SlideShare uma empresa Scribd logo

Software Security: In the World of Cloud & CI-CD

OWASP Delhi
OWASP Delhi

OWASP Delhi November Meet - Software Security: In the World of Cloud & CI-CD by Aniket Kulkarni

Tecnologia
1 de 23
Baixar para ler offline
26 Nov 2015 Venue: Akamai, Singapore OWASP Singapore. 28 Nov 2015 Venue: Airtel, Delhi-India. OWASP, Delhi-India. Remote WebEx From Singapore. Software Security: “In The World Of, Cloud & CI-CD” -Aniket Kulkarni Software Security Architect (BigdataCloudMobileWeb)
Agenda  Cloud & It’s Snapshots  Definition Of Todays Client’s  Users Angle To cloud  Changing Landscape Of Customer Requirements  CI, CD  An Era Of Dashboards  Secure SDLC: CI-CD Way
Cloud Computing? Cloud computing: Also known as on-demand computing, is a kind of internet-based computing, where shared resources and information are provided to computers and other devices on-demand.
Cloud Snapshots
Client’s Today ? CLOUD
Continuous Integration-CI.  Continuous Integration (CI) is a development practice that requires developers to integrate code into a shared repository several times a day.  Each check-in is then verified by an automated build, allowing teams to detect problems early.
Continuous Delivery-CD.  Continuous Delivery (CD): is a software engineering approach in which teams keep producing valuable software in short cycles and ensure that the software can be reliably released at any time.  It aims at, building, testing, and releasing software, faster and more frequently.
Continuous Deployment-CD.  Continuous Deployment (CD): Is next phase to continuous delivery.  Every change that passes the automated tests get deployed on production automatically.
Users Angle To Cloud. Client Side Subscribed USER1 Free USER3 Subscribed USER2 Application Server Storage ServiceI & AM Notification Service
An Era Of Dashboards.
Changing Landscape Of Requirements  On Going Customer Demands  Associated Market Competitions  Product Research Outcomes “Constant Rotating Eyeball On Product In Production, Hosted On Cloud, with constant changes”
Challenges For Business Stakeholders  How to manage security posture of 150+ cloud products ?  Shall we invest for Security (Yes/NO) ?  If yes, how much ? Confused for decision ?  Invested $X million. How much secure we are ?  We are 100% Compliance done! Are We Secure now?  Are we satisfying customer demands ?
S-SDLC (CI-CD): Component Repository External Repositories Internal ComponentsOrganization Repository (Ex:NexusArtifactory)
S-SDLC (CI-CD): 3rd Party External Component Security External Repositories Internal Components Organization Repository (Ex: Nexus Artifactory) 3rd Party Component Security Tools (Ex: Sonatype CLM) Continuous Dashboard Update
S-SDLC (CI-CD): Development External Repositories Internal Components Organization Repository (Ex: Nexus Artifactory) Static Source Code Analysis Tool (Ex: Fortify) Continuous Dashboard Update
S-SDLC (CI-CD): QA • Internal Automation Frameworks • Mostly Python Scripts Actual Web Product Hosted On Staging Dynamic Analysis Tool Run Manual Dashboard Update InternalExternal Penetration Tests Continuous Dashboard Update Interactive Application Security Testing (Ex: Contrast)
S-SDLC (CI-CD): SASTDASTIAST SAST DAST IAST • Uses source code to find vulnerabilities without running the application. • Misses run time vulnerabilities. • Many false positives • Analyzes application in its running state by fuzzing with malicious payloads from outside • Misses business logic vulnerabilities • Many false positives • Analyzes application in its running state by deploying sensors inside the app. • Finds most of the things which SAST and DAST misses • Almost NoLess false positives
S-SDLC (CI-CD): Typical IAST Deployment Custom Code Java Runtime Application Server Frameworks Libraries IAST Engine Security Information To Dashboard Web Application Data From Passive Sensors
S-SDLC (CI-CD): Compact View DEVELOPMENTCOMPONENT SELECTION QA IASTSTAGING All Set For Product Release ? 
Rethinking challenges! How we appear on challenges now ?  How to manage security posture of 150+ cloud products?  Shall we invest for Security (Yes/NO) ?  If yes, how much ? Confused for decision ?  Invested $X million. How much secure we are ?  We are 100% Compliance done! Are We Secure now?  Are we satisfying customer demands ?
Key Points Take Away  Cloud & CI,CD  Software product Business challenges  Pitching security in fast pace environment: -3rd party component security -Security at Development -Security at QA -Security at StagingProduction  Solutions that we have for this fast pace environment  Security an input for business decisions  Deciding factor for security investment & ROI
Q & A
Thank you, Aniket Kulkarni - Software Security Architect (BigdataCloudMobileWeb) Autodesk Singapore Research & Development Center Singapore.

