Enviar pesquisa
Carregar
DevOps and Application Security
•
3 gostaram
•
1,151 visualizações
Shahee Mirza
Seguir
DevOps is an opportunity to make security an integral part of application development.
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 24
Recomendados
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Chris Gates
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
Api security-testing
Api security-testing
n|u - The Open Security Community
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
Threat Hunting Report
Threat Hunting Report
Morane Decriem
kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
Source Code Analysis with SAST
Source Code Analysis with SAST
Blueinfy Solutions
Bug bounty
Bug bounty
n|u - The Open Security Community
Recomendados
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Purple Teaming the Cyber Kill Chain: Practical Exercises for Everyone Sector...
Chris Gates
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
Codemotion
Api security-testing
Api security-testing
n|u - The Open Security Community
Static Analysis Security Testing for Dummies... and You
Static Analysis Security Testing for Dummies... and You
Kevin Fealey
Threat Hunting Report
Threat Hunting Report
Morane Decriem
kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
Source Code Analysis with SAST
Source Code Analysis with SAST
Blueinfy Solutions
Bug bounty
Bug bounty
n|u - The Open Security Community
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
Lessons from a Red Team Exercise
Lessons from a Red Team Exercise
Peter Wood
Intro to Pentesting Jenkins
Intro to Pentesting Jenkins
Brian Hysell
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
OWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
42Crunch
EC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course Catalog
NetCom Learning
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
deepikakumari643428
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
Cyber Security Seminar.pptx
Cyber Security Seminar.pptx
DESTROYER39
OWASP Secure Coding
OWASP Secure Coding
bilcorry
Android Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
API Security Fundamentals
API Security Fundamentals
José Haro Peralta
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Alex Pinto
Web application security
Web application security
Akhil Raj
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Christopher Gerritz
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
Shahee Mirza
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
Mais conteúdo relacionado
Mais procurados
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Cigital
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Priyanka Aash
Lessons from a Red Team Exercise
Lessons from a Red Team Exercise
Peter Wood
Intro to Pentesting Jenkins
Intro to Pentesting Jenkins
Brian Hysell
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
OWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
42Crunch
EC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course Catalog
NetCom Learning
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
deepikakumari643428
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Dhruv Majumdar
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
Cyber Security Seminar.pptx
Cyber Security Seminar.pptx
DESTROYER39
OWASP Secure Coding
OWASP Secure Coding
bilcorry
Android Security & Penetration Testing
Android Security & Penetration Testing
Subho Halder
API Security Fundamentals
API Security Fundamentals
José Haro Peralta
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Alex Pinto
Web application security
Web application security
Akhil Raj
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Christopher Gerritz
Mais procurados
(20)
SAST vs. DAST: What’s the Best Method For Application Security Testing?
SAST vs. DAST: What’s the Best Method For Application Security Testing?
Application Security Architecture and Threat Modelling
Application Security Architecture and Threat Modelling
Lessons from a Red Team Exercise
Lessons from a Red Team Exercise
Intro to Pentesting Jenkins
Intro to Pentesting Jenkins
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
EC-Council Certification Roadmap and Course Catalog
EC-Council Certification Roadmap and Course Catalog
iOS Application Static Analysis - Deepika Kumari.pptx
iOS Application Static Analysis - Deepika Kumari.pptx
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat Intelligence
Global Cyber Threat Intelligence
Global Cyber Threat Intelligence
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Cyber Security Seminar.pptx
Cyber Security Seminar.pptx
OWASP Secure Coding
OWASP Secure Coding
Android Security & Penetration Testing
Android Security & Penetration Testing
API Security Fundamentals
API Security Fundamentals
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Measuring the IQ of your Threat Intelligence Feeds (#tiqtest)
Web application security
Web application security
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
BSidesLV 2016 - Powershell - Hunting on the Endpoint - Gerritz
Destaque
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
Shahee Mirza
Bug Bounty 101
Bug Bounty 101
Shahee Mirza
A simple model of consumer behavior
A simple model of consumer behavior
Md. Samid Razzak
Bug bounty programs
Bug bounty programs
Dan Vasile
5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program
bugcrowd
Icebreaking how to break the ice and give an awesome presentation
Icebreaking how to break the ice and give an awesome presentation
Imtiaz alam
Case solving Tips shown in Brandwitz'15 RoadShow
Case solving Tips shown in Brandwitz'15 RoadShow
Akib Hasan Srabon
Sending a for ahuh. win32 exploit development old school
Sending a for ahuh. win32 exploit development old school
Nahidul Kibria
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
Abhijeth D
A designer resume
A designer resume
Md. Samid Razzak
Bug Bounty for - Beginners
Bug Bounty for - Beginners
Himanshu Kumar Das
Brandwitz'14 biggest branding competition of the country
Brandwitz'14 biggest branding competition of the country
Ayman Sadiq
10 Mind blowing facts about Greece's Economy
10 Mind blowing facts about Greece's Economy
Md. Samid Razzak
10 Life Lessons by Bill Gates
10 Life Lessons by Bill Gates
Md. Samid Razzak
Brandwitz'15 Semi Finals-Team 360 degree
Brandwitz'15 Semi Finals-Team 360 degree
Azizul Hasan
Team Dexters-Socio Camp Slides
Team Dexters-Socio Camp Slides
Md. Samid Razzak
My Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is Magic
Apollo Clark
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
Devops security
Devops security
Logicaltrust pl
The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2
Zensar Technologies Ltd.
