Anúncio
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank
DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank

Check these out next

The Case for Disaggregation of Compute in the Data Center
The Case for Disaggregation of Compute in the Data Center
Juniper Networks
apidays LIVE Paris - Data Gateways: building “Data-as-a-Service” for the Hybr...
apidays LIVE Paris - Data Gateways: building “Data-as-a-Service” for the Hybr...
apidays
Machine Learning at E*Trade
Machine Learning at E*Trade
Elasticsearch
Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing
Corley S.r.l.
Microservice: starting point
Microservice: starting point
inovia
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Kai Wähner
APIdays Paris 2018 - Hack your legacy, from mutualism to Open Source! Chris W...
APIdays Paris 2018 - Hack your legacy, from mutualism to Open Source! Chris W...
apidays
Monitoring Pull vs Push, InfluxDB and Prometheus
Monitoring Pull vs Push, InfluxDB and Prometheus
Gianluca Arbezzano
1 de 37

DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank

24 de Oct de 2018
Baixar para ler offline
Tecnologia

ERNESTO BETHENCOURT At BBVA we are developing the Bank’s Next Global Banking Platform for building, deploying and running banking services of any kind, leveraging on cloud technologies. Security is one of the main components for this new platform and is expected to be self-service and easy to use. But it’s not only technology we are building, it’s a new culture based mainly on DevOps. So, what better opportunity to shift-left and offer developers the tools that they need to easily change their (and security teams) mindsets regarding security? In this talk we will walk you through the strategy that we have adopted to expose security services for enabling secure development but at the same time automating security processes needed by security teams. All this trying to keep it in a low budget (at least for now) by levering on vendors and open-source solutions.

DevSecCon
DevSecOps Leader - Founder/Director em DevSecCon
Anúncio
Anúncio
Anúncio

Recomendados

DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon418 visualizações50 slides
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon London 2018: A Journey to Continuous Cloud Compliance
DevSecCon London 2018: A Journey to Continuous Cloud ComplianceDevSecCon252 visualizações12 slides
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon London 2018: Whatever happened to attack aware applications?
DevSecCon London 2018: Whatever happened to attack aware applications?DevSecCon191 visualizações38 slides
DevSecCon London 2018: How to fit threat modelling into agile development: sl...DevSecCon London 2018: How to fit threat modelling into agile development: sl...
DevSecCon London 2018: How to fit threat modelling into agile development: sl...DevSecCon499 visualizações39 slides
HATech DevOps Services general introductionHATech DevOps Services general introduction
HATech DevOps Services general introductionHATech LLC720 visualizações11 slides
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...
Divide & Conquer - Logging Architecture in Distributed Ecosystems with Elasti...Elasticsearch3.6K visualizações30 slides

Mais conteúdo relacionado

Apresentações para você(20)