Recomendados

Containers and Kubernetes without limits
Containers and Kubernetes without limitsContainers and Kubernetes without limits
Containers and Kubernetes without limitsAntje Barth
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Ukraine
 
E bpf and profilers
E bpf and profilersE bpf and profilers
E bpf and profilersLibbySchulze
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assuranceOllie Whitehouse
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
OReilly Software Architecture Conference: Architecture as code - objective m...
OReilly Software Architecture Conference: Architecture as code - objective m...OReilly Software Architecture Conference: Architecture as code - objective m...
OReilly Software Architecture Conference: Architecture as code - objective m...PaulaPaulSlides
 
Global Logic Ukraine
Global Logic UkraineGlobal Logic Ukraine
Global Logic UkraineSt_Hellen
 

Recomendados

Containers and Kubernetes without limits
Containers and Kubernetes without limitsContainers and Kubernetes without limits
Containers and Kubernetes without limitsAntje Barth
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Ukraine
 
E bpf and profilers
E bpf and profilersE bpf and profilers
E bpf and profilersLibbySchulze
 
Agile software security assurance
Agile software security assuranceAgile software security assurance
Agile software security assuranceOllie Whitehouse
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
OReilly Software Architecture Conference: Architecture as code - objective m...
OReilly Software Architecture Conference: Architecture as code - objective m...OReilly Software Architecture Conference: Architecture as code - objective m...
OReilly Software Architecture Conference: Architecture as code - objective m...PaulaPaulSlides
 
Global Logic Ukraine
Global Logic UkraineGlobal Logic Ukraine
Global Logic UkraineSt_Hellen
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Azure tales: a real world CQRS and ES Deep Dive - Andrea Saltarello
Azure tales: a real world CQRS and ES Deep Dive - Andrea SaltarelloAzure tales: a real world CQRS and ES Deep Dive - Andrea Saltarello
Azure tales: a real world CQRS and ES Deep Dive - Andrea SaltarelloITCamp
 
Software Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsSoftware Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsVMware Tanzu
 
Yannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowYannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowMarynaHoldaieva
 
DevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataDevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataHananto Wibowo Soenarto
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
 
use case ibm k8s_service+devops
use case ibm k8s_service+devopsuse case ibm k8s_service+devops
use case ibm k8s_service+devopsShoichiro Sakaigawa
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersDevOps.com
 
Getting Started with Infrastructure as Code (IaC)
Getting Started with Infrastructure as Code (IaC)Getting Started with Infrastructure as Code (IaC)
Getting Started with Infrastructure as Code (IaC)Noor Basha
 
OpenHW TV S2 E04: Software Task Group Project Updates
OpenHW TV S2 E04: Software Task Group Project UpdatesOpenHW TV S2 E04: Software Task Group Project Updates
OpenHW TV S2 E04: Software Task Group Project UpdatesIvan Kravets
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareAUGNYC
 
.NetKS Catalogue
.NetKS Catalogue.NetKS Catalogue
.NetKS CataloguePrzemysław Ładyński
 
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owaspDev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owaspDag Rowe
 
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...DevDay Dresden
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayYusuf Hadiwinata Sutandar
 
TIAD 2016 : Continuous Integration mesured and controlled
TIAD 2016 : Continuous Integration mesured and controlledTIAD 2016 : Continuous Integration mesured and controlled
TIAD 2016 : Continuous Integration mesured and controlledThe Incredible Automation Day
 
The good, the bad, and the ugly of migrating hundreds of legacy applications ...
The good, the bad, and the ugly of migrating hundreds of legacy applications ...The good, the bad, and the ugly of migrating hundreds of legacy applications ...
The good, the bad, and the ugly of migrating hundreds of legacy applications ...Josef Adersberger
 
Building Observable Infrastructure and Code
Building Observable Infrastructure and CodeBuilding Observable Infrastructure and Code
Building Observable Infrastructure and CodeUllyCarolinneSampaio
 
Integrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps EnvironmentIntegrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps EnvironmentBlack Duck by Synopsys
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDocker, Inc.
 
