to match. Implementing intelligence within the DevOps pipeline supports security activities by matching the team’s velocity, providing intelligent feedback, and supporting organizations as they scale their security testing activities.
For more information, please visit our website at https://www.synopsys.com/devops
Ad
More Related Content
What's hot (20)
DevSecOps, The Good, Bad, and Ugly
DevSecOps, The Good, Bad, and Ugly4ndersonLin This document discusses DevSecOps and covers the good, bad, and ugly aspects. DevSecOps aims to integrate security practices into the development lifecycle like threat modeling, security testing, and monitoring. The good aspects include finding vulnerabilities early through testing and reviewable infrastructure policies. The bad parts are potential performance issues and loss of availability from tools. The ugly challenges are misunderstandings causing disasters, unstable new tools causing false alarms, and responsibility over security. Overall, DevSecOps is about people, process, and integrating security throughout the development lifecycle rather than just tools.
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE This document summarizes the PIACERE project, which aims to integrate security into DevSecOps processes. It receives funding from the EU Horizon 2020 program. The project develops tools like the DevSecOps Modeling Language (DOML) and Verification Tool to integrate security principles into infrastructure modeling and deployment. It also includes a Canary Sandbox Environment for testing deployments and an Infrastructure Optimization Platform for optimizing cloud resources. The overall goal is to provide a unified platform for secure, automated deployment to multiple clouds.
Bio IT World 2015 - DevOps Security and Transparency
Bio IT World 2015 - DevOps Security and TransparencyKevin Gilpin As more companies adopt DevOps programs and build new infrastructure, the quantity and sensitivity of data being processed outside of the traditional IT stack are growing. Few organizations know where the access points into this information are, or how to secure them. We outline best practices for establishing visibility and control in this new space, drawing real-world examples from environments large and small.
SACON - Immutable architecture (Nilanjan De)
SACON - Immutable architecture (Nilanjan De)Priyanka Aash This document discusses immutable infrastructure. It defines immutable infrastructure as servers that are never modified after deployment. It outlines some key rules and advantages of immutable infrastructure, such as increased security and consistency. The document also notes some potential drawbacks and provides recommendations for implementing immutable infrastructure using tools like containers and cloud platforms. It concludes with a demo of immutable containers and further reading suggestions.
API Security - Everything You Need to Know To Protect Your APIs
API Security - Everything You Need to Know To Protect Your APIsAaronLieberman5 With more APIs in circulation than ever before, there has been a direct correlation to the number of API abuses reported across industries. This is because APIs are such a valuable asset to bad actors, but many organizations have not yet woken up to the realities of the need to protect their APIs from abuse. If you couple that with the fact that attacks on APIs have become more sophisticated, with some attackers even using AI themselves, then you can see why even some of the more security-conscious organizations can have trouble properly securing their APIs.
A robust API Security posture can be broken down into several areas including:
Proper design and coding during the development process
API governance and compliance through visibility of all your APIs (shadow too!) and a mapping of how they connect to each other.
General application and API protection from tools such as API gateways, WAFs, NG-WAF, and RASPS
An always-updating understanding of your user behaviors regarding your APIs.
You won’t have comprehensive API security without solutions in each of these areas.
We will also discuss:
The roles of API developers, infosec, support, and enterprise architects as it relates to API security
Microservices role in making it difficult to secure your APIs
The importance of inventorying your APIs
How technologies like Traceable can help protect your APIs against advanced attacks
Key takeaways:
Why your API's are a key attack surface for modern bad actors
Why APi's are so much harder to secure than traditional web traffic
What's necessary to secure your APIs
Why yesterday's solutions can't solve today's new API security challenges
A New View of Your Application Security Program with Snyk and ThreadFix
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group Snyk continuously monitors your application’s dependencies and lets you quickly respond when new vulnerabilities are disclosed. Threadfix allows organizations to gain true visibility into a your project’s security posture by cross referencing results on an app from multiple sources (SCA, SAST, DAST, etc.), ultimately enabling better prioritization, while Snyk focuses on remediation at the source with the automated fix pull requests. Join us to see how, together, Snyk and ThreadFix can enhance application security and prevent risks, while preserving development scale and speed.
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesAaronLieberman5 Visibility into any system is a key component of creating a supportable platform. Without proper logging, support can be costly and inefficient. With the emergence of APIs, microservices, and distributed, decoupled architectures, logging becomes even more important because there are more components that make up a system than ever before. This is beneficial from the standpoint of creating reliable systems, but logging frameworks need to adapt to this architecture because the premise of logging remains the same as it always has: log clear messages that are easy to read with the goal of enhancing visibility into a system.
In this Meetup hosted by Big Compass, we will explore techniques of logging from the typical iPaas or always-on managed system like a custom application on an EC2, and we will balance that with a discussion on logging from serverless microservices such as AWS Lambda also. We’ll walk through a real system we have created and discuss how a logging framework can be created using AWS serverless services to enhance the visibility and supportability of the system.
You will learn:
Common best practices and blind spots of logging
Differences of logging from always-on systems versus serverless services (AWS Lambda)
Successful use cases where logging has been implemented to improve supportability of a system
Who should attend:
IT leaders who want to decrease support cost and have a system visibility pain point
Developers struggling with implementing a robust, highly visible logging solution
Anyone considering using serverless technology for an upcoming implementation
Reasons to attend:
Create a logging framework that garners deep visibility and a great experience for users, no matter the underlying architecture
Keynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet This document discusses how organizations can move from a reactive approach to compliance to a proactive approach using automation. It notes that over 50% of CIOs cite security and compliance as a barrier to IT modernization. Puppet offers an end-to-end compliance solution that allows organizations to automatically eliminate configuration drift, enforce compliance at scale across operating systems and environments, and define policy as code. The solution helps organizations improve compliance from 50% to over 90% compliant. The document argues that taking a proactive automation approach to compliance can turn it into a competitive advantage by improving speed and innovation.
DevSecOps Everything You Need To Know
DevSecOps Everything You Need To KnowCentextech DevSecOps integrates security practices into DevOps processes to allow for lean and agile security testing throughout software development without disrupting delivery cycles. It is necessary because DevOps failed to properly account for security and compliance issues, whereas DevSecOps facilitates collaboration between developers and security teams to identify and resolve vulnerabilities early. Key principles of DevSecOps include security, compliance, collaboration, threat intelligence, and continuous learning.
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Reuven Harrison An intro to DevOps for security professionals + Our latest innovation: auto-generated security policies in the CI/CD pipeline
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON Sigue siendo una tendencia mayoritaria en el ámbito del desarrollo de software que el analizar la seguridad del producto se postergue a las últimas etapas del proceso. Uno de los motivos suele ser el impacto económico de contar con un ciclo seguro de desarrollo, pesa demasiado al inicio del proyecto y por tanto se descarta tener una metodología integrada durante todo el proceso.
