SlideShare uma empresa Scribd logo

DevOps Security for Good

Transferir como PPTX, PDF
Francisco Donoso
Francisco Donoso

Development methodologies like Agile teach developers to make small and quick improvements to code to get features into production quickly. SAAS and web scale companies now push updated code to production using tools such as Jenkins and Chef more than ten times a day. This means that while we get updated features and software delivered faster, there is a side effect of security issues being introduced into production quicker than ever. In this talk we’ll explore why security professionals should embrace the very same DevOps tools like Jenkins, Chef, Puppet, etc. to automate security checks and remediation on code and automated infrastructure.

Tecnologia
1 de 64
DevOps, Agile, $buzzword and How the hell to secure them By: Francisco Donoso
What are you talking about? ● What hell are Devops, Agile, and $INSERT_BUZZWORD_HERE ● What kind of challenges do these methodologies present to security folks ● How to use these tools to your advantage ○ Config management suites 101 ○ Automated security scans when code is committed ● Cats
Who are you anyway? ● Have done the security analyst / security engineer thing ● Have done the security consulting thing ● MSS Architect leading a team of Security Engineers and Software Devs ● DevOps Security Engineer at: We’re hiring!
Days of old
Dev VS Ops
1. Weeks writing code 2. Weeks “testing” code Dev VS Ops
Ship it! 1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment Dev VS Ops
1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment Dev VS Ops 4. Get out of the office as quickly as possible
1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment 4. Get out of the office as quickly as possible Dev VS Ops 5. Deployment is a complete train wreck
Dev VS Ops 1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment 4. Get out of the office as quickly as possible 5. Deployment is a complete train wreck 6. Blame
Dev VS Ops 1. Weeks writing code 2. Weeks “testing” code 3. Hand it over the ops team for deployment 4. Get out of the office as quickly as possible 5. Deployment is a complete train wreck 6. Blame 7. Roll back….
What is Agile?
Agile Development Methodology
Agile Development Methodology ● Frequent changes to production ● New features (new code!!!) being introduced every sprint (often weekly) ● Less time for QA / Security review
Intro to DevOps
DevOps 101 DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from inception to deployment. Operations staff making use many of the same techniques & tools as developers for their systems work.
DevOps 101
DevOps Tool Belt
Continuous Integration
Continuous Delivery Dev Stage “Canary” Prod
Server management
Days of old Billy Susie Evan
Horizontal scaling
Config Management / Orchestration
“Infrastructure as code” Easy to identify changes in production configurations
“Infrastructure as code” Version-able, Repeatable, Testable Consistency - Ensure that your server builds meet security requirements. Makes life easier - Automate repeated tasks Change Management - “Code” review and be less scared of change! (patching anyone..? Bueller? Bueller?) DR is easier!
How the big boys do it Etsy: Average 25 deploys per day Amazon: Well….
Agile + DevOps = ?
How to secure this stuff
Config Management for good ● Base security configs ● Centralized logging & auth ● Host based firewall rules ● Automated Vuln Scans ● Easier Patching
Taking a step back..Config Management Roles: ● Web Server ● Database Server ● Mail Server Environments: ● Production ● Staging ● Development
Automate security Configure a base hardened config that is used everywhere Configure centralized auth Configure centralized logging FOR ALL THE THINGS Configure host based firewalls per role & environment Quickly mitigate insecure configurations
Example Time Write a recipe to install and configure rsyslog to send auth logs to centralized logging servers
Automatically logging all the things 1.Automatically install rsyslog 2.Automatically write a configuration file with custom “destination” log server based on the “nodes” environment 3.Start the service 4.Profit (from logs...yeah...logs)
Node Attributes Attribute Name Attribute Value
Installing rsyslog with Chef 1 2 1.For the package named “rsyslog”: 2.Install it
1.Write the rsyslog config file 2.Use the ruby template file as the source 3.Replace the “logserver” variable in the template with the proper log server based on environment Write a custom rsyslog config file 1 2 3
Enable and start the service 1 2 1.For the service named “rsyslog”: 2.Enable it during boot & start it immediately
Putting it all together (recipe)
Continuing with our base_server recipe
Attribute precedence 1.Role 2.Environment 3.Recipe
Node Attributes Attribute Name Attribute Value Environment Attribute
Remove unused packages 1 2 3 1.List of packages to remove saved as a “node” attribute 2.For each package in the list: 3.Remove the package
Make it easier for later 1 2 3 1.List of packages to upgrade and their versions saved as a “node” attribute 2.Upgrade the package: 3.To the specified version
Making security convenient
Put Security on ALL THE THINGS NodeJS_server base_server $APP_server MySQL_server NGINX_server
Demo Time
Firewalling in a DevOps World
Database VLANDMZ Traditional Firewalling
Database VLANDMZ Traditional Firewalling
DMZ Traditional Firewalling Database VLAN
Networks @ Scale
Datacenter network Networks @ Scale
1.Find all nodes with a role of “web_server” 2.For each node in the “webnodes” variable: 3.Add a simple iptables rule to allow inbound to MySQL 4.Replace the source with the value for of that web servers IP Address Automatically generate firewall rules 3 1 2 4
Let’s take a step back Testing: ● Unit ● Integration ● Regression ● Security CI System
How CI does its thing Dev Cat Code Repo CI System Did you commit yet? Did you commit yet? Did you commit yet?
How CI does its thing CI System ohhh a commit! 1.Compile the source (if needed) I’m a VM! Build Agent Run tests 2.Spin up VM / container 3.Deploy code 4.Run tests 5.Profit!
1.NMAP 2.Vulnerability scans 3.OWASP ZAP scans 4.Static code analysis Automatic Security testing
Infrastructure is code Test Like It
Chef Recipe Testing I’m a VM! Test Kitchen
1 2 3 Chef Recipe Testing
Chef Recipe Testing I’m a Cheff’d VM! Test Kitchen Vulnerability Scanner1 2
What we covered ● Intro to Agile & Devops ● How we NEED to automate to properly secure our infrastructure & code ● Config management suites 101 ○ Build a base server config that is used everywhere ● Automated security tests
THANKS FOR LISTENING Q A& I’ll try to answer questions now Q&A Session @Francisckrs Francisco Donoso Francisck

