DevSecOps - The big picture

DevSecOps Singapore introduction

Security will always be our top priority. Agile deployment methods require a set of dynamic built-in security controls that keep pace with innovation and scale. In this session we will utilise the power of automation with the AWS platform to increase the agility of developers while maintaining a strong security posture. Speaker: David Faulkner, Senior Technical Account Manager, Amazon Web Services

DevSecOps : an Introduction

Prashanth B. P.

Implementing DevSecOps

n|u - The Open Security Community

DevOps to DevSecOps Journey..

Siddharth Joshi

DevSecOps reference architectures 2018

Sonatype

DevSecOps Jenkins Pipeline -Security

An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future. Agenda: -DevSecOps Introduction -Key Challenges, Recommendations -DevSecOps Analysis -DevSecOps Core Practices -DevSecOps pipeline for Application & Infrastructure Security -DevSecOps Security Tools Selection Tips -DevSecOps Implementation Strategy -DevSecOps Final Checklist

Introduction to DevSecOps

Setu Parimi

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

Tom Stiehm

ABN AMRO DevSecOps Journey

Derek E. Weeks

"How to Get Started with DevSecOps," presented by CYBRIC VP of Engineering Andrei Bezdedeanu at IT/Dev Connections 2018. Collaboration between development and security teams is key to DevSecOps transformation and involves both cultural and technological shifts. The challenges associated with adoption can be addressed by empowering developers with the appropriate security tools and processes, automation and orchestration. This presentation outlines enabling this transformation and the resulting benefits, including the delivery of more secure applications, lower cost of managing your security posture and full visibility into application and enterprise risks. www.cybric.io

How to Get Started with DevSecOps

CYBRIC

What's hot (20)

DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...

Practical DevSecOps Course - Part 1

DevSecOps Implementation Journey

Practical DevSecOps - Arief Karfianto

DEVSECOPS.pptx

DevSecOps

DevSecOps Training Bootcamp - A Practical DevSecOps Course

The State of DevSecOps

DevSecOps in Baby Steps

Introduction to DevSecOps

DevSecOps Singapore introduction

DevSecOps : an Introduction

Implementing DevSecOps

DevOps to DevSecOps Journey..

DevSecOps reference architectures 2018

DevSecOps Jenkins Pipeline -Security

Introduction to DevSecOps

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

ABN AMRO DevSecOps Journey

How to Get Started with DevSecOps

Viewers also liked

DevSecOps in Baby Steps

Priyanka Aash

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...

"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS. We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."

(SEC402) Enterprise Cloud Security via DevSecOps 2.0

DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left

Performing continuous security testing in a DevOps environment with short release cycles and a continuous delivery pipeline is a big challenge and the traditional secure SDLC model fails to deliver the desired results. DevOps understand the process of built, test and deploy. They have largely automated this process in a delivery pipeline, they deploy to production multiple times per day but the big challenge is how can they do this securely? This session will focus on a strategy to build an application security pipeline in Jenkins, challenges and possible solutions, also how existing application security solutions (SAST, DAST, IAST, OpenSource Libraries Analysis) are playing a key role in growing the relationship between security and DevOps.

Implementing an Application Security Pipeline in Jenkins

Suman Sourav

DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government

Introduction to DevSecOps on AWS

DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.

How to adapt the SDLC to the era of DevSecOps

Zane Lackey

Infrastructure Saturday - Level Up to DevSecOps

kieranjacobsen

Devops, Secops, Opsec, DevSec *ops *.* ?

Kris Buytaert

The AWS platform offers a rich set of capabilities that can be leveraged by the customer to better control applications state, configuration, and supporting infrastructure throughout the service lifecycle – all while operating with security best practices such as audit and accountability, access control, change review and governance, and systems integrity. We will showcase and discuss design patterns for using these capabilities in synergy with fast-paced and agile application development methodologies – such as DevOps – to achieve an integrated security operations program.