Lifestyle holidays vacation club
Lifestyle holidays vacation clubLifestyle holidays vacation club
Lifestyle holidays vacation clubLifestyle Holidays Vacation Club
 
謎コンテンツ制作者向けアンケート第1段:集計結果
謎コンテンツ制作者向けアンケート第1段:集計結果謎コンテンツ制作者向けアンケート第1段:集計結果
謎コンテンツ制作者向けアンケート第1段:集計結果Uran Bird
 

Mais conteúdo relacionado

Mais procurados

Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Azure tales: a real world CQRS and ES Deep Dive - Andrea Saltarello
Azure tales: a real world CQRS and ES Deep Dive - Andrea SaltarelloAzure tales: a real world CQRS and ES Deep Dive - Andrea Saltarello
Azure tales: a real world CQRS and ES Deep Dive - Andrea SaltarelloITCamp
 
Software Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsSoftware Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsVMware Tanzu
 
Yannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowYannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowMarynaHoldaieva
 
DevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataDevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataHananto Wibowo Soenarto
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Denim Group
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersDevOps.com
 
Getting Started with Infrastructure as Code (IaC)
Getting Started with Infrastructure as Code (IaC)Getting Started with Infrastructure as Code (IaC)
Getting Started with Infrastructure as Code (IaC)Noor Basha
 
OpenHW TV S2 E04: Software Task Group Project Updates
OpenHW TV S2 E04: Software Task Group Project UpdatesOpenHW TV S2 E04: Software Task Group Project Updates
OpenHW TV S2 E04: Software Task Group Project UpdatesIvan Kravets
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareAUGNYC
 
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owaspDev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owaspDag Rowe
 
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...DevDay Dresden
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayYusuf Hadiwinata Sutandar
 
TIAD 2016 : Continuous Integration mesured and controlled
TIAD 2016 : Continuous Integration mesured and controlledTIAD 2016 : Continuous Integration mesured and controlled
TIAD 2016 : Continuous Integration mesured and controlledThe Incredible Automation Day
 
The good, the bad, and the ugly of migrating hundreds of legacy applications ...
The good, the bad, and the ugly of migrating hundreds of legacy applications ...The good, the bad, and the ugly of migrating hundreds of legacy applications ...
The good, the bad, and the ugly of migrating hundreds of legacy applications ...Josef Adersberger
 
Building Observable Infrastructure and Code
Building Observable Infrastructure and CodeBuilding Observable Infrastructure and Code
Building Observable Infrastructure and CodeUllyCarolinneSampaio
 
Integrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps EnvironmentIntegrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps EnvironmentBlack Duck by Synopsys
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDocker, Inc.
 

Mais procurados (20)

Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
 
Azure tales: a real world CQRS and ES Deep Dive - Andrea Saltarello
Azure tales: a real world CQRS and ES Deep Dive - Andrea SaltarelloAzure tales: a real world CQRS and ES Deep Dive - Andrea Saltarello
Azure tales: a real world CQRS and ES Deep Dive - Andrea Saltarello
 
Software Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and TradeoffsSoftware Architecture: A Story About Business Value and Tradeoffs
Software Architecture: A Story About Business Value and Tradeoffs
 
Yannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowYannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflow
 
DevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf HadiwinataDevSecOps : The Open Source Way by Yusuf Hadiwinata
DevSecOps : The Open Source Way by Yusuf Hadiwinata
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
 
use case ibm k8s_service+devops
use case ibm k8s_service+devopsuse case ibm k8s_service+devops
use case ibm k8s_service+devops
 
Security in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps EngineersSecurity in CI/CD Pipelines: Tips for DevOps Engineers
Security in CI/CD Pipelines: Tips for DevOps Engineers
 
