Enviar pesquisa
Carregar
DevSecOps practices for small teams
•
0 gostou
•
248 visualizações
Título melhorado com IA
Nico Meisenzahl
Seguir
DevOps practices for small teams and organizations, with a focus on security
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 23
Baixar agora
Baixar para ler offline
Recomendados
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Tasktop
Dev secops. Real experience.
Dev secops. Real experience.
Vitaly Balashov
DevSecOps for the DoD
DevSecOps for the DoD
JamesHarmison
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
Benefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
Recomendados
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Tasktop
Dev secops. Real experience.
Dev secops. Real experience.
Vitaly Balashov
DevSecOps for the DoD
DevSecOps for the DoD
JamesHarmison
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
Benefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
Priyanka Aash
10 things to get right for successful dev secops
10 things to get right for successful dev secops
Mohammed Ahmed
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
Tushar Gupta
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
WhiteSource
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Hui (Henry) Chen
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
DevSecOps Days
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days
Introduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
Professional Cloud DevOps Engineer - Study Group - Week 1
Professional Cloud DevOps Engineer - Study Group - Week 1
Ervin Weber
DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
DevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
How to automate your DevSecOps successfully
How to automate your DevSecOps successfully
Manuel Pistner
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
Mais conteúdo relacionado
Mais procurados
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
Priyanka Aash
10 things to get right for successful dev secops
10 things to get right for successful dev secops
Mohammed Ahmed
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
Tushar Gupta
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
WhiteSource
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Hui (Henry) Chen
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
DevSecOps Days
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days
Introduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
Professional Cloud DevOps Engineer - Study Group - Week 1
Professional Cloud DevOps Engineer - Study Group - Week 1
Ervin Weber
DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
DevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
How to automate your DevSecOps successfully
How to automate your DevSecOps successfully
Manuel Pistner
Mais procurados
(20)
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
10 things to get right for successful dev secops
10 things to get right for successful dev secops
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
Introduction to DevSecOps
Introduction to DevSecOps
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Professional Cloud DevOps Engineer - Study Group - Week 1
Professional Cloud DevOps Engineer - Study Group - Week 1
DevSecOps 101
DevSecOps 101
DevSecOps : an Introduction
DevSecOps : an Introduction
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
How to automate your DevSecOps successfully
How to automate your DevSecOps successfully
Semelhante a DevSecOps practices for small teams
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
Nico Meisenzahl
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
Cloud Native Rosenheim Meetup
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
Nico Meisenzahl
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
GitHub Actions 101
GitHub Actions 101
Nico Meisenzahl
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
Nico Meisenzahl
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
Mitigate potential compliance risks
Mitigate potential compliance risks
Jürgen Brüder
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
Cncf checkov and bridgecrew
Cncf checkov and bridgecrew
LibbySchulze
Semelhante a DevSecOps practices for small teams
(20)
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
GitHub Actions 101
GitHub Actions 101
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Mitigate potential compliance risks
Mitigate potential compliance risks
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Cncf checkov and bridgecrew
Cncf checkov and bridgecrew
Mais de Nico Meisenzahl
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
Nico Meisenzahl
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Nico Meisenzahl
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
Die Evolution von Container Image Builds
Die Evolution von Container Image Builds
Nico Meisenzahl
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Nico Meisenzahl
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
Mais de Nico Meisenzahl
(15)
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Die Evolution von Container Image Builds
Die Evolution von Container Image Builds
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Último
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
Mark Billinghurst
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
comworks
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Alan Dix
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Scott Keck-Warren
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Último
(20)
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
DevSecOps practices for small teams
1.
DevOps practices for
small teams and organizations, with a focus on security Microsoft DevOps Forum 2021 – DevOps & Security
2.
Nico Meisenzahl • Senior
Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
3.
Agenda • Current state
of DevSecOps in small teams & orgs • Demo: Implementing quick wins • Get started with DevSecOps • Implement quick wins © white duck GmbH 2021
4.
Current state of
DevSecOps DevOps is now widely known and increasingly implemented in small teams & organizations. DevSecOps practices, on the other hand, are not well- known and typically not yet adopted. © white duck GmbH 2021
5.