Este planteamiento se está volviendo cada vez más en contra de los desarrolladores y demás actores implicados. Una vez lanzado el producto al mercado, acaban teniendo que invertir recursos inesperados por culpa de problemas de seguridad. Parches, hotfixes, actualizaciones… se convierten en la solución monótona que, lo que consigue es acabar dificultando la usabilidad del producto. Seguro que a todos se nos vienen nombres a la cabeza.
El propósito de esta presentación es el exponer la necesidad de integrar metodologías de seguridad desde las etapas más tempranas del ciclo de vida de sus productos, los beneficios de tener presente el desarrollo seguro de productos y mostrar buenas practicas que favorecen a la mejora de la seguridad de los productos, generando software de mayor calidad.
Y si esto ya te lo han contado en otra CON… ¿por qué no lo estás poniendo en práctica?
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...
From Zero To Hero: Continuous Container Security in 4 Simple Steps- A WhiteSo...WhiteSource In Collaboration with DevOps.com, WhiteSource's Shiri Ivtsan discussed in this webinar the main security challenges organizations face when using containers.
CI/CD pipeline security from start to finish with WhiteSource & CircleCI
CI/CD pipeline security from start to finish with WhiteSource & CircleCIWhiteSource This document provides an agenda for a webinar on securing CI/CD pipelines from start to finish with CircleCI and WhiteSource. The agenda includes brief introductions to CircleCI and WhiteSource, an overview of CircleCI Orbs and how they can simplify integrations, a discussion of the state of open source usage and security, and a demo of WhiteSource scanning functionality directly within a CircleCI pipeline using an Orb.
Chefdevseccon2015
Chefdevseccon2015sc0ttruss This document discusses quantifying security through automation. It provides examples of using the Chef infrastructure automation tool and the CIS audit cookbook to codify and automate security policies and compliance checks. The challenges discussed include making security tools more API-friendly to integrate with continuous deployment pipelines, dynamically configuring firewalls, and automating security testing across multiple builds and applications. Overall, the document advocates expressing security policies in code and integrating security automation into continuous delivery processes from the start.
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Najib Radzuan In the fusion between DevOps and DevSecOps, the pace and agility of the DevSecOps approach made AppSec and InfoSec were a little left behind. The DevOps squad topology does not involve any of the organization's AppSec and InfoSec Engineer. Many DevOps team are also not included them since they lack the information on how to manage and configure DevOps CI / CD pipelines and DevSecOps approaches. There's no shortage of talent — you probably don't have a mission worth getting out of bed or a culture that fosters continuous learning such DevSecOps skill and tools and growth where people feel psychologically safe. Besides, there is no shortage of skills — most have a poor understanding of what they need to be successful or the skills that need to leverage to improve their security posture.
Open Source Security at Scale- The DevOps Challenge
Open Source Security at Scale- The DevOps Challenge WhiteSource It’s no secret that open source components form the backbone of today’s software, comprising between 60-80% of modern applications. But with this, comes the alarming rise in open source vulnerabilities – more than 3,500 open source vulnerabilities were reported in 2017 – that’s 60% higher than the previous year, and the trend continued in 2018.
The question arises: how can DevOps teams ensure a visible and continuous delivery pipeline for software releases without letting security slow them down?
Join WhiteSource’s Product Manager, Shiri Ivtsan, as she discusses:
- The current state of open source vulnerabilities management;
- The latest innovations in the open source security world; and
- The best DevOps tools to protect organizations against open source vulnerabilities and ensure agility, visibility and control regarding their open source.
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud Environment
Safe and Secure Applications: Deploying in a Cloud or Multi-Cloud EnvironmentDevOps.com Today, running applications in the cloud is a must-have. But that doesn’t mean it’s risk-free. In this webinar, CircleCI and xMatters will discuss security issues in the application lifecycle, and demo solutions so your team can be confident you’re deploying safely and securely. Join to understand:
Common risks and vulnerabilities in cloud deployments
Patterns and best practices for ease of testing and deployment management
How CircleCi and xMatters make deploying to cloud (especially multi-cloud environments) safer and more secure
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...
The Devops Challenge: Open Source Security Throughout the DevOps Pipline- A W...WhiteSource This document discusses open source security challenges and recommendations for addressing them. It notes that over 96% of developers rely on open source components but open source vulnerabilities are rising. While companies prioritize fixes, over half do not do so efficiently based on real business impact. The document recommends integrating scanning for vulnerabilities into the entire software development lifecycle from code to deployment. Automating scanning, prioritization of issues, and remediation helps ensure open source security.
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSourceDevOps Indonesia DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource by Andre Kurniawan and Alan Adi Prasetyo
DevSecOps outline
DevSecOps outlineNickleus Jimenez DevSecOps aims to define success, assign responsibilities and milestones, discover the code pipeline by treating code as infrastructure and implementing quality control, inventory security tools by understanding what is owned and the costs, assess gaps by picking frameworks and balancing controls with complexity, and iterate quickly by continuously improving and focusing on platforms over individual tools. The presentation outlines steps for organizations to implement DevSecOps practices by defining objectives, understanding code movement, taking inventory of security tools, assessing gaps, and iterating processes.
Similar to Your Resolution for 2018: Five Principles For Securing DevOps (20)
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com As security and privacy permeate companies’ business practices, DevOps is leading a transformation in the way software is built and delivered. And despite its substantial organizational, cultural and technological requirements, DevOps continues to grow in popularity. Companies that are adopting continuous delivery disciplines demonstrate better IT and organizational performance.
To achieve this level of performance, IT organizations must embrace a new way of thinking about application security. It is critical to understand how DevOps and continuous integration/continuous deployment (CI/CD) differ from agile development and how this changes the requirements for your application security. In this webinar, one of CA Veracode’s product and development experts will provide the latest update to the "Five Principles of Secure DevOps." Much has evolved in this space, and CA Veracode continues to share examples and best practices on how organizations can make the transition to DevSecOps to gain a competitive advantage.
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Synopsys Software Integrity Group During a recent webinar, Meera Rao, DevSecOps Practice Director with Synopsys Software Integrity Group spoke on Risk Based Adaptive DevSecOps.
Building security automation into the DevOps pipeline is a key pain point for many organizations. Some firms deploy to production as frequently as every five minutes—a velocity that security struggles to match. Implementing intelligence within the DevOps pipeline supports security activities by matching the team’s velocity, providing intelligent feedback, and supporting organizations as they scale their security testing activities.
For more information, please visit our website at https://www.synopsys.com/devops
Full Spectrum Engineering – The New Full-stack 
Full Spectrum Engineering – The New Full-stack Deborah Schalm Software development is changing and so are the roles that developers need to play. Over the last decade or so, companies have been trying to fill their ranks with what was called full-stack engineers. These developers were versed in software development from database to GUI and everything in between. This was necessary in the age of monolithic application architectures.