Getting Started with Infrastructure as Code (IaC)
Getting Started with Infrastructure as Code (IaC)Getting Started with Infrastructure as Code (IaC)
Getting Started with Infrastructure as Code (IaC)
 
OpenHW TV S2 E04: Software Task Group Project Updates
OpenHW TV S2 E04: Software Task Group Project UpdatesOpenHW TV S2 E04: Software Task Group Project Updates
OpenHW TV S2 E04: Software Task Group Project Updates
 
Enable DevSecOps using JIRA Software
Enable DevSecOps using JIRA SoftwareEnable DevSecOps using JIRA Software
Enable DevSecOps using JIRA Software
 
.NetKS Catalogue
.NetKS Catalogue.NetKS Catalogue
.NetKS Catalogue
 
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owaspDev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
 
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...
DevDay 2018: Martin Schurz - Aufbau einer Monitoringlösung für moderne Applik...
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source Way
 
TIAD 2016 : Continuous Integration mesured and controlled
TIAD 2016 : Continuous Integration mesured and controlledTIAD 2016 : Continuous Integration mesured and controlled
TIAD 2016 : Continuous Integration mesured and controlled
 
The good, the bad, and the ugly of migrating hundreds of legacy applications ...
The good, the bad, and the ugly of migrating hundreds of legacy applications ...The good, the bad, and the ugly of migrating hundreds of legacy applications ...
The good, the bad, and the ugly of migrating hundreds of legacy applications ...
 
Building Observable Infrastructure and Code
Building Observable Infrastructure and CodeBuilding Observable Infrastructure and Code
Building Observable Infrastructure and Code
 
Integrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps EnvironmentIntegrating Black Duck into your Agile DevOps Environment
Integrating Black Duck into your Agile DevOps Environment
 
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise KubernetesDCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes
 

Destaque

謎コンテンツ制作者向けアンケート第1段:集計結果
謎コンテンツ制作者向けアンケート第1段:集計結果謎コンテンツ制作者向けアンケート第1段:集計結果
謎コンテンツ制作者向けアンケート第1段:集計結果Uran Bird
 
досвід людської особи
досвід людської особидосвід людської особи
досвід людської особиbiblioteka_c
 
Orkneynewstoday
OrkneynewstodayOrkneynewstoday
OrkneynewstodayJack740
 
Vado bathroom acessories
Vado bathroom acessoriesVado bathroom acessories
Vado bathroom acessoriesfountaindirect
 
Civic sports
Civic sportsCivic sports
Civic sportsJack740
 
Visualizing Critique: Strategies for Critical Reflection
Visualizing Critique: Strategies for Critical ReflectionVisualizing Critique: Strategies for Critical Reflection
Visualizing Critique: Strategies for Critical ReflectionMhermano
 
Tare semana 05 ciclos biogeoquímicos
Tare semana 05 ciclos biogeoquímicosTare semana 05 ciclos biogeoquímicos
Tare semana 05 ciclos biogeoquímicosjose heredia
 
Campaign Advocad.com
Campaign Advocad.comCampaign Advocad.com
Campaign Advocad.comMartin Fodor
 
Superior home services1
Superior home services1Superior home services1
Superior home services1Jack740
 
Sportzup
SportzupSportzup
SportzupJack740
 
micro-organisms
micro-organismsmicro-organisms
micro-organismsDevansh26
 
Telecommuting 101 - Tips and Tricks for working from home
Telecommuting 101 - Tips and Tricks for working from homeTelecommuting 101 - Tips and Tricks for working from home
Telecommuting 101 - Tips and Tricks for working from homeSeth Fendley
 
Mapping your digital footprint by A K Goel
Mapping your digital footprint by A K GoelMapping your digital footprint by A K Goel
Mapping your digital footprint by A K GoelOWASP Delhi
 

Destaque (17)

Lifestyle holidays vacation club
Lifestyle holidays vacation clubLifestyle holidays vacation club
Lifestyle holidays vacation club
 
謎コンテンツ制作者向けアンケート第1段:集計結果
謎コンテンツ制作者向けアンケート第1段:集計結果謎コンテンツ制作者向けアンケート第1段:集計結果
謎コンテンツ制作者向けアンケート第1段:集計結果
 