The Case for Disaggregation of Compute in the Data CenterThe Case for Disaggregation of Compute in the Data Center
The Case for Disaggregation of Compute in the Data Center
Juniper Networks2.6K visualizações
apidays LIVE Paris - Data Gateways: building “Data-as-a-Service” for the Hybr...apidays LIVE Paris - Data Gateways: building “Data-as-a-Service” for the Hybr...
apidays LIVE Paris - Data Gateways: building “Data-as-a-Service” for the Hybr...
apidays50 visualizações
Machine Learning at E*TradeMachine Learning at E*Trade
Machine Learning at E*Trade
Elasticsearch4.3K visualizações
Trace your micro-services oriented application with Zipkin and OpenTracing Trace your micro-services oriented application with Zipkin and OpenTracing
Trace your micro-services oriented application with Zipkin and OpenTracing
Corley S.r.l.1.3K visualizações
Microservice: starting pointMicroservice: starting point
Microservice: starting point
inovia176 visualizações
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Blockchain + Streaming Analytics with Ethereum and TIBCO StreamBase
Kai Wähner3K visualizações
APIdays Paris 2018 - Hack your legacy, from mutualism to Open Source! Chris W...APIdays Paris 2018 - Hack your legacy, from mutualism to Open Source! Chris W...
APIdays Paris 2018 - Hack your legacy, from mutualism to Open Source! Chris W...
apidays212 visualizações
Monitoring Pull vs Push, InfluxDB and PrometheusMonitoring Pull vs Push, InfluxDB and Prometheus
Monitoring Pull vs Push, InfluxDB and Prometheus
Gianluca Arbezzano5.9K visualizações
Don’t Ignore GitHub Security Alerts, Automate Them Into Your Workflow.Don’t Ignore GitHub Security Alerts, Automate Them Into Your Workflow.
Don’t Ignore GitHub Security Alerts, Automate Them Into Your Workflow.
Ashley Wolf521 visualizações
APIdays Paris 2018 - Accelerate Innovation & Aircraft Production by using API...APIdays Paris 2018 - Accelerate Innovation & Aircraft Production by using API...
APIdays Paris 2018 - Accelerate Innovation & Aircraft Production by using API...
apidays230 visualizações
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , KongAPIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
APIdays Paris 2019 - Adopting Service Mesh by Marco Palladino , Kong
apidays41 visualizações
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon250 visualizações
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays LIVE Paris - Principles for API security by Alan Glickenhouse
apidays61 visualizações
apidays LIVE Helsinki & North - 20 minutes to build a serverless COVID-19 RES...apidays LIVE Helsinki & North - 20 minutes to build a serverless COVID-19 RES...
apidays LIVE Helsinki & North - 20 minutes to build a serverless COVID-19 RES...
apidays547 visualizações
Gain multi-cloud versatility with software load balancing designed for cloud-...Gain multi-cloud versatility with software load balancing designed for cloud-...
Gain multi-cloud versatility with software load balancing designed for cloud-...
Ashnikbiz75 visualizações
AI-Driven Fraud DetectionAI-Driven Fraud Detection
AI-Driven Fraud Detection
Codit164 visualizações
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon198 visualizações
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays LIVE Paris 2021 - Advanced Authentication patterns at the Edge by Den...
apidays97 visualizações
Aliaksei Bahachuk - JavaScript and Solution ArchitectureAliaksei Bahachuk - JavaScript and Solution Architecture
Aliaksei Bahachuk - JavaScript and Solution Architecture
Aliaksei Bahachuk510 visualizações
IoT backend architectureIoT backend architecture
IoT backend architecture
Tomasz Tarczyński1.6K visualizações

Similar a DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank(20)

