Presentation is loading. Please wait.

Presentation is loading. Please wait.

Putting the ‘Sec’ in DevSecOps

Published byWidyawati Kusnadi Modified over 6 years ago

Similar presentations

Presentation on theme: "Putting the ‘Sec’ in DevSecOps"— Presentation transcript:

1 Putting the ‘Sec’ in DevSecOps
By: Bill Kiley

2 What is it? Dev(elopment) Sec(urity) Op(eration)s

3 The foundation: DevOps
Automation & Testing in the SDLC. The goal: To reduce time & errors

4 DevOps SDLC

5 Your SDLC How do you build? How do you test? How do you configure?
How do you deploy?

6 Adding the Missing Piece: Sec
Design and test… …but the key: detect and respond

7

8 Putting it Together Develop code Commit to source control (git)
Build and run unit tests & static code analysis (Jenkins) Provision test environment and deploy (Chef) Run full battery of tests against deployed app (Jenkins) Deploy (if tests pass) to production (Chef) Monitor and alert (Splunk)

9 Reducing Technical Debt
What is Technical Debt? What does that have to do with DevSecOps?

Download ppt "Putting the ‘Sec’ in DevSecOps"

Similar presentations

DevOps and Security: It’s Happening. Right Now.

DevOps and Security: It’s Happening. Right Now.
© SAIC. All rights reserved. Agile & DevOps – Why you need both! AFCEA Meeting v1.0 June 2, 2015 John Coble, VP, Chief Software Architect, SAIC.

© SAIC. All rights reserved. Agile & DevOps – Why you need both! AFCEA Meeting v1.0 June 2, 2015 John Coble, VP, Chief Software Architect, SAIC.
The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman.

The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman.
Brakeman and Jenkins: The Duo Detects Defects in Ruby on Rails Code Justin Collins Tin Zaw AppSec USA September 23, 2011.

Brakeman and Jenkins: The Duo Detects Defects in Ruby on Rails Code Justin Collins Tin Zaw AppSec USA September 23, 2011.
Deconstructing API Security

Deconstructing API Security
Infrastructure as code. “Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal.

Infrastructure as code. “Enable the reconstruction of the business from nothing but a source code repository, an application data backup, and bare metal.
Copyright © 2015 Splunk Inc. Rob Charlton Cloud DevOps Architect, Vertu Vertu’s digital transformation.

Copyright © 2015 Splunk Inc. Rob Charlton Cloud DevOps Architect, Vertu Vertu’s digital transformation.
Advanced Word Problem Structures First Grade.  Taking Apart Into Three Parts.

Advanced Word Problem Structures First Grade.  Taking Apart Into Three Parts.
Build on one person’s machine Code and debug for weeks (months?) Manually deploy parts via file copy Run manual tests against deployed app.

Build on one person’s machine Code and debug for weeks (months?) Manually deploy parts via file copy Run manual tests against deployed app.
Build and Deployment Process Understand NCI’s DevOps and continuous integration requirements Understand NCI’s build and distribution requirements.

Build and Deployment Process Understand NCI’s DevOps and continuous integration requirements Understand NCI’s build and distribution requirements.
A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.

A way to develop software that emphasizes communication, collaboration, and integration between development and IT operations teams.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.

Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
The Next Level Of Agile: DevOps and CD אוקטובר 2015.

The Next Level Of Agile: DevOps and CD אוקטובר 2015.
TICKETMASTER CULTURE EATS STRATEGY FOR

TICKETMASTER CULTURE EATS STRATEGY FOR
Streamlining the development of your mobile app(s) Frequently releasing value to users Constantly maintaining quality Monitoring app health and engagement.

Streamlining the development of your mobile app(s) Frequently releasing value to users Constantly maintaining quality Monitoring app health and engagement.
Top Docker Cloud Software Hosting PaaS Providers in Australia

Top Docker Cloud Software Hosting PaaS Providers in Australia
Figure 1. Gartner DevOps Model

Figure 1. Gartner DevOps Model
DevOps for the IT Pro with Azure and Visual Studio Team Services

DevOps for the IT Pro with Azure and Visual Studio Team Services
Zero to DevOps Donovan Brown @DonovanBrown.

Zero to DevOps Donovan
Joonas Sirén, Technology Architect, Emerging Technologies Accenture

Joonas Sirén, Technology Architect, Emerging Technologies Accenture

Similar presentations

Ads by Google