Destaque
(20)
Responsible Disclosure Program: Why and How
Responsible Disclosure Program: Why and How
Bug Bounty 101
Bug Bounty 101
A simple model of consumer behavior
A simple model of consumer behavior
Bug bounty programs
Bug bounty programs
5 Tips to Successfully Running a Bug Bounty Program
5 Tips to Successfully Running a Bug Bounty Program
Icebreaking how to break the ice and give an awesome presentation
Icebreaking how to break the ice and give an awesome presentation
Case solving Tips shown in Brandwitz'15 RoadShow
Case solving Tips shown in Brandwitz'15 RoadShow
Sending a for ahuh. win32 exploit development old school
Sending a for ahuh. win32 exploit development old school
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
A designer resume
A designer resume
Bug Bounty for - Beginners
Bug Bounty for - Beginners
Brandwitz'14 biggest branding competition of the country
Brandwitz'14 biggest branding competition of the country
10 Mind blowing facts about Greece's Economy
10 Mind blowing facts about Greece's Economy
10 Life Lessons by Bill Gates
10 Life Lessons by Bill Gates
Brandwitz'15 Semi Finals-Team 360 degree
Brandwitz'15 Semi Finals-Team 360 degree
Team Dexters-Socio Camp Slides
Team Dexters-Socio Camp Slides
My Little Webap - DevOpsSec is Magic
My Little Webap - DevOpsSec is Magic
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Devops security
Devops security
The Retail Enterprise - And the rise of the omni-present consumer Part 2
The Retail Enterprise - And the rise of the omni-present consumer Part 2
Semelhante a DevOps and Application Security
Scale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
Amazon Web Services
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabad
kunwaratul hax0r
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
Time To Get Your DevOps E-Degree Now !!
Time To Get Your DevOps E-Degree Now !!
John Alex
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOpsSg
DevSecOps - The big picture
DevSecOps - The big picture
Stefan Streichsbier
Devops Engineer E-Degree In Just 3 Months
Devops Engineer E-Degree In Just 3 Months
John Alex
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Edureka!
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Wouter Bloeyaert
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6
Dinis Cruz
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Siddharth Joshi
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
Duran Hsieh
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
OWASP Delhi
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Semelhante a DevOps and Application Security
(20)
Scale security for a dollar or less
Scale security for a dollar or less
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabad
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
Time To Get Your DevOps E-Degree Now !!
Time To Get Your DevOps E-Degree Now !!
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOps - The big picture
DevSecOps - The big picture
Devops Engineer E-Degree In Just 3 Months
Devops Engineer E-Degree In Just 3 Months
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24 webinar: Turning DevOps and security into DevSecOps
SecDevOps Risk Workflow - v0.6
SecDevOps Risk Workflow - v0.6
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24 webinar - application security in a dev ops world-08-2018
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Affordable app sec for startups by - Sandeep Singh, Vaibhav Gupta and Vishal ...
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Último
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
apidays
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
Último
(20)
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
DevOps and Application Security
1.
DevOps and Application
Security Shahee Mirza Co-Founder : BEETLES Twitter: @shaheemirza
2.
DevOps?
3.
But Where is
the Security?
4.
TRADITIONAL
5.
QA and OPS:
Devs:
6.
Security is last
task? • Security Testing • Firewall Configuration • Source Code Analysis
7.
Security Testing, Firewall
configuration and Code analysis – Takes time
8.
But, the investor
has no time
9.
So, What have
we got:
10.
But, What we
planned :
11.
… is that
end of everything?
12.
Required: Security in
DevOps
13.
Welcome to DevOpsSec
!!
14.
But, How will
I introduce DevOpsSec to my team?
15.
Module 1: Make
a plan for Security
16.
Module 2: Connect
entire Team
17.
Module 3: Make
a culture of Self- Learning about Security for Devs + QA.
18.
Module 4: Automate
everything.
19.
Develop Code Commit Source Control Build Trigger Tests Deploy to ProductionDeploy to Test Env Report & Notify Publish to release repository Automatic security test SCA Test Security
within Continuous Deployment
20.
Module 5: Build
a Security Team
21.
Now, you have…
22.
Summary
23.
1. Make a
plan for security 2. Educate your team 3. Integrate security into automatic build process.
24.
Thank you