The move to DevOps and microservices demands new skills. Now a developer must become fluent in software testing, deployment, telemetry and even security. It is less about multi-layer and more about multi-discipline.
In this webinar, Pete Chestna, Director of Developer Engagement will share his insights into this transformation, the opportunity that it presents to developers as lifelong learners as well as practical advice to get started. Don’t miss the shift. Get ahead of it!
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXNGINX, Inc. Learn how to automate application security into your CI/CD pipeline with NGINX App Protect WAF and DoS and protect your apps from attacks.
How to get the best out of DevSecOps - a security perspective
How to get the best out of DevSecOps - a security perspectiveColin Domoney This document discusses best practices for DevSecOps. It recommends making security tools available to developers, securing the development environment, using red and blue teams to test security, securing the supply chain, appointing developer security champions, conducting code reviews, and using security testing tools. The document emphasizes a cultural shift toward greater collaboration between development and security teams.
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveColin Domoney This document discusses DevSecOps and the impact on operations. It describes how DevSecOps utilizes collaboration, flexibility, and automation through practices like infrastructure as code. This allows operations to focus on critical tasks rather than manual changes. Best practices for securing operations in a DevSecOps model include controlling source code repositories, protecting deployment pipelines, integrating security testing into the pipeline, and using security telemetry in applications and environments. Automated dashboards can measure security metrics.
DevOps: Security's Big Opportunity
DevOps: Security's Big OpportunityTimothy Jarrett DevOps culture creates an opportunity for us to improve application security. Since developers are the ones producing code, integrating components and creating the innovations that fuel our digital economy, they are also the ones who will determine whether or not security is part of development or not. Security professionals must therefore learn to how to talk to developers about how to create a security program that will accelerate development and not slow it down.
Shifting security all day dev ops
Shifting security all day dev opsTom Stiehm All Day DevOps presentation on shifting security left. Learn more about why shifting left is the real innovation of DevSecOps and where to start.
SecDevOps: afaste-se dos ciberataques sem complicar o dia a dia dos desenvolv...
SecDevOps: afaste-se dos ciberataques sem complicar o dia a dia dos desenvolv...Dárcio Takara As aplicações são agora o perímetro de segurança mais atacado. A crescente complexidade do software tornou-se o alvo de mais da metade de todos os ataques bem-sucedidos. É fácil ver o porquê: 80% das aplicações falham em seu primeiro teste de segurança. Ao mesmo tempo, há pressão por entrega de software cada vez mais rápido – sempre em busca de time-to-market. A resposta todos já sabem: SecDevOps, mas como colocar em prática sem complicar a vida dos desenvolvedores?
How to apply DevOps in a regulated organisation
How to apply DevOps in a regulated organisationColin Domoney This document provides an overview of applying DevOps practices in regulated organizations. It discusses the benefits of DevOps including improved performance, quality, and security. Some challenges of applying DevOps in regulated environments are the need to overcome silos, address legacy systems, and prove compliance. The document offers best practices such as understanding regulations, automating controls, and using tools like Chef Inspec to prove compliance. Case studies from ING Bank and Capital One show how regulated firms have successfully adopted DevOps.
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager
For more information on DevSecOps, please visit: http://ow.ly/u2pN50g63tN
Enterprise DevOps and the Modern Mainframe Webcast Presentation
Enterprise DevOps and the Modern Mainframe Webcast PresentationCompuware Compuware and CloudBees demonstrate how you can apply modern DevOps practices to your mainframe applications using Compuware ISPW and Topaz for Total Test with CloudBees Jenkins. Compuware Product Manager Steve Kansa and CloudBees DevOps Evangelist Brian Dawson will:
- Position the mainframe as part of your DevOps and CI/CD journey
- Explain how Jenkins automates mainframe source code management and testing
- Demo a CI/CD workflow on a COBOL application
Watch the full presentation on YouTube: https://www.youtube.com/watch?v=x4MWrPy3bKM.
Agile DevOps Transformation At HUD (AgileDC 2017)
Agile DevOps Transformation At HUD (AgileDC 2017)Marco Corona The document describes how Coveros helped the US Department of Housing and Urban Development (HUD) implement DevOps practices and continuous delivery pipelines for 15 legacy applications over 7 months. Key steps included automating builds with Maven/Jenkins, deploying applications and infrastructure with Chef, implementing branching strategies, and promoting code through development, testing, staging and production environments every two weeks with rigorous testing. Lessons learned emphasized the importance of team buy-in, continuous improvement, and mitigating technical debt.
5 principles-securing-devops-veracode-whitepaper
5 principles-securing-devops-veracode-whitepaperwardell henley The document discusses five principles for securing DevOps:
1) Automate security testing by integrating it into CI/CD pipelines.
2) Integrate security testing early to "fail quickly" and avoid issues late in the process.
3) Avoid false positives from security tests to prevent blocking critical updates.
4) Build security expertise among developers by training them in secure coding practices.
5) Maintain visibility into application security for deployed software to enable quick responses to attacks.
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018Outpost24 As DevOps continue to advance, and agile development continues to be widely adopted, the latest OWASP top 10 list shows little to no movement at the top in terms of the most serious vulnerabilities affecting web applications. With a plethora of tools and information to help reduce application vulnerabilities and increase the level of security awareness in development team available, why do we still see web applications as a significant attack vector?
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller 1. The document discusses how security is changing with new technologies like cloud computing, DevOps, and agile development. Traditional security practices are no longer effective.
2. It advocates migrating security left in the development process so it is designed into applications from the beginning. This allows for a faster security feedback loop.
3. Security needs to be automated and tested using tools and data platforms. Monitoring and inspecting everything is important for the new dynamic environments. Security decisions and controls are also changing to adapt to these new realities.
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1 DevSecOps is a development methodology that combines security measures at every stage of the software development lifecycle in order to provide reliable and secure systems. DevSecOps, in general, increases the benefits of a DevOps service.
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleSynopsys Software Integrity Group Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
For more information, please visit our website at https://www.synopsys.com/software-integrity/managed-services.html
SD DevOps Meet-up - Exploring Quadrants of DevOps Maturity
SD DevOps Meet-up - Exploring Quadrants of DevOps MaturityBrian Dawson his is a presentation given at the March 16th San Diego DevOps Meet-up , which maps the enterprise DevOps journey to 4 quadrants of maturity and covers practical process, tools and leadership strategies for "crossing the chasm" from an organization's current quadrant to the next level of maturity.