Securing Systems at Cloud Scale with DevSecOps

DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it. While automating security testing is an obvious answer to secure applications in the code pipeline, that does not provide 100% coverage until security risks are fully mitigated. Fabian will talk about his journey in making DevSecOps a reality in an organisation. This talk will focus some of the lessons learnt - which includes implementing open source tools to help security team do their jobs better, hacking the culture, whitelisting services, reporting security defects. and also doing Red Team activities.

The Changing Landscape of Information Security

DevSecOpsSg

The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

DevSecOpsSg

Justin collins - Practical Static Analysis for continuous application delivery

DevSecOps - Building Rugged Software

SeniorStoryteller

DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...

DevSecOps: Taking a DevOps Approach to Security

Alert Logic

DevSecOps - CrikeyCon 2017

kieranjacobsen

Renato Rodrigues - Security in the wild

Application Security at DevOps Speed - DevOpsDays Singapore 2016

DevOps is a revolution starting to deliver. The “shift left” security approach is trying to catch up, but challenges remain. We will go over concrete security approaches and real data that overcome these challenges. It takes more than adding “hard to find” security talent to your DevOps team to reach DevSecOps benefits. Our discussion focuses on the practical side and lessons-learned from helping organizations gear up for this paradigm shift.

Viewers also liked (20)

DevSecOps in Baby Steps

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...

(SEC402) Enterprise Cloud Security via DevSecOps 2.0

DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left

Implementing an Application Security Pipeline in Jenkins

DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government

Introduction to DevSecOps on AWS

How to adapt the SDLC to the era of DevSecOps

Infrastructure Saturday - Level Up to DevSecOps

Devops, Secops, Opsec, DevSec *ops *.* ?

Securing Systems at Cloud Scale with DevSecOps

The Changing Landscape of Information Security

The Rise of DevSecOps - Fabian Lim - DevSecOpsSg

Justin collins - Practical Static Analysis for continuous application delivery

DevSecOps - Building Rugged Software

DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...

DevSecOps: Taking a DevOps Approach to Security

DevSecOps - CrikeyCon 2017

Renato Rodrigues - Security in the wild

Application Security at DevOps Speed - DevOpsDays Singapore 2016

Similar to DevSecOps - The big picture

Outpost24 webinar: Turning DevOps and security into DevSecOps

Outpost24

DevSecCon London 2017: when good containers go bad by Tim Mackey

Inspectie van het Onderwijs

The Road to DevOps V3

Ahmed Misbah

Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016

De facto DevOps, de facto Agile. Today DevOps is the Manufacturing Revolution of Our Age. There is no escape for us. When got a DevOps, you got a DevOps. DevOps simply is the combination of cultural philosophies,practices,and tools that increase an organization’s ability to deliver applications and services at high velocity : evolving and improving products at a faster pace than organizations using traditional software development and infrastructure management processes.

DevOps The Cultural revolution

Somenath Ghosh

HouSecCon 2019 Offensive Security - Starting from Scratch. Learn from Spencer Koch and Altaz Valani about how to build an offensive security program from scratch, incorporating application security, infrastructure vulnerability management, hardening, devsecops, security champions, and red teaming. Be able to organize these capabilities to tell a story and build maturity to help your organization be more secure. Includes gotchas and lessons learned from industry experience.

HouSecCon 2019: Offensive Security - Starting from Scratch

Spencer Koch

DevOps! What, Why and How?

Omar Fathy

Introduction to DevSecOps OWASP Ahmedabad

kunwaratul hax0r

You build it - Cyber Chicago Keynote

John Willis

DevOps purists may chafe at the DevSecOps term given that security and other important practices are supposed to already be an integral part of routine DevOps workflows. But the reality is that security often gets more lip service than thoughtful and systematic integration into open source software sourcing, development pipelines, and operations processes--in spite of an increasing number of threats. In this session, we’ll look at successful practices that distributed and diverse teams use to iterate rapidly. We’ll discuss how a container platform can serve as the foundation for DevSecOps in your organization. We'll also consider the risk management associated with integrating components from a variety of sources--a consideration that open source software has had to deal with since the beginning. Finally, we'll show ways by which automation and repeatable trusted delivery of code can be built directly into a DevOps pipeline.