Recomendados

Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
Chef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
Chef
 
Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with Habitat
Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
 
Continuous Happiness by Continuous Delivery
Continuous Happiness by Continuous DeliveryContinuous Happiness by Continuous Delivery
Continuous Happiness by Continuous Delivery
Sergejus Barinovas
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Chef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
Chef
 

Recomendados

Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
Chef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver
Chef
 
Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with Habitat
Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef Automate
Chef
 
Continuous Happiness by Continuous Delivery
Continuous Happiness by Continuous DeliveryContinuous Happiness by Continuous Delivery
Continuous Happiness by Continuous Delivery
Sergejus Barinovas
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4
Chef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
Chef
 
Three amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + DockerThree amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + Docker
Daniel Gordillo
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
Chef
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
Chef
 
Seminar continuous delivery 19092013
Seminar continuous delivery 19092013Seminar continuous delivery 19092013
Seminar continuous delivery 19092013
Joris De Winne
 
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Ambassador Labs
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
Matt Ray
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
Mandi Walls
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
Chef
 
HandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code DevelopmentHandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code Development
pingworks
 
InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020
Mandi Walls
 
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
Puppet
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
Matt Ray
 
Scaling Jenkins
Scaling Jenkins Scaling Jenkins
Scaling Jenkins
Udaypal Aarkoti
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
Mandi Walls
 
Jenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryJenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous Delivery
Virendra Bhalothia
 
Introduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsIntroduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with Jenkins
Brice Argenson
 
Standardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins TeamStandardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins Team
Deborah Schalm
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
Matt Ray
 
InSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.beInSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.be
Mandi Walls
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 
Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
Jerod Brennen
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
Tom Stiehm
 

Mais conteúdo relacionado

Mais procurados

HandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code DevelopmentHandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code Development
pingworks
 
Standardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins TeamStandardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins Team
Deborah Schalm
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 

Mais procurados (20)

Three amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + DockerThree amigos: Bitbucket + Jenkins + Docker
Three amigos: Bitbucket + Jenkins + Docker
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
 