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything CA Technologies Even if your dev team is agile, there are often bottlenecks that keep your organization from achieving true continuous delivery. We’ll discuss how to eliminate spreadsheets and implement a common workflow that all teams throughout the software delivery lifecycle can rally around. Automate your CD pipeline and get the viability you need for continuous improvement – from planning to production and into performance. Learn more at:
CDDirector.io - https://cddirector.io/
Ad
More from DevOps.com (20)
Modernizing on IBM Z Made Easier With Open Source Software
Modernizing on IBM Z Made Easier With Open Source SoftwareDevOps.com In the past decade, IDC has seen IBM Z evolve first from a siloed platform to what they call a "connected" platform, and then to a "transformative" platform. This transition has been driven by IBM, by the IBM Z software vendors, like Rocket Software, and by businesses themselves.
IDC research shows that businesses that choose to modernize IBM Z achieve higher satisfaction than re-platformers and many are using open source software (OSS) in their modernization initiatives. Employing OSS makes it possible to crack the platform open and enable it to connect to the rest of the datacenter and the outside world. Join IDC guest speaker, Al Gillen and Peter Fandel as they take a deeper look at the value proposition associated with using commercially supported OSS in mission-critical environments, like IBM Z. In this webinar we’ll discuss:
How OSS can neutralize the disparity between seasoned IBM Z and emerging developers
The modernization initiatives that involve OSS
What to consider before bringing OSS to IBM Z
How Rocket Software is delivering commercially supported OSS to IBM Z
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com With the growing adoption of Kubernetes, organizations want to take advantage of containerized Microsoft SQL Server 2019 to optimize transactional performance and accelerate time-to-insights from their business-critical data. However, as enterprises embrace hybrid cloud strategy, they need to consider several aspects based on the performance, cost and data protection requirements for running enterprise-grade SQL Server databases.
In this webinar, we will compare and contrast various cloud-native platforms for SQL Server that would help CIOs, DevOps engineers, database administrators and applications architects to determine the most suitable platform that fits their business needs.
Join us as we explore some exciting results from a recent performance benchmark study conducted by McKnight Consulting Group, an independent consulting firm, to compare the performance of Microsoft SQL Server 2019 on the best possible configurations of the following Kubernetes platforms:
Diamanti Enterprise Kubernetes Platform
Amazon Web Services Elastic Kubernetes Service (AWS EKS)
Azure Kubernetes Service (AKS)
Topics will include:
Platform considerations and requirements for running Microsoft SQL Server 2019
Performance comparison and analysis of running SQL Server on various platform
Best practices for running containerized SQL Server databases in Kubernetes environment
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...
Comparing Microsoft SQL Server 2019 Performance Across Various Kubernetes Pla...DevOps.com With the growing adoption of Kubernetes, organizations want to take advantage of containerized Microsoft SQL Server 2019 to optimize transactional performance and accelerate time-to-insights from their business-critical data. However, as enterprises embrace hybrid cloud strategy, they need to consider several aspects based on the performance, cost and data protection requirements for running enterprise-grade SQL Server databases.
In this webinar, we will compare and contrast various cloud-native platforms for SQL Server that would help CIOs, DevOps engineers, database administrators and applications architects to determine the most suitable platform that fits their business needs.
Join us as we explore some exciting results from a recent performance benchmark study conducted by McKnight Consulting Group, an independent consulting firm, to compare the performance of Microsoft SQL Server 2019 on the best possible configurations of the following Kubernetes platforms:
Diamanti Enterprise Kubernetes Platform
Amazon Web Services Elastic Kubernetes Service (AWS EKS)
Azure Kubernetes Service (AKS)
Topics will include:
Platform considerations and requirements for running Microsoft SQL Server 2019
Performance comparison and analysis of running SQL Server on various platform
Best practices for running containerized SQL Server databases in Kubernetes environment
Next Generation Vulnerability Assessment Using Datadog and Snyk
Next Generation Vulnerability Assessment Using Datadog and SnykDevOps.com Vulnerability assessment for teams can often be overwhelming. The dependency graph could be thousands of packages depending on the application. Triaging vulnerability data and prioritizing actions has historically been a very manual process, until now. With Datadog and Snyk, learn how to trace security and performance issues by leveraging continuous profiling capabilities for actionable insight that help developers remediate problems.
Join us on Thursday, January 21 for a unique opportunity to learn more about continuous profiling, vulnerability management, and the benefit to customers from using both of these products. In this webinar, you will:
Bust some myths around continuous profiling and learn how Datadog differentiates itself
See decorated traces in action for sample Java applications and understand how Snyk + Datadog reduce time to triage supply chain vulnerabilities
Learn roadmap information for upcoming public announcements from both partners
Vulnerability Discovery in the Cloud
Vulnerability Discovery in the CloudDevOps.com In the era of cloud generation, the constant activity around workloads and containers create more vulnerabilities than an organization can keep up with. Using legacy security vendors doesn't set you up for success in the cloud. You’re likely spending undue hours chasing, triaging and patching a countless stream of cloud vulnerabilities with little prioritization.
Join us for this live webinar as we detail how to streamline host and container vulnerability workflows for your software teams wanting to build fast in the cloud. We'll be covering how to:
Get visibility into active packages and associated vulnerabilities
Reduce false positives by 98%
Reduce investigation time by 30%
Spot a legacy vendor looking to do some cloud washing
2021 Open Source Governance: Top Ten Trends and Predictions
2021 Open Source Governance: Top Ten Trends and PredictionsDevOps.com If you work in software development, jumpstart your engineering team in 2021—get ahead of the engineering curve and your competitors—by attending this must-watch open source trends and predictions webinar.
Alex Rybak, Director of Product Management at Revenera, and Russ Eling, founder and CEO of OSS Engineering Consultants, share their top 10 open source usage, license compliance and security insights for the new year.
Just a few hints at what you’ll learn more about:
Where the adoption of shift-left is headed and the decisions you’ll face going forward
The impact of a lack of software developer security training relative to pandemic fallout
The broader role of the engineering team in open source management and governance
The expanding role and impact of open source marketplaces such as GitHub
Don’t miss the discussion for valuable insight and learning for software engineering teams
A New Year’s Ransomware Resolution
A New Year’s Ransomware ResolutionDevOps.com 2020 was a brutal year for ransomware. Cybercriminals operated without any human decency, targeting the most vulnerable and at-risk parties, such as hospitals, scientists, and global manufacturers. The approach has become more sophisticated and life-threatening, shifting from individual targets to global enterprises, destroying backups, blackmailing victims with public leakage of exfiltrated data, and paralyzing critical systems and infrastructure.