DevSecOps: The Open Source Way

Black Duck by Synopsys

What it feels like to live in a Security Enabled DevOps World

Karun Chennuri

1st Riga DevOps meetup

Uldis Karlovs-Karlovskis

The goal of every developer is get her super cool new feature out to customers, as fast as possible, with little to no bugs and with no manual effort so she can go back to coding the next awesome one. Doing all of this takes tremendous amounts of effort to plan, coordinate and execute on a DevOps engineer. Continuous Integration coupled with Continuous Deployment aide in this endeavor. But again, those are cumbersome and can be difficult to set up. AWS has four new tools to help with this; AWS CodeDeploy, CodeCommit, CodePipeline, and CodeBuild. Each one has specialized features to help get your code to customers faster, more reliable and bug free as possible. In this presentation, we will walk through how to setup a CI/CD pipeline using those AWS tools and demonstrate how we can go from yay it compiles to a 5-star review.

DevOps and AWS - Code PaLOUsa 2017

James Strong

DevSecOps Basics with Azure Pipelines

Abdul_Mujeeb

Rolling slides to kick of the event. *** Description of the main talk *** Threat Modelling can be a laborious and time-consuming exercise, which is not a happy marriage with CI and DevOps methodologies. In this talk, I shall outline my Rapid Threat Model Prototyping paradigm, which I have successfully been using both at Visa and Photobox. My method enables automation and inclusion into fast-moving development cycles and is well-suited for today's IT environments.

August 2018: DevSecOps - London Gathering

Michael Man

Two years ago at Devoxx UK we talked about DevOps, what it was, why it was important and how to get started. Boy, was it scary. Now we’re wiser. More battle-scarred. The large scale of the challenge for application writers exploiting cloud and DevOps is clearer, but so is the path forward. Understanding the DevOps approach is important, but equally you must understand specific deployment technologies, security issues, operational reliability, and how to drive organisational transformation. Whether creating simple applications or sophisticated microservice architectures many of the challenges are the same. Join us to learn how you can apply this within your team and company.

DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...

Daniel Bryant

Getting Started with DevOps

Ahmed Misbah

Blue Teaming on a Budget of Zero

Kyle Bubp

A cornerstone of the DevOps philosophy, investment in automation at all stages across the SDLC has increased over recent years. Automation promises velocity and reduced errors, helps foster repeatable processes, and removes the need for long hours on dull, repetitive tasks. So what’s not to like? The downside of automation is that unless applied at the right place in your SDLC it can make a bad process worse. Automation also raises questions around job security, the need for re-skilling in other areas, and tool sprawl if different teams each choose their preferred technology. This session will outline: -A short chronology of where automation has impacted the modern software stack -Where it makes the most sense to automate (by identifying your key constraints) -Best practices for adopting automation and how to identify where it’s working — and where it isn’t For more information, visit: www.appdynamics.com

Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe

AppDynamics

DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly

DevOpsGroup

Similar to DevSecOps - The big picture (20)

Outpost24 webinar: Turning DevOps and security into DevSecOps

DevSecCon London 2017: when good containers go bad by Tim Mackey

The Road to DevOps V3

Nyenrode Masterclass 'DevOps unraveled' Apr 18, 2016

DevOps The Cultural revolution

HouSecCon 2019: Offensive Security - Starting from Scratch

DevOps! What, Why and How?

Introduction to DevSecOps OWASP Ahmedabad

You build it - Cyber Chicago Keynote

DevSecOps: The Open Source Way

What it feels like to live in a Security Enabled DevOps World

1st Riga DevOps meetup

DevOps and AWS - Code PaLOUsa 2017

DevSecOps Basics with Azure Pipelines

August 2018: DevSecOps - London Gathering

DevoxxUK 2016: "DevOps: Microservices, containers, platforms, tooling... Oh y...