Seminar continuous delivery 19092013
Seminar continuous delivery 19092013Seminar continuous delivery 19092013
Seminar continuous delivery 19092013
 
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
Microservices Practitioner Summit Jan '15 - Maximizing Developer Productivity...
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
 
HandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code DevelopmentHandsOn TestDriven Infrastructure As Code Development
HandsOn TestDriven Infrastructure As Code Development
 
InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020InSpec at DevOps ATL Meetup January 22, 2020
InSpec at DevOps ATL Meetup January 22, 2020
 
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
PuppetConf 2016 Customer Keynote: Cloud, Containers & the Impact on IT - Jeff...
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
 
Scaling Jenkins
Scaling Jenkins Scaling Jenkins
Scaling Jenkins
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
 
Jenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous DeliveryJenkins - From Continuous Integration to Continuous Delivery
Jenkins - From Continuous Integration to Continuous Delivery
 
Introduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with JenkinsIntroduction to Continuous Integration with Jenkins
Introduction to Continuous Integration with Jenkins
 
Standardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins TeamStandardizing Jenkins with CloudBees Jenkins Team
Standardizing Jenkins with CloudBees Jenkins Team
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
 
InSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.beInSpec - June 2018 at Open28.be
InSpec - June 2018 at Open28.be
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...Inspec: Turn your compliance, security, and other policy requirements into au...
Inspec: Turn your compliance, security, and other policy requirements into au...
 

Destaque

Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
Jerod Brennen
 
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Christian Schneider
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testing
seleniumconf
 
Web Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraWeb Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 era
Carlo Bonamico
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Christian Schneider
 

Destaque (17)

Integrating security into the application development process
Integrating security into the application development processIntegrating security into the application development process
Integrating security into the application development process
 
Integrating security into Continuous Delivery
Integrating security into Continuous DeliveryIntegrating security into Continuous Delivery
Integrating security into Continuous Delivery
 
L'open source dans les nouvelles architectures web
L'open source dans les nouvelles architectures webL'open source dans les nouvelles architectures web
L'open source dans les nouvelles architectures web
 
Infrastructure as Data with Ansible for easier Continuous Delivery
Infrastructure as Data with Ansible for easier Continuous DeliveryInfrastructure as Data with Ansible for easier Continuous Delivery
Infrastructure as Data with Ansible for easier Continuous Delivery
 
Integrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWSIntegrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWS
 
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
 
Rugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsRugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOps
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testing
 
Continuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinkiContinuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinki
 
Web Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 eraWeb Application Security Reloaded for the HTML5 era
Web Application Security Reloaded for the HTML5 era
 
Continuous Security: Zap security bugs now Codemotion-2015
Continuous Security: Zap security bugs now Codemotion-2015Continuous Security: Zap security bugs now Codemotion-2015
Continuous Security: Zap security bugs now Codemotion-2015
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
 
Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecCon
 
Introduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesIntroduction to Security Vulnerabilities
Introduction to Security Vulnerabilities
 
Les tests de securite devops
Les tests de securite devopsLes tests de securite devops
Les tests de securite devops
 

Semelhante a DevOps Security for Good

Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
Amazon Web Services
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
Jesse Houwing
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
ssuser37f369
 

Semelhante a DevOps Security for Good (20)

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP IndonesiaStrengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
Devops : Automate Your Infrastructure with Puppet
Devops : Automate Your Infrastructure with PuppetDevops : Automate Your Infrastructure with Puppet
Devops : Automate Your Infrastructure with Puppet
 
Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
 
Tour of Azure DevOps
Tour of Azure DevOpsTour of Azure DevOps
Tour of Azure DevOps
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
Overcoming Security Challenges in DevOps
Overcoming Security Challenges in DevOpsOvercoming Security Challenges in DevOps
Overcoming Security Challenges in DevOps
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
 
Devops
DevopsDevops
Devops
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)
 
What DevOps Isn't
What DevOps Isn'tWhat DevOps Isn't
What DevOps Isn't
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
Azure DevOps in Action
Azure DevOps in ActionAzure DevOps in Action
Azure DevOps in Action
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
 
Trusting the Unknown
Trusting the UnknownTrusting the Unknown
Trusting the Unknown
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Último (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

DevOps Security for Good