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)
Getting Started with Runtime Security on Azure Kubernetes Service (AKS)DevOps.com This document discusses runtime security on Azure Kubernetes Service (AKS). It begins by introducing AKS and how it simplifies Kubernetes deployment and management. It then discusses the security concerns with containers and the need for runtime security. Runtime security involves monitoring activity within containers to detect unwanted behaviors. The document outlines how Sysdig provides runtime security for AKS through its agents that collect syscall data and Kubernetes audit logs. It analyzes this data using policies to detect anomalies and threats across containers, hosts, and Kubernetes clusters. Sysdig also integrates with other tools like Falco and Anchore to provide breadth and depth of security.
Don't Panic! Effective Incident Response
Don't Panic! Effective Incident ResponseDevOps.com In any fast-paced engineering environment, unexpected incidents can arise and escalate without warning. Without strong leadership within teams, you get chaotic, stressful, and tiring situations that waste valuable engineering time, slow down resolution, and most importantly, impact your customers.
Operationally mature organisations use proven incident response systems led by Incident Commanders. Incident Commanders provide the leadership needed to help stabilize major incidents fast.
In this webinar, we’ll take lessons learned from formalized incident response, such as those used by first responders, and show you how to apply those same practices to your organization. By utilising these methods you’ll improve both the speed and effectiveness of your team’s response, reducing the amount of downtime experienced.
In this workshop, attendees will:
Be introduced to the Incident Command System and learn how it can be adapted to their organisation
Walk through the basics of incident response best practices
Discuss examples of formal incident response from multiple organisations
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's Culture
Creating a Culture of Chaos: Chaos Engineering Is Not Just Tools, It's CultureDevOps.com Chaos engineering is becoming a critical part of the DevOps toolchain when adopting Site Reliability Engineering (SRE) practices. Every system is becoming a distributed system and chaos engineering proclaims many advantages for them.
It improves infrastructure automation, increases reliability and transforms incident management. However, an often-overlooked benefit of chaos engineering and SRE involves culture transformation. Culture is often touched upon when talking about chaos engineering and SRE but not as often as skills and process.
In this webinar, we will discuss how you can build out a chaos engineering practice and how you can adopt a true blameless culture and maximize the potential of your team.
You will learn how to:
Hold blameless postmortems
Share post mortems with other teams
Run regular fire drills and game days
Automate chaos experiments for continuous validation
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with Teleport
Role Based Access Controls (RBAC) for SSH and Kubernetes Access with TeleportDevOps.com Enterprises are best served by leveraging an RBAC system to manage access to their SSH and Kubernetes resources. With Teleport, an open source software, employers are able to provide granular access controls to developers based on the access they need and when they need it. This makes it possible for employers to maintain secure access without getting in the way of their developers’ daily operations.
Join Steven Martin, solution engineer at Teleport, as he demonstrates how to assign access to developers and SRE’s across environments with Teleport through roles mapped from enterprises’ identity providers or SSOs.
Monitoring Serverless Applications with Datadog
Monitoring Serverless Applications with DatadogDevOps.com Join Datadog for a webinar on monitoring serverless applications with AWS Lambda. You'll learn how to get the most of Datadog's platform, as well ask the following key takeaways:
Learn how to set up a Twitter bot that makes API calls with Node.js
Deploying Serverless Applications
What does observability look like with less infrastructure?
Deliver your App Anywhere … Publicly or Privately
Deliver your App Anywhere … Publicly or PrivatelyDevOps.com Developers are increasingly adopting a microservices approach for their apps in order to gain rapid iteration capabilities required for delivering new services faster. However, delivering the App still requires multiple steps such as allocation of virtual IPs, provisioning the front load balancer, configuring firewall rules, configuring a public domain, and DDOS. At present, each of these steps requires coordination across multiple teams with multiple iterations per team. The time efficiencies gained by adopting microservices and cloud-native technologies is negated due to the time taken to deliver the App.
In this session, Pranav Dharwadkar, VP of products at Volterra, and Jakub Pavlik, director of engineering, will help you understand these challenges and introduce a distributed proxy architecture that can alleviate the challenges across different cloud environments. This webinar will include a live demo using a distributed proxy architecture to advertise an App publicly and privately.
In this webinar, you will learn:
The steps required to deliver an App using the current approaches
How a distributed proxy architecture can be used to deliver the app publicly and privately
The operational benefits of a distributed proxy architecture for delivering new services
Securing medical apps in the age of covid final
Securing medical apps in the age of covid finalDevOps.com The COVID-19 pandemic has drastically altered the connected healthcare landscape, accelerating the usage of telemedicine and other remote healthcare delivery systems by as much as 11,000% for some populations. How has this unprecedented push affected healthcare and medical device application security? The security team at Intertrust recently analyzed 100 Android and iOS medical apps to find out.
In this webinar, we'll discuss:
Medical application and device threat trends
The top mHealth security vulnerabilities uncovered in our analysis
Strategies to keep your mHealth apps safe
Future advances in digital healthcare and how your security can evolve with it
How to Build a Healthy On-Call Culture
How to Build a Healthy On-Call CultureDevOps.com Raise your hand if you enjoy being buried in alerts or woken up at 2 a.m. — yeah … thought so. Ever-rising customer expectations around high availability and performance put massive pressure on the teams who develop and support SaaS products. And teams are literally losing sleep over it. Until outages and other incidents are a thing of the past, organizations need to invest in a way of dealing with them that won’t lead to burn-out.
In this session, you’ll learn how to combine the latest tooling with DevOps practices in the pursuit of a sustainable incident response workflow. It’s all about transparency, actionable alerts, resilience and learning from each incident.
The Evolving Role of the Developer in 2021
The Evolving Role of the Developer in 2021DevOps.com The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others).
In this webinar, we'll discuss the key traits of high-performing teams and how that impacts the role of the developer.
Key Takeaways:
Choose the best third party dependencies
Determine the lowest effort upgrades between open source versions
Solve for issues in both direct and transitive dependencies with a single-click
Block and quarantine suspicious open source components
Service Mesh: Two Big Words But Do You Need It?
Service Mesh: Two Big Words But Do You Need It?DevOps.com Today, one of the big concepts buzzing in the app development world is service mesh. A service mesh is a configurable infrastructure layer for microservices application that makes communication flexible, reliable and fast. Let’s take a step back, though, and answer this question: Do you need a service mesh?
Join this webinar to learn:
What a service mesh is; when and why you need it — or when and why you may not
App modernization journey and traffic management approaches for microservices-based apps
How to make an informed decision based on cost and complexity before adopting service mesh
Learn about NGINX Service Mesh in a live demo, and how it provides the best service mesh option for container-based L7 traffic management
Secure Data Sharing in OpenShift Environments
Secure Data Sharing in OpenShift EnvironmentsDevOps.com Red Hat OpenShift is enabling quicker adoption of DevOps practices. Containers are an essential component of DevOps and the OpenShift Kubernetes Container Platform is integral for orchestration within these environments. Data security is now challenged to keep pace with the size and scope of container usage. The migration from legacy in-house deployments to hybrid-cloud installations has created new attack surfaces as data is shared more freely in Kubernetes deployments.