Getting Started with DevOps

Blue Teaming on a Budget of Zero

Automation: The Good, The Bad and The Ugly with DevOpsGuys - AppD Summit Europe

DevOpsGuys - DevOps Automation - The Good, The Bad and The Ugly

More from Stefan Streichsbier

The year is 2031, how has software development and security evolved in the last decade? Are there any developers or security folks left? Have robots taken our jobs? We will join Security Engineer Sam, that is responsible for securing a cutting edge application for a hot fintech company in the year 2021. The app has just completed a major release and Sam is sharing her progress and learnings with her peers at a local OWASP meetup. After a night of celebration she wakes up and finds her future self jumping out of a time-machine in her bedroom closet. Time travel paradoxes aside, the future of the world is at stake because a sentient A.I. is threatening to hack the planet. There is a small task force that has been working for a decade on finding a way to finally solve secure software development, and they have done it! There is no time to waste, you are joining your future self to go to the year 2031 and learn what they have learned to bring that knowledge back to present and avoid the dark future from ever happening.

DevSecOps in 2031: How robots and humans will secure apps together Log

This talk by Stefan Streichsbier, Co-Founder of GuardRails.io, provides a brief history of how development, operations and security testing have become highly complex. It continues to outline the key problems with traditional security solutions and why in 2020 companies around the world are still figuring out a good way to manage security as part of rapid development cycles. Specifically, the big challenge of introducing and fixing new security issues versus tackling the existing security dept of existing applications. To quote Bishop Desmond Tutu, “There comes a point where we need to stop just pulling people out of the river. We need to go upstream and find out why they’re falling in.” After setting the stage, the remainder of the talk will focus on the paradigm shift that security solutions have to incorporate in order to solve the problem of sustainably secure applications on all layers. This will explore how the elements of Speed, Just in time training, and Data science have to be leveraged to empower development teams around the globe to get ahead for once and finally become able to move fast and be safe at the same time. The 3 core takeaways for the audience are: 1.) Where security practices have gone wrong so far. 2.) What new technologies will cause a paradigm shift in how security is applied at scale. 3.) How security will look like in 5-10 years.

The Future of DevSecOps

SCS DevSecOps Seminar - State of DevSecOps

State of DevSecOps - DevSecOpsDays 2019

State of DevSecOps - GTACS 2019

Practical Secure Coding Workshop - {DECIPHER} Hackathon

State of DevSecOps - DevOpsDays Jakarta 2019

Security and Mobility Co Create Week Jakarta

In the software engineering world, change is the only constant. And in the course of the last decades, the frequency of that change has exploded. What Agile has brought to software teams, DevOps is now bringing to the entire organization. And the results speak for themselves. The DevOps high-performers are killing it. Insane deploy frequencies of features, high reliability of applications, and high productivity of cross-functional teams have amplified the speed at which ideas become a reality. In parallel, Application Security was doing its own thing and to a large part remained oblivious to all the impressive improvements that were happening in software engineering. Because breaking an application doesn’t need any knowledge of how it was created in the first place. This talk will cover anti-patterns that are preventing application security from being adopted by development teams, such as: * Issues Overload * Acronym Overuse * Sales team Wall

Securing a great Developer Experience - v1.3

In the software engineering world, change is the only constant. And in the course of the last decades, the frequency of that change has exploded. What Agile has brought to software teams, DevOps is now bringing to the entire organization. And the results speak for themselves. The DevOps high-performers are killing it. Insane deploy frequencies of features, high reliability of applications, and high productivity of cross-functional teams have amplified the speed at which ideas become a reality. In parallel, Application Security was doing its own thing and to a large part remained oblivious to all the impressive improvements that were happening in software engineering. Because breaking an application doesn’t need any knowledge of how it was created in the first place. This talk will cover anti-patterns that are preventing application security from being adopted by development teams, such as: * Signals versus Noise * Lost in Translation * Make it easy

Securing a great DX - DevSecOps Days Singapore 2018

We all envy unicorns like Amazon, Netflix and Google. They have it all figured out and are light years ahead of the rest of the pack. This talk will explore security challenges organizations encounter as part of their digital transformation journey and shows that DevOps is a perfect opportunity to embed security, using actual experiences of three organizations in Asia to illustrate the key points.

A Tale of Three Horses - RSAC 2017 APJ - DevOps Connect: DevSecOps Edition, S...

Null application security in an agile world

Application Security in an Agile World - Agile Singapore 2016