Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Security Sprint By Ramnath Cidambi. Agile and DevOps DevOps is a “recent” concept though the building blocks have existed for a while – The understanding.

Published byErick Roderick Skinner Modified over 8 years ago

Similar presentations

Presentation on theme: "The Security Sprint By Ramnath Cidambi. Agile and DevOps DevOps is a “recent” concept though the building blocks have existed for a while – The understanding."— Presentation transcript:

1 The Security Sprint By Ramnath Cidambi

2

3

4 Agile and DevOps DevOps is a “recent” concept though the building blocks have existed for a while – The understanding of what it is varies Agile is mature, well-defined Agile & DevOps are complimentary and need to co-exist

5 Agile and DevOps Methods and Goals – Rapid response to change – Speed to Market = Iterative and Fast – Focus on the Product = Focus on Customer – Small Chunks – Collaborate What happened to the “Focus on Security”?

6 More challenges! Refactoring of code could create security vulnerabilities Automation such as continuous integration results in less priority to change management

7 What is a IT Team to do?

8 Agile and DevOps Incorporate Security in three areas

9 Agile and DevOps Incorporate Security in Process

10 Step 1 – Risk Assessment (RA) & Security Architecture A new product or system ? Product/System owner should work with Security team to perform a RA that includes input from all Stakeholders Develop a System Security architecture that uses the RA as input. the ideal process

11 Step 2 – Security Assessment of every story Validate every story with respect to the system security architecture Every sprint should have a security risk indicator based on the validation Every security sensitive story – Factor into design – Security Acceptance criteria – Security testing the ideal process

12 What Really Happens? The need for speed and business priority takes over Security requirements are postponed to future sprints Business requirements take precedence over security There are not enough hours in the day It is not “going to happen to us” justifies the decisions Projects start running a security debt!

13 How do we solve it? Collect on the Security debt! Create Security Only Sprints (SOS) Involve the CISO and sell it to the business Use Security Only Sprints to educate Use Security Only sprints to get to the ideal process! Business Sprint Business Sprint Business Sprint Security Sprint

14 Agile and DevOps Incorporate Security using Tools

15 Tools make it easy! Use tools to scan code for vulnerabilities – Make it part of the development environment Automation of Security Testing – Use tools such as OWASP ZAP Pen test after integration and before user acceptance (this may be too late!) Continuous integration needs continuous security testing

16 Tools make it easy….and hard DevOps is all about automation. For your end product to be secure… Make sure Dev, Test, UAT and Prod environments are identical Ensure Security team has validated the environments Everything you need to do should be done before build Make sure it works for you and your organization!

17 Agile and DevOps Educate and Increase awareness

18 Agile and DevOps People and Security Integrate member(s) of security team with App dev experience in team Training in Secure development needs to be constant! People are your best defense!

19 Agile and DevOps There will be a constant tension between the need for speed and agility and meeting security needs of the organization. A healthy balance is important.

Download ppt "The Security Sprint By Ramnath Cidambi. Agile and DevOps DevOps is a “recent” concept though the building blocks have existed for a while – The understanding."

Similar presentations

Are Parametric Techniques Relevant for Agile Development Projects?

Are Parametric Techniques Relevant for Agile Development Projects?
Iteration Planning.

Iteration Planning.
An Effective Agile Testing Framework AN AGILE TESTING FRAMEWORK 1 2 5 3 4.

An Effective Agile Testing Framework AN AGILE TESTING FRAMEWORK
Chapter: 3 Agile Development

Chapter: 3 Agile Development
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Steve Collins Richland County IT Manager Agile.  Have Fun  Learn About Agile  Tell Some Stories.

Steve Collins Richland County IT Manager Agile.  Have Fun  Learn About Agile  Tell Some Stories.
Interoperability. What is testing? Where have we come from? Where are we now? Why is nFocus at MSAIC? Overview.

Interoperability. What is testing? Where have we come from? Where are we now? Why is nFocus at MSAIC? Overview.
Local Touch – Global Reach www.us.sogeti.com The New Tester Matthew Eakin, Manager Managed Testing Practice Sogeti, USA.

Local Touch – Global Reach The New Tester Matthew Eakin, Manager Managed Testing Practice Sogeti, USA.
What is Agile? Agile is a software methodology based on iterative and incremental development, where requirements and solutions evolve through collaboration.

What is Agile? Agile is a software methodology based on iterative and incremental development, where requirements and solutions evolve through collaboration.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
NAUG NAUG Knowledge Evening – 01 27 th February 2007.

NAUG NAUG Knowledge Evening – th February 2007.
Agile development By Sam Chamberlain. First a bit of history..

Agile development By Sam Chamberlain. First a bit of history..
© ThoughtWorks, 2008 Improving Productivity and Quality With Agile Patrick Kua.

© ThoughtWorks, 2008 Improving Productivity and Quality With Agile Patrick Kua.
Computer Engineering 203 R Smith Agile Development 1/2009 1 Agile Methods What are Agile Methods? – Extreme Programming is the best known example – SCRUM.

Computer Engineering 203 R Smith Agile Development 1/ Agile Methods What are Agile Methods? – Extreme Programming is the best known example – SCRUM.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Extreme Programming.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 17 Slide 1 Extreme Programming.
Michael Burnside Blog: Software Quality Assurance, Quality Engineering, and Web and Mobile Test.

Michael Burnside Blog: Software Quality Assurance, Quality Engineering, and Web and Mobile Test.
Chapter 5 Software Process Models. Problems with “Traditional” Processes 1.Focused on and oriented towards “large projects” and lengthy development time.

Chapter 5 Software Process Models. Problems with “Traditional” Processes 1.Focused on and oriented towards “large projects” and lengthy development time.
Scrum’s Product Owner Role Jeff Patton Agile Product Design

Scrum’s Product Owner Role Jeff Patton Agile Product Design
Testing Challenges in an Agile Environment Biraj Nakarja Sogeti UK 28 th October 2009.

Testing Challenges in an Agile Environment Biraj Nakarja Sogeti UK 28 th October 2009.
5. Planning.

5. Planning.

Similar presentations

Ads by Google