20170820 FIWARE at CAMPIE20170820 FIWARE at CAMPIE
20170820 FIWARE at CAMPIE
stefano de panfilis55 visualizações
FIWARE Overview (University Cairo 20Aug2017)FIWARE Overview (University Cairo 20Aug2017)
FIWARE Overview (University Cairo 20Aug2017)
FIWARE2.4K visualizações
Enabling shift-left for 12k banking developers from scratch and without break...Enabling shift-left for 12k banking developers from scratch and without break...
Enabling shift-left for 12k banking developers from scratch and without break...
Ernesto Bethencourt133 visualizações
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs [apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs
WSO2150 visualizações
apidays New York - From API Catalogs to API Marketplaces into the Metaverse, ...apidays New York - From API Catalogs to API Marketplaces into the Metaverse, ...
apidays New York - From API Catalogs to API Marketplaces into the Metaverse, ...
apidays40 visualizações
Building an Integrated Supply Chain for APIs Building an Integrated Supply Chain for APIs
Building an Integrated Supply Chain for APIs
Asanka Abeysinghe133 visualizações
apidays LIVE Hong Kong 2021 - Building an Integrated Supply Chain for APIs b...apidays LIVE Hong Kong 2021 - Building an Integrated Supply Chain for APIs b...
apidays LIVE Hong Kong 2021 - Building an Integrated Supply Chain for APIs b...
apidays132 visualizações
Evolution of Container Security - What's Next?Evolution of Container Security - What's Next?
Evolution of Container Security - What's Next?
Fernando Montenegro371 visualizações
Tech Job Conference: Software Engineer @CriteoTech Job Conference: Software Engineer @Criteo
Tech Job Conference: Software Engineer @Criteo
Gilles Legoux125 visualizações
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp} Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp}
Володимир Шиманський “Роль спільноти і OpenSource в IoT бізнесі” {R0boCamp}
Lviv Startup Club513 visualizações
IoT solutions world congress 2018 review - Robbrecht van Amerongen - Conclusi...IoT solutions world congress 2018 review - Robbrecht van Amerongen - Conclusi...
IoT solutions world congress 2018 review - Robbrecht van Amerongen - Conclusi...
Conclusion Connect enabling industry 4.0 with IoT 688 visualizações
IoT Architectures for a Digital Twin with Apache Kafka, IoT Platforms and Mac...IoT Architectures for a Digital Twin with Apache Kafka, IoT Platforms and Mac...
IoT Architectures for a Digital Twin with Apache Kafka, IoT Platforms and Mac...
Kai Wähner5.8K visualizações
[HACKATHON CISCO PARIS] Slideshow du workshop Smart City[HACKATHON CISCO PARIS] Slideshow du workshop Smart City
[HACKATHON CISCO PARIS] Slideshow du workshop Smart City
BeMyApp1.3K visualizações
ITCamp 2019 - Mihai Tataran - Governing your Cloud ResourcesITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp 2019 - Mihai Tataran - Governing your Cloud Resources
ITCamp129 visualizações
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
Cisco Canada722 visualizações
Enabling Edge Analytics of IoT Data: The Case of LoRaWANEnabling Edge Analytics of IoT Data: The Case of LoRaWAN
Enabling Edge Analytics of IoT Data: The Case of LoRaWAN
Hong-Linh Truong313 visualizações
INTERFACE, by apidays - Challenges of exposing and connecting microservicesINTERFACE, by apidays - Challenges of exposing and connecting microservices
INTERFACE, by apidays - Challenges of exposing and connecting microservices
apidays93 visualizações
Microservicios net arquitectura para aplicaciones net contenerizadas - net ...Microservicios net arquitectura para aplicaciones net contenerizadas - net ...
Microservicios net arquitectura para aplicaciones net contenerizadas - net ...
Germán Küber629 visualizações
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Alexander Al Basosi186 visualizações
The 3 pillars of agile integration: Container, Connector and APIThe 3 pillars of agile integration: Container, Connector and API
The 3 pillars of agile integration: Container, Connector and API
Judy Breedlove1.1K visualizações
Anúncio

Mais de DevSecCon(20)

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon847 visualizações
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon227 visualizações
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon241 visualizações
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon174 visualizações
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon267 visualizações
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon251 visualizações
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon601 visualizações
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon408 visualizações
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon2.2K visualizações
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon1.9K visualizações
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon312 visualizações
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon863 visualizações
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon472 visualizações
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon932 visualizações
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon517 visualizações
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon252 visualizações
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOps
DevSecCon392 visualizações
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon London 2018: Building effective DevSecOps teams through role-playin...
DevSecCon204 visualizações
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon London 2018: Variant Analysis – A critical step in handling vulnera...
DevSecCon434 visualizações
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon London 2018: Lessons from the legion (the DevSecCon London Remix)
DevSecCon286 visualizações

Último(20)