Protecting data at rest and in motions is a necessity. Learn how you can keep data protected and securely share data in OpenShift environments with real-time data protection solutions.
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...
How to Govern Identities and Access in Cloud Infrastructure: AppsFlyer Case S...DevOps.com Managing access permissions in the public cloud can be a very complex process. In fact, by 2023, 75% of cloud security failures will result from the inadequate management of identities, access and privileges, according to Gartner.
Join us as Guy Flechter, CISO of AppsFlyer, presents a real-world case of how his company works to enforce least-privilege and to govern identities in their cloud. This webinar will also provide an overview of how to govern access and achieve least privilege by analyzing the access permissions and activity in your public cloud environment. With thousands of human and machine identities, roles, policies and entitlements, this webinar will give you the tools to examine the access open to people and services in your public cloud, and determine whether that access is necessary.
In this workshop, you will learn about:
The risks of IAM misconfiguration and excessive entitlements in cloud environments
The challenges in identifying and mitigating Identity and access risks for both human and machine identities
How to automate cloud identity governance and entitlement management with Ermetic
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...
Elevate Your Enterprise Python and R AI, ML Software Strategy with Anaconda T...DevOps.com Open-source machine learning can be transformative, but without the proper tools in place, enterprises struggle to balance the IT security and governance requirements with the need to deliver these powerpoint tools into the hands of their developers and modelers.
How can organizations get the latest technology from the open-source brain trust, while ensuring enterprise-grade management and security? In this webinar, we will discuss how Anaconda Team Edition, available on RedHat Marketplace, enables IT departments to mirror a curated set of packages into their organization in a safe and governed way.
Join Michael Grant, VP of services at Anaconda, to discuss:
How IT organizations are using Anaconda Team Edition to curate, govern and secure Python and R packages
Tips for how development and data science teams can get the most out of Team Edition, from uploading your own packages to building custom channels for groups or projects
How to distribute conda environments to desktops, servers and clusters:
GUI-based installers for desktop users
“Conda packs” for automated delivery to remote servers and distributed computing clusters
Conda-enabled Docker containers for application deployment
Ad
Recently uploaded (20)
Adobe Lightroom Classic Crack FREE Latest link 2025
Adobe Lightroom Classic Crack FREE Latest link 2025kashifyounis067 🌍📱👉COPY LINK & PASTE ON GOOGLE http://drfiles.net/ 👈🌍
Adobe Lightroom Classic is a desktop-based software application for editing and managing digital photos. It focuses on providing users with a powerful and comprehensive set of tools for organizing, editing, and processing their images on their computer. Unlike the newer Lightroom, which is cloud-based, Lightroom Classic stores photos locally on your computer and offers a more traditional workflow for professional photographers.
Here's a more detailed breakdown:
Key Features and Functions:
Organization:
Lightroom Classic provides robust tools for organizing your photos, including creating collections, using keywords, flags, and color labels.
Editing:
It offers a wide range of editing tools for making adjustments to color, tone, and more.
Processing:
Lightroom Classic can process RAW files, allowing for significant adjustments and fine-tuning of images.
Desktop-Focused:
The application is designed to be used on a computer, with the original photos stored locally on the hard drive.
Non-Destructive Editing:
Edits are applied to the original photos in a non-destructive way, meaning the original files remain untouched.
Key Differences from Lightroom (Cloud-Based):
Storage Location:
Lightroom Classic stores photos locally on your computer, while Lightroom stores them in the cloud.
Workflow:
Lightroom Classic is designed for a desktop workflow, while Lightroom is designed for a cloud-based workflow.
Connectivity:
Lightroom Classic can be used offline, while Lightroom requires an internet connection to sync and access photos.
Organization:
Lightroom Classic offers more advanced organization features like Collections and Keywords.
Who is it for?
Professional Photographers:
PCMag notes that Lightroom Classic is a popular choice among professional photographers who need the flexibility and control of a desktop-based application.
Users with Large Collections:
Those with extensive photo collections may prefer Lightroom Classic's local storage and robust organization features.
Users who prefer a traditional workflow:
Users who prefer a more traditional desktop workflow, with their original photos stored on their computer, will find Lightroom Classic a good fit.
Who Watches the Watchmen (SciFiDevCon 2025)
Who Watches the Watchmen (SciFiDevCon 2025)Allon Mureinik Tests, especially unit tests, are the developers’ superheroes. They allow us to mess around with our code and keep us safe.
We often trust them with the safety of our codebase, but how do we know that we should? How do we know that this trust is well-deserved?
Enter mutation testing – by intentionally injecting harmful mutations into our code and seeing if they are caught by the tests, we can evaluate the quality of the safety net they provide. By watching the watchmen, we can make sure our tests really protect us, and we aren’t just green-washing our IDEs to a false sense of security.
Talk from SciFiDevCon 2025
https://www.scifidevcon.com/courses/2025-scifidevcon/contents/680efa43ae4f5
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AI
Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIdanshalev If we were building a GenAI stack today, we'd start with one question: Can your retrieval system handle multi-hop logic?
Trick question, b/c most can’t. They treat retrieval as nearest-neighbor search.
Today, we discussed scaling #GraphRAG at AWS DevOps Day, and the takeaway is clear: VectorRAG is naive, lacks domain awareness, and can’t handle full dataset retrieval.
GraphRAG builds a knowledge graph from source documents, allowing for a deeper understanding of the data + higher accuracy.
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...
Requirements in Engineering AI- Enabled Systems: Open Problems and Safe AI Sy...Lionel Briand Keynote at RAISE workshop, ICSE 2025
Download Wondershare Filmora Crack [2025] With Latest![Download Wondershare Filmora Crack [2025] With Latest](https://cdn.slidesharecdn.com/ss_thumbnails/neo4j-howkgsareshapingthefutureofgenerativeaiatawssummitlondonapril2024-240426125209-2d9db05d-250419-250428115407-a04afffa-thumbnail.jpg?width=560&fit=bounds)
Download Wondershare Filmora Crack [2025] With Latesttahirabibi60507 Copy & Past Link 👉👉
http://drfiles.net/
Wondershare Filmora is a video editing software and app designed for both beginners and experienced users. It's known for its user-friendly interface, drag-and-drop functionality, and a wide range of tools and features for creating and editing videos. Filmora is available on Windows, macOS, iOS (iPhone/iPad), and Android platforms.
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...
Interactive odoo dashboards for sales, CRM , Inventory, Invoice, Purchase, Pr...AxisTechnolabs Interactive Odoo Dashboard for various business needs can provide users with dynamic, visually appealing dashboards tailored to their specific requirements. such a module that could support multiple dashboards for different aspects of a business
✅Visit And Buy Now : https://bit.ly/3VojWza
✅This Interactive Odoo dashboard module allow user to create their own odoo interactive dashboards for various purpose.