досвід людської особи
досвід людської особидосвід людської особи
досвід людської особи
 
Beautiful Bathrooms
Beautiful BathroomsBeautiful Bathrooms
Beautiful Bathrooms
 
Orkneynewstoday
OrkneynewstodayOrkneynewstoday
Orkneynewstoday
 
Vado bathroom acessories
Vado bathroom acessoriesVado bathroom acessories
Vado bathroom acessories
 
Civic sports
Civic sportsCivic sports
Civic sports
 
Visualizing Critique: Strategies for Critical Reflection
Visualizing Critique: Strategies for Critical ReflectionVisualizing Critique: Strategies for Critical Reflection
Visualizing Critique: Strategies for Critical Reflection
 
Tare semana 05 ciclos biogeoquímicos
Tare semana 05 ciclos biogeoquímicosTare semana 05 ciclos biogeoquímicos
Tare semana 05 ciclos biogeoquímicos
 
Campaign Advocad.com
Campaign Advocad.comCampaign Advocad.com
Campaign Advocad.com
 
Superior home services1
Superior home services1Superior home services1
Superior home services1
 
Communication skills
Communication skillsCommunication skills
Communication skills
 
Sportzup
SportzupSportzup
Sportzup
 
Jeremiah Jones Resume SBA
Jeremiah Jones Resume SBAJeremiah Jones Resume SBA
Jeremiah Jones Resume SBA
 
micro-organisms
micro-organismsmicro-organisms
micro-organisms
 
Telecommuting 101 - Tips and Tricks for working from home
Telecommuting 101 - Tips and Tricks for working from homeTelecommuting 101 - Tips and Tricks for working from home
Telecommuting 101 - Tips and Tricks for working from home
 
Mapping your digital footprint by A K Goel
Mapping your digital footprint by A K GoelMapping your digital footprint by A K Goel
Mapping your digital footprint by A K Goel
 

Semelhante a Software Security: In the World of Cloud & CI-CD

Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointIvanti
 
CICD Pipeline - AWS Azure
CICD Pipeline - AWS AzureCICD Pipeline - AWS Azure
CICD Pipeline - AWS AzureRatan Das
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
Cloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesCloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesAndré Agostinho
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar NikaleAgile Testing Alliance
 
SCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPSSCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPSG R VISHAL
 
Enterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetEnterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetDevOps.com
 
AWS CodeStar aws-akl-meetup-Sep2017-bp
AWS CodeStar aws-akl-meetup-Sep2017-bpAWS CodeStar aws-akl-meetup-Sep2017-bp
AWS CodeStar aws-akl-meetup-Sep2017-bpJohn Reilly Pospos
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices Hendri Karisma
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingAarno Aukia
 
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sContinuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sQAware GmbH
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...VMware Tanzu
 
AppliFire Blue Print Design Guidelines
AppliFire Blue Print Design GuidelinesAppliFire Blue Print Design Guidelines
AppliFire Blue Print Design GuidelinesAppliFire Platform
 
devops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxdevops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxDeepakgupta273447
 
DevOps for AI Apps
DevOps for AI AppsDevOps for AI Apps
DevOps for AI AppsRichin Jain
 
A164 enterprise javascript ibm node sdk
A164 enterprise javascript ibm node sdkA164 enterprise javascript ibm node sdk
A164 enterprise javascript ibm node sdkToby Corbin
 

Semelhante a Software Security: In the World of Cloud & CI-CD (20)

Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
Transforming your Security Products at the Endpoint
Transforming your Security Products at the EndpointTransforming your Security Products at the Endpoint
Transforming your Security Products at the Endpoint
 
CICD Pipeline - AWS Azure
CICD Pipeline - AWS AzureCICD Pipeline - AWS Azure
CICD Pipeline - AWS Azure
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Cloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct servicesCloud continuous integration- A distributed approach using distinct services
Cloud continuous integration- A distributed approach using distinct services
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
 
SCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPSSCALABLE CI CD DEVOPS
SCALABLE CI CD DEVOPS
 
Enterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetEnterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up Budget
 