Technology Companies Development StoryTechnology Companies Development Story
Technology Companies Development Story
Hamidreza Soleimani0 visão
Fourth-Industrial-Revolution-by-DR-SA-KANU.pptFourth-Industrial-Revolution-by-DR-SA-KANU.ppt
Fourth-Industrial-Revolution-by-DR-SA-KANU.ppt
MdAbdullaAlMamun201 visão
RC522 RFID Reader_Write For Arduino.pdfRC522 RFID Reader_Write For Arduino.pdf
RC522 RFID Reader_Write For Arduino.pdf
RoboDJ0 visão
Our Business Goals.pdfOur Business Goals.pdf
Our Business Goals.pdf
mennaHendy4 visualizações
如何办理一份高仿纽约州立大学宾汉姆顿分校毕业证成绩单?如何办理一份高仿纽约州立大学宾汉姆顿分校毕业证成绩单?
如何办理一份高仿纽约州立大学宾汉姆顿分校毕业证成绩单?
aazepp0 visão
pdf.pdfpdf.pdf
pdf.pdf
YenenehMulat0 visão
如何办理一份高仿科克大学毕业证成绩单?如何办理一份高仿科克大学毕业证成绩单?
如何办理一份高仿科克大学毕业证成绩单?
aazepp3 visualizações
Intro to Text Classification with TensorFlowIntro to Text Classification with TensorFlow
Intro to Text Classification with TensorFlow
Elizabeth (Lizzie) Siegle8 visualizações
Networking Hardware Requirements.pptxNetworking Hardware Requirements.pptx
Networking Hardware Requirements.pptx
JhamaikaPaet1 visão
NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...
NS-CUK Seminar: V.T.Hoang, Review on "Graph Clustering with Graph Neural Netw...
ssuser4b1f480 visão
如何办理一份高仿东伦敦大学毕业证成绩单?如何办理一份高仿东伦敦大学毕业证成绩单?
如何办理一份高仿东伦敦大学毕业证成绩单?
aazepp3 visualizações
Introduction to Virtualization.pptxIntroduction to Virtualization.pptx
Introduction to Virtualization.pptx
latifdhalait0 visão
Do Reinvent the Wheel - Nov 2021 - DigiNext.pdfDo Reinvent the Wheel - Nov 2021 - DigiNext.pdf
Do Reinvent the Wheel - Nov 2021 - DigiNext.pdf
Hamidreza Soleimani0 visão
solar panel.pptxsolar panel.pptx
solar panel.pptx
AbdulberBaig3 visualizações
Spring_Boot_Microservices-5_Day_Session.pptxSpring_Boot_Microservices-5_Day_Session.pptx
Spring_Boot_Microservices-5_Day_Session.pptx
Prabhakaran Ravichandran0 visão
Plant Disease Detection.pptxPlant Disease Detection.pptx
Plant Disease Detection.pptx
vikasmittal922 visualizações
Space Hygiene.pdfSpace Hygiene.pdf
Space Hygiene.pdf
FerdiAfian12 visualizações
ARTIFICIAL INTELLIGENCE.pptxARTIFICIAL INTELLIGENCE.pptx
ARTIFICIAL INTELLIGENCE.pptx
Butterfly education 6 visualizações
【本科生、研究生】美国南达科他大学毕业证文凭购买指南【本科生、研究生】美国南达科他大学毕业证文凭购买指南
【本科生、研究生】美国南达科他大学毕业证文凭购买指南
sutseu0 visão
NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...
NS-CUK Seminar: J.H.Lee, Review on "GCC: Graph Contrastive Coding for Graph ...
ssuser4b1f480 visão
Anúncio

DevSecCon London 2018: Enabling shift-left for 12k banking developers from scratch and without breaking the bank

