Putting the ‘Sec’ in DevSecOps

Slides:



Advertisements
Similar presentations
DevOps and Security: It’s Happening. Right Now.
Advertisements

© SAIC. All rights reserved. Agile & DevOps – Why you need both! AFCEA Meeting v1.0 June 2, 2015 John Coble, VP, Chief Software Architect, SAIC.
The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman.
Brakeman and Jenkins: The Duo Detects Defects in Ruby on Rails Code Justin Collins Tin Zaw AppSec USA September 23, 2011.
Deconstructing API Security
Infrastructure as code. “Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal.
Copyright © 2015 Splunk Inc. Rob Charlton Cloud DevOps Architect, Vertu Vertu’s digital transformation.
Advanced Word Problem Structures First Grade.  Taking Apart Into Three Parts.
Build on one person’s machine Code and debug for weeks (months?) Manually deploy parts via file copy Run manual tests against deployed app.
Build and Deployment Process Understand NCI’s DevOps and continuous integration requirements Understand NCI’s build and distribution requirements.
A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
The Next Level Of Agile: DevOps and CD אוקטובר 2015.
TICKETMASTER CULTURE EATS STRATEGY FOR
Streamlining the development of your mobile app(s) Frequently releasing value to users Constantly maintaining quality Monitoring app health and engagement.
Top Docker Cloud Software Hosting PaaS Providers in Australia
Figure 1. Gartner DevOps Model
DevOps for the IT Pro with Azure and Visual Studio Team Services
Zero to DevOps Donovan
Joonas Sirén, Technology Architect, Emerging Technologies Accenture
DevOps; a Tester’s best friend
Don’t Forget Security When Delivering Software
Agenda:- DevOps Tools Chef Jenkins Puppet Apache Ant Apache Maven Logstash Docker New Relic Gradle Git.
DEVOPS from BUZZ to FIZZ
4/24/ :07 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Defend your Python Code
0 to DevOps. 0 to DevOps Who am I? Donovan Brown Fun Stuff 5/7/2018 Who am I? Donovan Brown Principal DevOps Manager.
Microsoft Virtual Academy
Blue Mixology.
Trends like agile development and continuous integration speak to the modern enterprise’s need to build software hyper-efficiently Jenkins:  a highly.
Владимир Гусаров Директор R&D, Dell Visual Studio ALM MVP ALM Ranger
Transform your IT Skills in a DevOps World
Your Chance to Get It Right Five Keys to Building AppSec into DevOps
Jenkins and Azure OPEN322 Michael Friedrich.
4th Forum How to easily offer your application as a self-service template by using OpenShift and GitLab-CI 4th Forum Alberto.
BITDEFENDER ANTIVIRUS TECHNICAL SUPPORT CALL SUPPORT NUMBER:
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Where can I download Aws Devops Engineer Professional Exam Study Material - Get Updated Aws Devops Engineer Professional Braindumps Dumps4downlaod.us
Get Amazon AWS-DevOps-Engineer-Professional Exam Real Questions - Amazon AWS-DevOps-Engineer-Professional Dumps Realexamdumps.com
Automate Early... But Securely!
Intro to Config Management Using Salt Open Source
Microsoft Connect /7/ :48 PM
DevOps Fundamentals Configuration Management
Microsoft Ignite NZ October 2016 SKYCITY, Auckland.
Lunch & Learn: Are you letting your users be your testers?
SDLC The systems development life cycle is the foundation for many systems development methodologies such as RAD and agile Systems development life cycle.
TechEd /28/ :51 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered.
Release Management with Visual Studio Team Services
DevOps Fundamentals Automated Testing
12/26/2018 1:44 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Release Management with Visual Studio Team Services
DevOps Fundamentals Continuous Integration
JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS
Shifting Security Left
2/19/2019 9:06 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Addressing Test coverage in Continuous Testing
The Ops side of DevOps Manager Microsoft
Software Security.
Helping you make your code better
DEVOPS & THE FUTURE OF TESTING
(c) 2011 Microsoft. All rights reserved.
DevOps better together with System Center 2012 SP1 and Visual Studio
Office 365 Development July 2014.
Erik Vollebekk Application Architect
Putting Together a DevOps Pipeline Leveraging Technology, Process, and People 1 May 2019 Mr. Patrick Bush.
Azure DevOps Simplified with Production Data
Dev-Sec-Ops Jose Alvarez DevSecOps Engineer & Evangelist
Azure DevOps Integration
Eldert Grootenboer Cloud Architecture Recipes For The Enterprise
Presentation transcript:

Putting the ‘Sec’ in DevSecOps By: Bill Kiley

What is it? Dev(elopment) Sec(urity) Op(eration)s

The foundation: DevOps Automation & Testing in the SDLC. The goal: To reduce time & errors

DevOps SDLC

Your SDLC How do you build? How do you test? How do you configure? How do you deploy?

Adding the Missing Piece: Sec Design and test… …but the key: detect and respond

Putting it Together Develop code Commit to source control (git) Build and run unit tests & static code analysis (Jenkins) Provision test environment and deploy (Chef) Run full battery of tests against deployed app (Jenkins) Deploy (if tests pass) to production (Chef) Monitor and alert (Splunk)

Reducing Technical Debt What is Technical Debt? What does that have to do with DevSecOps?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.