AWS CodeStar aws-akl-meetup-Sep2017-bp
AWS CodeStar aws-akl-meetup-Sep2017-bpAWS CodeStar aws-akl-meetup-Sep2017-bp
AWS CodeStar aws-akl-meetup-Sep2017-bp
 
GDG DevFest Medan 2022
GDG DevFest Medan 2022GDG DevFest Medan 2022
GDG DevFest Medan 2022
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sContinuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security IoT and M2M Safety and Security
IoT and M2M Safety and Security
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017
 
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
Concourse, Spinnaker, Cloud Foundry, Oh My! Creating Sophisticated Deployment...
 
AppliFire Blue Print Design Guidelines
AppliFire Blue Print Design GuidelinesAppliFire Blue Print Design Guidelines
AppliFire Blue Print Design Guidelines
 
devops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxdevops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptx
 
DevOps for AI Apps
DevOps for AI AppsDevOps for AI Apps
DevOps for AI Apps
 
A164 enterprise javascript ibm node sdk
A164 enterprise javascript ibm node sdkA164 enterprise javascript ibm node sdk
A164 enterprise javascript ibm node sdk
 

Mais de OWASP Delhi

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesOWASP Delhi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeoverOWASP Delhi
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report WritingOWASP Delhi
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air GapOWASP Delhi
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container EscapesOWASP Delhi
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using TerraformOWASP Delhi
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat IntelligenceOWASP Delhi
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghOWASP Delhi
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap OWASP Delhi
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriOWASP Delhi
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelOWASP Delhi
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanOWASP Delhi
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraOWASP Delhi
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraOWASP Delhi
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghOWASP Delhi
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraOWASP Delhi
 

Mais de OWASP Delhi (20)

Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resourcesGetting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
 
Effective Cyber Security Report Writing
Effective Cyber Security Report WritingEffective Cyber Security Report Writing
Effective Cyber Security Report Writing
 
Data sniffing over Air Gap
Data sniffing over Air GapData sniffing over Air Gap
Data sniffing over Air Gap
 
UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Demystifying Container Escapes
Demystifying Container EscapesDemystifying Container Escapes
Demystifying Container Escapes
 
Automating WAF using Terraform
Automating WAF using TerraformAutomating WAF using Terraform
Automating WAF using Terraform
 
Actionable Threat Intelligence
Actionable Threat IntelligenceActionable Threat Intelligence
Actionable Threat Intelligence
 
Threat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep SinghThreat hunting 101 by Sandeep Singh
Threat hunting 101 by Sandeep Singh
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Recon with Nmap
Recon with Nmap Recon with Nmap
Recon with Nmap
 
Securing AWS environments by Ankit Giri
Securing AWS environments by Ankit GiriSecuring AWS environments by Ankit Giri
Securing AWS environments by Ankit Giri
 
DMARC Overview
DMARC OverviewDMARC Overview
DMARC Overview
 
Cloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash GoelCloud assessments by :- Aakash Goel
Cloud assessments by :- Aakash Goel
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 
Wireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit RanjanWireless security beyond password cracking by Mohit Ranjan
Wireless security beyond password cracking by Mohit Ranjan
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit BatraIETF's Role and Mandate in Internet Governance by Mohit Batra
IETF's Role and Mandate in Internet Governance by Mohit Batra
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj MishraMalicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
 
ICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep SinghICS Security 101 by Sandeep Singh
ICS Security 101 by Sandeep Singh
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj MishraThwarting The Surveillance in Online Communication by Adhokshaj Mishra
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
 

Último

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 

Último (20)

DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 

Software Security: In the World of Cloud & CI-CD

  • 1. 26 Nov 2015 Venue: Akamai, Singapore OWASP Singapore. 28 Nov 2015 Venue: Airtel, Delhi-India. OWASP, Delhi-India. Remote WebEx From Singapore. Software Security: “In The World Of, Cloud & CI-CD” -Aniket Kulkarni Software Security Architect (BigdataCloudMobileWeb)
  • 2. Agenda  Cloud & It’s Snapshots  Definition Of Todays Client’s  Users Angle To cloud  Changing Landscape Of Customer Requirements  CI, CD  An Era Of Dashboards  Secure SDLC: CI-CD Way
  • 3. Cloud Computing? Cloud computing: Also known as on-demand computing, is a kind of internet-based computing, where shared resources and information are provided to computers and other devices on-demand.
  • 6. Continuous Integration-CI.  Continuous Integration (CI) is a development practice that requires developers to integrate code into a shared repository several times a day.  Each check-in is then verified by an automated build, allowing teams to detect problems early.
  • 7. Continuous Delivery-CD.  Continuous Delivery (CD): is a software engineering approach in which teams keep producing valuable software in short cycles and ensure that the software can be reliably released at any time.  It aims at, building, testing, and releasing software, faster and more frequently.
  • 8. Continuous Deployment-CD.  Continuous Deployment (CD): Is next phase to continuous delivery.  Every change that passes the automated tests get deployed on production automatically.
  • 9. Users Angle To Cloud. Client Side Subscribed USER1 Free USER3 Subscribed USER2 Application Server Storage ServiceI & AM Notification Service
  • 10. An Era Of Dashboards.
  • 11. Changing Landscape Of Requirements  On Going Customer Demands  Associated Market Competitions  Product Research Outcomes “Constant Rotating Eyeball On Product In Production, Hosted On Cloud, with constant changes”
  • 12. Challenges For Business Stakeholders  How to manage security posture of 150+ cloud products ?  Shall we invest for Security (Yes/NO) ?  If yes, how much ? Confused for decision ?  Invested $X million. How much secure we are ?  We are 100% Compliance done! Are We Secure now?  Are we satisfying customer demands ?
  • 13. S-SDLC (CI-CD): Component Repository External Repositories Internal ComponentsOrganization Repository (Ex:NexusArtifactory)
  • 14. S-SDLC (CI-CD): 3rd Party External Component Security External Repositories Internal Components Organization Repository (Ex: Nexus Artifactory) 3rd Party Component Security Tools (Ex: Sonatype CLM) Continuous Dashboard Update
  • 15. S-SDLC (CI-CD): Development External Repositories Internal Components Organization Repository (Ex: Nexus Artifactory) Static Source Code Analysis Tool (Ex: Fortify) Continuous Dashboard Update
  • 16. S-SDLC (CI-CD): QA • Internal Automation Frameworks • Mostly Python Scripts Actual Web Product Hosted On Staging Dynamic Analysis Tool Run Manual Dashboard Update InternalExternal Penetration Tests Continuous Dashboard Update Interactive Application Security Testing (Ex: Contrast)
  • 17. S-SDLC (CI-CD): SASTDASTIAST SAST DAST IAST • Uses source code to find vulnerabilities without running the application. • Misses run time vulnerabilities. • Many false positives • Analyzes application in its running state by fuzzing with malicious payloads from outside • Misses business logic vulnerabilities • Many false positives • Analyzes application in its running state by deploying sensors inside the app. • Finds most of the things which SAST and DAST misses • Almost NoLess false positives
  • 18. S-SDLC (CI-CD): Typical IAST Deployment Custom Code Java Runtime Application Server Frameworks Libraries IAST Engine Security Information To Dashboard Web Application Data From Passive Sensors
  • 19. S-SDLC (CI-CD): Compact View DEVELOPMENTCOMPONENT SELECTION QA IASTSTAGING All Set For Product Release ? 
  • 20. Rethinking challenges! How we appear on challenges now ?  How to manage security posture of 150+ cloud products?  Shall we invest for Security (Yes/NO) ?  If yes, how much ? Confused for decision ?  Invested $X million. How much secure we are ?  We are 100% Compliance done! Are We Secure now?  Are we satisfying customer demands ?
  • 21. Key Points Take Away  Cloud & CI,CD  Software product Business challenges  Pitching security in fast pace environment: -3rd party component security -Security at Development -Security at QA -Security at StagingProduction  Solutions that we have for this fast pace environment  Security an input for business decisions  Deciding factor for security investment & ROI
  • 22. Q & A
  • 23. Thank you, Aniket Kulkarni - Software Security Architect (BigdataCloudMobileWeb) Autodesk Singapore Research & Development Center Singapore.