  1. LONDON 18-19 OCT 2018 Enabling shift-left for 12k banking developers from scratch and without breaking the bank ERNESTO BETHENCOURT
  2. LONDON 18-19 OCT 2018
  3. LONDON 18-19 OCT 2018 Ernesto Bethencourt Product Owner for Chimera
  4. LONDON 18-19 OCT 2018
  5. LONDON 18-19 OCT 2018 Source: https://www.bbva.com/en/corporate-information/the-transformation-of-bbva/
  6. LONDON 18-19 OCT 2018 *12k Developers
  7. LONDON 18-19 OCT 2018 Key Elements For This Transformation • Internal talent • End-to-end automation • DevOps “philosophy” • API and obsession to reuse • Global communities
  8. Ether is BBVA’s global banking platform, which allows developers to easily build, deploy and operate banking services of any kind by leveraging cloud Global Cloud Services Automation Open Source & Vendor decoupling Developer centric Hybrid cloud Reliability /Operability
  9. LONDON 18-19 OCT 2018
  10. LONDON 18-19 OCT 2018
  11. LONDON 18-19 OCT 2018
  12. LONDON 18-19 OCT 2018
  13. LONDON 18-19 OCT 2018 What are we doing? • SECaaS, part of the New Platform • BBVA Labs Advance Security • ACS (for Legacy Platform) • Cultural Change (Tribes/Clans)
  14. LONDON 18-19 OCT 2018 Security As A Service (SECaaS) BBVA’s SECaaS is one of the main Cloud components composing Ether. SECaaS builds on the concept that Security can be provided on demand to the user SECaaS provides a security embedded by default.
  15. LONDON 18-19 OCT 2018 SECaaS Objectives 4 SDLC • Early Security Feedback for Developers (Shifting Left) • Security Feedback also must be “aaS” • Automate Security Checks & Enforcement
  16. TOOLS! TOOLS EVERYWHERE! DEVELOP A PRODUCT
  17. CHIMERA
  18. LONDON 18-19 OCT 2018 Since 2016! Slides: https://www.rsaconference.com/writable/presentations/file_upload/asd-f01-security-as-a-service-in-a-financial-institution-reality-or-chimera.pdf
  19. SELF-SERVICE 4 DEV TEAMS SERVICES 4 SECURITY TEAMS
  20. LONDON 18-19 OCT 2018 Our Vision • Abstraction of Security “Solutions” • Orchestration • Added Value CHIMERA disclaimer: vendors logo used as an example only that we want our developers to know Chimera and not Vendors
  21. LONDON 18-19 OCT 2018 In-take Triage Test Deliver DevSecOps “Foundations” Static Black-box “Manual” DevSecOps Analytics Blue Team Services Security Provision DevSecOps Threat Model Auto-Enrollment Continuous Monitoring Governance Added Value Services Continuous Feedback & Optimization Our long term “Services” proposal
  22. LONDON 18-19 OCT 2018 SECURITY TOOLS CI Pipelines (i.e: Ether Pipelines) CHIMERA Security Code Review Docker Images Review Secrets Review Current Status BANDIT GECRETS In-take Analytics
  23. LONDON 18-19 OCT 2018 4 Devs Teams CI Pipelines (i.e: Ether Pipelines) Docker Images Review CHIMERA Orchestrations + Added Value
  24. LONDON 18-19 OCT 2018 Developers can access and use this information on their pipelines and in Ether’s Console
  25. LONDON 18-19 OCT 2018 4 Sec Teams CI Pipelines (i.e: Ether Pipelines) Docker Images Review CHIMERA “Security Seal”Orchestrations AUTOMATIC!
  26. LONDON 18-19 OCT 2018
  27. LONDON 18-19 OCT 2018 BBVA Labs - Advanced Security Labs • “Working how to adapt security processes from the risk analysis to the security operation in the Cloud and DevOps worlds, researching and developing concept tests that can be converted into open source tools” • Example Public Research: • https://www.bbva.com/en/vulnerability-management-in-dependencies-in-ci-cd- environments-with-open-source-tools/
  28. LONDON 18-19 OCT 2018 Example of our Public Work https://github.com/BBVA/gitsechttps://github.com/BBVA/deeptracy https://patton-server.readthedocs.io/en/latest/
  29. LONDON 18-19 OCT 2018 Deep Tracy + Patton
  30. LONDON 18-19 OCT 2018
  31. LONDON 18-19 OCT 2018 ACS – (Continuous Security Analysis) • Blue Team’s Service • BBVA’s Worldwide Service • Free for all BBVA’s projects • Manual, APIs and Jenkins library options for integrations • Compliance compatible for some projects • Manual results processing by blue team member
  32. LONDON 18-19 OCT 2018 Current Process Secure SDLC Source Repository Build Management Code Analysis Result Triage Publish Results Developer Feedback
  33. LONDON 18-19 OCT 2018 Culture Tribes and Clans
  34. LONDON 18-19 OCT 2018
  35. LONDON 18-19 OCT 2018 Next Steps (2019) • Chimera Triage and DAST MVPs • Chimera – ACS Integrations • BBVA Labs Tools in Chimera • DevSecOps Ninja and TechU Tracks • Security Champions Pilot Programs
  36. LONDON 18-19 OCT 2018
  37. LONDON 18-19 OCT 2018 [https://www.bbvanexttechnologies.com/]
Anúncio