O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

OSMC 2022 | Security as Code A DevSecOps Approach by Joseph Katsioloudes

Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio
Anúncio

Confira estes a seguir

1 de 41 Anúncio

OSMC 2022 | Security as Code A DevSecOps Approach by Joseph Katsioloudes

Baixar para ler offline

Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization. In this session, we will
review lessons learned from DevOps to implement a thriving DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code. We will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.

Security as Code (SaC) is the methodology of codifying security tests, scans, and policies. Security is implemented directly into the CI/CD pipeline to automatically and continuously detect security vulnerabilities. Adopting SaC tightly couples application development with security and vulnerability management, while simultaneously enabling developers to focus on core features and functionality. More importantly, it improves the collaboration between Development and Security teams and helps nurture a culture of security across the organization. In this session, we will
review lessons learned from DevOps to implement a thriving DevSecOps culture, in particular how we can make developers contribute security checks with the SaC approach. We will introduce CodeQL, a language that allows us to implement security checks with code. We will demo how we can code queries for vulnerabilities and misconfigurations so they can be identified as soon as they hit your CI/CD pipeline.

Anúncio
Anúncio

Mais Conteúdo rRelacionado

Mais recentes (20)

Anúncio

OSMC 2022 | Security as Code A DevSecOps Approach by Joseph Katsioloudes

  1. 1. PRESENTED BY: JOSEPH KATSIOLOUDES Security as Code (SaC) A DevSecOps Approach
  2. 2. PRESENTED BY: JOSEPH KATSIOLOUDES Security as Code (SaC) A DevSecOps Approach
  3. 3. Security as Code (SaC) A DevSecOps Approach
  4. 4. Security as Code (SaC) A DevSecOps Approach
  5. 5. Security as Code (SaC) A DevSecOps Approach
  6. 6. Security as Code (SaC) A DevSecOps Approach
  7. 7. Security as Code (SaC) A DevSecOps Approach
  8. 8. Security as Code (SaC) A DevSecOps Approach
  9. 9. Security as Code (SaC) A DevSecOps Approach GitHub Community Hunters
  10. 10. Security as Code (SaC) A DevSecOps Approach
  11. 11. Security as Code (SaC) A DevSecOps Approach
  12. 12. Security as Code (SaC) A DevSecOps Approach
  13. 13. Security as Code (SaC) A DevSecOps Approach Query Code
  14. 14. Security as Code (SaC) A DevSecOps Approach AST
  15. 15. Security as Code (SaC) A DevSecOps Approach
  16. 16. Security as Code (SaC) A DevSecOps Approach
  17. 17. Security as Code (SaC) A DevSecOps Approach Passive user Active user
  18. 18. Security as Code (SaC) A DevSecOps Approach Passive user Active user
  19. 19. Security as Code (SaC) A DevSecOps Approach
  20. 20. Security as Code (SaC) A DevSecOps Approach
  21. 21. Security as Code (SaC) A DevSecOps Approach Passive user Active user
  22. 22. Security as Code (SaC) A DevSecOps Approach
  23. 23. Security as Code (SaC) A DevSecOps Approach
  24. 24. Security as Code (SaC) A DevSecOps Approach
  25. 25. Security as Code (SaC) A DevSecOps Approach
  26. 26. Security as Code (SaC) A DevSecOps Approach
  27. 27. Security as Code (SaC) A DevSecOps Approach
  28. 28. Security as Code (SaC) A DevSecOps Approach
  29. 29. Security as Code (SaC) A DevSecOps Approach
  30. 30. Security as Code (SaC) A DevSecOps Approach
  31. 31. Security as Code (SaC) A DevSecOps Approach
  32. 32. Security as Code (SaC) A DevSecOps Approach
  33. 33. Security as Code (SaC) A DevSecOps Approach Taint Tracking input output Extensibility & Flexibility
  34. 34. Security as Code (SaC) A DevSecOps Approach GitHub Community Hunters
  35. 35. Security as Code (SaC) A DevSecOps Approach
  36. 36. Security as Code (SaC) A DevSecOps Approach

×