In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
9. • SMOOTH ONBOARDING
• AUTOMATE WHAT YOU CAN
• IMPROVING TOOL ADOPTION
• ROLLOUT STRATEGY
• MANAGING CRITICAL ISSUES
• MAKING IT WORK FOR SOC
• PRODUCTION MONITORING
• TAILORED CONFIGURATION
• DO THE RIGHT THING
• PRAGMATIC HYGIENE
• MANAGING ZERO DAYS
13. BUILDBREAKER:
Pre-process Build
Security Scan
Code Quality
Scan
BuildBreaker
PROD
Example
BitBucket Artifactory
Source
Code
Build
Artefact
No-Go
Go
BuildBreaker Example:
• No critical security issues in production build
14. IMPROVING TOOL ADOPTION
Allow developers to Get
used to the Tools‘‘
’’
Give enough notice while
enabling BuildBreakers/Gating‘‘
’’
Create Ecosystem: FAQs,
Documentation, Demos,
Videos
‘‘
’’
Give as many Live Demos as
possible, share about new Tools
& Processes
‘‘
’’
20. DO THE RIGHT THING
•
• UPLOAD LIBRARY AND ANALYSE
• BROWSER PLUGIN TO SCAN
• IDE PLUGIN TO ENABLE LOCAL SCANS
21. PRAGMATIC HYGIENE
• UPGRADING THE TOOLS TO LATEST VERSIONS
• NEW FEATURES INNOVATIONS
• ANALYSE IN TEST ENVIRONMENT
01
03
05
04
02
22. MANAGING ZERO DAYS
• EYES AND EARS OPEN ZERO DAYS:
• YOUR LIBRARIES TOOLS
•
• WAF
• CONSTANT TOUCH WITH VENDOR
• EVER READY TO ACT
THE SHOW MUST GO ON!