Current state of
DevSecOps in small teams & orgs • overall low Cloud / Cloud-Native security knowledge • same “problems” with security as with QA • no big invests • no real focus until there is breach or issue • no shift-left and fail-fast cultures • no security baseline • like governance, policies and landing zones © white duck GmbH 2021
6.
What we see
at clients • traditional IT departments trying to secure cloud-native projects by relying on on-premises and outdated patterns • slowing down of projects & inovation, but no real increased security • an MVP (Minimum Viable Product) is leveraged as a long- term solution • skipped topics (in terms of time-to-market) are not considered anymore © white duck GmbH 2021
7.
What we see
at clients • self-managed resources are sometimes preferred over PaaS and SaaS • then, not maintained with the necessary staff to operate them safely • self-implemented Identity management (AuthN, AuthZ) • without utilizing common best practices, managed services, and libraries/frameworks © white duck GmbH 2021
8.
SANS 2021 Cloud
Security Survey © white duck GmbH 2021
9.
Demo – Implementing
quick wins • “Ping me app”, based on Golang, deployed to ACI and exposed via App Gateway © white duck GmbH 2021
10.
Demo recap • we
found a security vulnerability and injected commands • we consulted the docs for security recommendations • we implemented a Web Application Firewall (WAF) to secure our app • we enabled Code Scanning in our GitHub Repo to fix the issue as well as to find future security issues in earlier stages © white duck GmbH 2021
11.
Get started with
DevSecOps • start small and grow • introduce security into all DevOps stages • try to shift security to the left • implement zero-trust Tip: Security should be easy to use, integrated and automated © white duck GmbH 2021
12.
Educate yourself • consult
documentation • general docs • Cloud Adoption Framework • https://docs.microsoft.com/azure/cloud-adoption-framework • Azure & GitHub at Microsoft Learn • https://docs.microsoft.com/learn • join a local Meetup group • https://www.meetup.com/pro/azuretechgroups Tip: Get certified © white duck GmbH 2021
13.
Stay up-to-date • Azure
Updates • https://azure.microsoft.com/updates • GitHub Updates • https://github.blog/changelog • https://github.blog/category/product • Azure Friday • https://azure.microsoft.com/resources/videos/azure-friday © white duck GmbH 2021
14.
Security quick wins
through the DevOps cycle © white duck GmbH 2021
15.
Enable your team •
integrate security staff in your development lifecycle (Sprint) • educate developers to raise their security awareness • implement pair programming • enforce PR reviews © white duck GmbH 2021
16.
Ensure secure code •
automate and enforce code checks • check your code for secret • schedule dependency scanning • Dependabot • enforce Static Application Security Testing (SAST) in PRs • scans your code to identify potential security vulnerabilities © white duck GmbH 2021
17.
SAST Tooling • GitHub
CodeQL • https://codeql.github.com • .Net & .Net Core • https://security-code-scan.github.io • Golang • https://securego.io • Kubernetes manifests • https://kubesec.io • Terraform • https://github.com/tfsec/tfsec © white duck GmbH 2021
18.
Ensure secure code
(next stage) • implement automated Dynamic Application Security Testing (DAST) • black-box scanning against a running web application • scheduled scan your artifacts and containers • sign your artifacts and containers © white duck GmbH 2021
19.
App Vulnerability Management
Tooling • Zed Attack Proxy • https://www.zaproxy.org • DefectDojo • https://www.defectdojo.org © white duck GmbH 2021
20.
Ensure a secure
runtime • implement zero-trust • automate everything (App and infrastructure deployments) • prefer PaaS and SaaS over unmanaged services • review Azure Advisor recommendations • opt-in for Azure Security Center to get even more insights • design & implement a Cloud Governance strategy • IAM, Polices, Landing Zone, … © white duck GmbH 2021
21.
Monitor, review and
iterate • implementing security is not a one-time job • you need to stay up-to-date • think big, but start small and iterate • as we do in application development © white duck GmbH 2021
22.
Implement best practices •
https://docs.microsoft.com/de-de/azure/security/ • https://docs.microsoft.com/en-us/security/cybersecurity- reference-architecture/mcra • https://docs.microsoft.com/de- de/azure/architecture/solution-ideas/articles/devsecops-in- github © white duck GmbH 2021
23.
Questions? Nico Meisenzahl (Senior
Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2021
Baixar agora