App download now :
Odoo 18 : https://bit.ly/3VojWza
Odoo 17 : https://bit.ly/4h9Z47G
Odoo 16 : https://bit.ly/3FJTEA4
Odoo 15 : https://bit.ly/3W7tsEB
Odoo 14 : https://bit.ly/3BqZDHg
Odoo 13 : https://bit.ly/3uNMF2t
Try Our website appointment booking odoo app : https://bit.ly/3SvNvgU
👉Want a Demo ?📧 [email protected]
➡️Contact us for Odoo ERP Set up : 091066 49361
👉Explore more apps: https://bit.ly/3oFIOCF
👉Want to know more : 🌐 https://www.axistechnolabs.com/
#odoo #odoo18 #odoo17 #odoo16 #odoo15 #odooapps #dashboards #dashboardsoftware #odooerp #odooimplementation #odoodashboardapp #bestodoodashboard #dashboardapp #odoodashboard #dashboardmodule #interactivedashboard #bestdashboard #dashboard #odootag #odooservices #odoonewfeatures #newappfeatures #odoodashboardapp #dynamicdashboard #odooapp #odooappstore #TopOdooApps #odooapp #odooexperience #odoodevelopment #businessdashboard #allinonedashboard #odooproducts
Get & Download Wondershare Filmora Crack Latest [2025]![Get & Download Wondershare Filmora Crack Latest [2025]](https://cdn.slidesharecdn.com/ss_thumbnails/revolutionizingresidentialwi-fi-250422112639-60fb726f-250429170801-59e1b240-thumbnail.jpg?width=560&fit=bounds)
Get & Download Wondershare Filmora Crack Latest [2025]saniaaftab72555 Copy & Past Link 👉👉
https://dr-up-community.info/
Wondershare Filmora is a video editing software and app designed for both beginners and experienced users. It's known for its user-friendly interface, drag-and-drop functionality, and a wide range of tools and features for creating and editing videos. Filmora is available on Windows, macOS, iOS (iPhone/iPad), and Android platforms.
Top 10 Client Portal Software Solutions for 2025.docx
Top 10 Client Portal Software Solutions for 2025.docxPortli Discover the top 10 client portal software solutions for 2025. Streamline communication, ensure security, and enhance client experience.
Landscape of Requirements Engineering for/by AI through Literature Review
Landscape of Requirements Engineering for/by AI through Literature ReviewHironori Washizaki Hironori Washizaki, "Landscape of Requirements Engineering for/by AI through Literature Review," RAISE 2025: Workshop on Requirements engineering for AI-powered SoftwarE, 2025.
Kubernetes_101_Zero_to_Platform_Engineer.pptx
Kubernetes_101_Zero_to_Platform_Engineer.pptxCloudScouts Presentacion de la primera sesion de Zero to Platform Engineer
Designing AI-Powered APIs on Azure: Best Practices& Considerations
Designing AI-Powered APIs on Azure: Best Practices& ConsiderationsDinusha Kumarasiri AI is transforming APIs, enabling smarter automation, enhanced decision-making, and seamless integrations. This presentation explores key design principles for AI-infused APIs on Azure, covering performance optimization, security best practices, scalability strategies, and responsible AI governance. Learn how to leverage Azure API Management, machine learning models, and cloud-native architectures to build robust, efficient, and intelligent API solutions
Avast Premium Security Crack FREE Latest Version 2025
Avast Premium Security Crack FREE Latest Version 2025mu394968 🌍📱👉COPY LINK & PASTE ON GOOGLE https://dr-kain-geera.info/👈🌍
Avast Premium Security is a paid subscription service that provides comprehensive online security and privacy protection for multiple devices. It includes features like antivirus, firewall, ransomware protection, and website scanning, all designed to safeguard against a wide range of online threats, according to Avast.
Key features of Avast Premium Security:
Antivirus: Protects against viruses, malware, and other malicious software, according to Avast.
Firewall: Controls network traffic and blocks unauthorized access to your devices, as noted by All About Cookies.
Ransomware protection: Helps prevent ransomware attacks, which can encrypt your files and hold them hostage.
Website scanning: Checks websites for malicious content before you visit them, according to Avast.
Email Guardian: Scans your emails for suspicious attachments and phishing attempts.
Multi-device protection: Covers up to 10 devices, including Windows, Mac, Android, and iOS, as stated by 2GO Software.
Privacy features: Helps protect your personal data and online privacy.
In essence, Avast Premium Security provides a robust suite of tools to keep your devices and online activity safe and secure, according to Avast.
Societal challenges of AI: biases, multilinguism and sustainability
Societal challenges of AI: biases, multilinguism and sustainabilityJordi Cabot Towards a fairer, inclusive and sustainable AI that works for everybody.
Reviewing the state of the art on these challenges and what we're doing at LIST to test current LLMs and help you select the one that works best for you
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...
TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...Andre Hora Unittest and pytest are the most popular testing frameworks in Python. Overall, pytest provides some advantages, including simpler assertion, reuse of fixtures, and interoperability. Due to such benefits, multiple projects in the Python ecosystem have migrated from unittest to pytest. To facilitate the migration, pytest can also run unittest tests, thus, the migration can happen gradually over time. However, the migration can be timeconsuming and take a long time to conclude. In this context, projects would benefit from automated solutions to support the migration process. In this paper, we propose TestMigrationsInPy, a dataset of test migrations from unittest to pytest. TestMigrationsInPy contains 923 real-world migrations performed by developers. Future research proposing novel solutions to migrate frameworks in Python can rely on TestMigrationsInPy as a ground truth. Moreover, as TestMigrationsInPy includes information about the migration type (e.g., changes in assertions or fixtures), our dataset enables novel solutions to be verified effectively, for instance, from simpler assertion migrations to more complex fixture migrations. TestMigrationsInPy is publicly available at: https://github.com/altinoalvesjunior/TestMigrationsInPy.
Adobe Master Collection CC Crack Advance Version 2025
Adobe Master Collection CC Crack Advance Version 2025kashifyounis067 🌍📱👉COPY LINK & PASTE ON GOOGLE http://drfiles.net/ 👈🌍
Adobe Master Collection CC (Creative Cloud) is a comprehensive subscription-based package that bundles virtually all of Adobe's creative software applications. It provides access to a wide range of tools for graphic design, video editing, web development, photography, and more. Essentially, it's a one-stop-shop for creatives needing a broad set of professional tools.
Key Features and Benefits:
All-in-one access:
The Master Collection includes apps like Photoshop, Illustrator, InDesign, Premiere Pro, After Effects, Audition, and many others.
Subscription-based:
You pay a recurring fee for access to the latest versions of all the software, including new features and updates.
Comprehensive suite:
It offers tools for a wide variety of creative tasks, from photo editing and illustration to video editing and web development.
Cloud integration:
Creative Cloud provides cloud storage, asset sharing, and collaboration features.
Comparison to CS6:
While Adobe Creative Suite 6 (CS6) was a one-time purchase version of the software, Adobe Creative Cloud (CC) is a subscription service. CC offers access to the latest versions, regular updates, and cloud integration, while CS6 is no longer updated.
Examples of included software:
Adobe Photoshop: For image editing and manipulation.
Adobe Illustrator: For vector graphics and illustration.
Adobe InDesign: For page layout and desktop publishing.
Adobe Premiere Pro: For video editing and post-production.
Adobe After Effects: For visual effects and motion graphics.
Adobe Audition: For audio editing and mixing.
Why Orangescrum Is a Game Changer for Construction Companies in 2025
Why Orangescrum Is a Game Changer for Construction Companies in 2025Orangescrum Orangescrum revolutionizes construction project management in 2025 with real-time collaboration, resource planning, task tracking, and workflow automation, boosting efficiency, transparency, and on-time project delivery.
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...
Mastering Fluent Bit: Ultimate Guide to Integrating Telemetry Pipelines with ...Eric D. Schabell It's time you stopped letting your telemetry data pressure your budgets and get in the way of solving issues with agility! No more I say! Take back control of your telemetry data as we guide you through the open source project Fluent Bit. Learn how to manage your telemetry data from source to destination using the pipeline phases covering collection, parsing, aggregation, transformation, and forwarding from any source to any destination. Buckle up for a fun ride as you learn by exploring how telemetry pipelines work, how to set up your first pipeline, and exploring several common use cases that Fluent Bit helps solve. All this backed by a self-paced, hands-on workshop that attendees can pursue at home after this session (https://o11y-workshops.gitlab.io/workshop-fluentbit).
Douwan Crack 2025 new verson+ License code
Douwan Crack 2025 new verson+ License codeaneelaramzan63 Copy & Paste On Google >>> https://dr-up-community.info/
Douwan Preactivated Crack Douwan Crack Free Download. Douwan is a comprehensive software solution designed for data management and analysis.
Expand your AI adoption with AgentExchange
Expand your AI adoption with AgentExchangeFexle Services Pvt. Ltd. AgentExchange is Salesforce’s latest innovation, expanding upon the foundation of AppExchange by offering a centralized marketplace for AI-powered digital labor. Designed for Agentblazers, developers, and Salesforce admins, this platform enables the rapid development and deployment of AI agents across industries.
Email: [email protected]
Phone: +1(630) 349 2411
Website: https://www.fexle.com/blogs/agentexchange-an-ultimate-guide-for-salesforce-consultants-businesses/?utm_source=slideshare&utm_medium=pptNg
Solidworks Crack 2025 latest new + license code
Solidworks Crack 2025 latest new + license codeaneelaramzan63 Copy & Paste On Google >>> https://dr-up-community.info/
The two main methods for installing standalone licenses of SOLIDWORKS are clean installation and parallel installation (the process is different ...
Disable your internet connection to prevent the software from performing online checks during installation
Your Resolution for 2018: Five Principles For Securing DevOps
- 1. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES1 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Accelerating the Move to the Dev Use Case DevOps.com - Security Boulevard Webinar – Applying Five Principles of Securing DevOps Austin Britt Solutions Architect, Team Lead
- 2. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES2 Austin Britt • Former Security Program Manager • Managed Fortune 100 application security programs • Developed program to manage compensating controls across global insurance provider • At Veracode since 2012 • Boston OWASP Chapter Member • Solutions Architect
- 3. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES3 DevOps Plan Dev QA Ops Business Intent App Knowledge Ops Knowledge Business Intent App Knowledge Ops Knowledge Continuity Waterfall ! ! ! ! = Handoff Agile !
- 4. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES4 DevOps is built on Agile Security
- 5. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES5 Continuous Integration & Continuous Delivery (CI/CD) • Goal: Release new changes while maintaining stability • CI/CD seeks to automate the process of transforming code changes into working software • Automation of code delivery into runtime environments • Typically built on top of preexisting toolchains: – Jenkins, VSTS, Hudson, CircleCI etc. • Technologies that support CI/CD work streams: – Automated Build and Verification of Code Changes – Containerization – Unit Tests – Feature development – Microservices – Operational Monitoring
- 6. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES6 Defining DevOps
- 7. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES7 What does DevOps Enable? • Shared responsibility for software delivery and operation • Allows software to meet business needs • Removes organizational barriers between agile teams and non-agile processes • Faster and more frequent delivery to market
- 8. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES8 “Shift Left”: Securing DevOps • Goal: Minimize organization risk without slowing down development • Changing how security operates within an organization Security
- 9. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES9 Five Principles for integrating security into DevOps 1 Automate Security In DevOps Pipeline2 Integrate to “Fail Quickly” 3 No false alarms 4 Build security champions Development 5 Keep operational visibility Production
- 10. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES10 Principle #1: Automate Security In • Integrate into common development tools – IDE – Build Systems – Bug Tracking – GRC • Leverage comprehensive APIs • Integrate testing results within development backlogs
- 11. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES11 Principle #2: Integrate to Fail Quickly • Education that delivers cost savings – Inform development early • Two Phased approach – Consistent frequency (part of pipeline) – Development being proactive (testing outside of the pipeline) Development Operations Both failures create notifications within the backlog
- 12. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES12 Principle #3: No False Alarms • Too many false positives will frustrate development and security • Technology will end up being ignored • Action oriented and accurate findings are important • In CI/CD a failure may cause the entire pipeline to stop • Delays could yield lost revenue for the whole organization
- 13. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES13 Principle #4: Build Security Champions • Eyes and ears of Security • Specialized training • Basic security concepts • Threat modeling • Grooming guidelines • Secure code review training • Security controls • Capture the Flag Exercises • Escalate when necessary
- 14. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES14 Principle #5: Keep Operational Visibility • Security doesn't stop once a release candidate has made it to production • Cultural decision to determine where to test – Pre production vs production • Business may decide to bypass security checks to move faster • Misconfigured pipelines are possible • Runtime environments are always changing
- 15. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES15 Ask the Questions! • What do future architecture plans look like? Is is more service based? • Which of your applications will pass through a CI/CD pipeline? On what technology stack? • What tolerance do you have for “false alarms” (FPs) related to security within the pipeline? • How do you plan to monitor your applications for security attacks? • How do you plan to bring security expertise into the DevOps teams?
- 16. © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES16 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES THANK YOU