DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

34

Transcript of DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Page 1: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 2: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Page 3: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

SOFTWARE DEVELOPMENT IS LIKE A MMORPG...

IT NEVER ENDS!

Page 4: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 5: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 6: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

THEN ALL

BECAME

AGILE!

Page 7: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

AGILE

Page 8: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 9: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 10: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 11: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 12: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 13: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Page 14: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 15: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 16: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Plan Code Build Test Release Deploy Operate &

Monitor

Why not here?Better yet, why no

here?

Why not plan security from

the beginning?!

“We test for vulns here”

SSL Approach – Shifting Security Left

Page 17: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 18: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 19: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

AUTOMATION IS KEY TO SSL APROACH

Page 20: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 21: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 22: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 23: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

TOOLS

Page 24: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

• Open source continuous integration server

• Each integration is verified and tested over

automated builds

• Detects integration errors as fast as possible

• Has many security plugins available!

Page 25: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 26: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

• Zed Attack Proxy by Simon Bennetts

• Ideal for beginners but also used by professionals

• Can find security vulnerabilities in web applications

automatically (good for devs)

• Also enables manual security testing (pentests)

• Some features include: Proxy, Scanner, Spider, Brute

Force and Fuzzing

Page 27: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 28: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Page 29: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Page 30: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan
Page 31: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Page 32: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Page 33: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

• HTTPS://PT.SLIDESHARE.NET/DINISCRUZ/OWASP-BRAZIL-MAKING-SECURITY-INVISIBLE-BY-

BECOMING-THE-DEVELOPERS-BEST-FRIENDS-V2

• HTTPS://WWW.YOUTUBE.COM/WATCH?V=X9NOUTCNTAC

• HTTP://WWW.DEVSECOPS.ORG/BLOG/2016/5/20/-SECURITY

• HTTPS://CDN2.HUBSPOT.NET/HUBFS/1958393/WHITE_PAPERS/DEVSECOPS_HOW_TO_SEAMLE

SSLY__315283.PDF?T=1482418124868

• HTTPS://WWW.SANS.ORG/READING-ROOM/WHITEPAPERS/ANALYST/DEVSECOPS-PLAYBOOK-

36792

https://pt.slideshare.net/DinisCruz/owasp-brazil-making-security-invisible-by-becoming-the-developers-best-friends-v2
https://www.youtube.com/watch?v=x9NOUtCNtAc
http://www.devsecops.org/blog/2016/5/20/-security
https://cdn2.hubspot.net/hubfs/1958393/White_Papers/devsecops_how_to_seamlessly__315283.pdf?t=1482418124868
https://www.sans.org/reading-room/whitepapers/analyst/devsecops-playbook-36792
Page 34: DevSecOps - Integrating Security in the Development Process (with memes) - Magno Logan

Prof. Carlos Magno .

Prof. Carlos Magno .

Brand Memes

Brand Memes

San alberto magno

San alberto magno

Motivational Memes

Motivational Memes

Burris memes

Burris memes

DevSecOps Singapore introduction

DevSecOps Singapore introduction

Memes formarketing

Memes formarketing

Lajom & Magno

Lajom & Magno

DoD Enterprise DevSecOps Fundamentals · 2021. 6. 11. · DevSecOps, including normalized definitions of DevSecOps concepts. Other pertinent information is captured in corresponding

DoD Enterprise DevSecOps Fundamentals · 2021. 6. 11. · DevSecOps, including normalized definitions of DevSecOps concepts. Other pertinent information is captured in corresponding

Memes Overview

Memes Overview

Piya Tan SD 26.3 Memes 3 Memes - Dharmafarerdharmafarer.org/wordpress/wp-content/uploads/2009/12/26.3-Memes...Piya Tan SD 26.3 Memes 31 Memes An idea of samsaric genes Theme: How religion

Piya Tan SD 26.3 Memes 3 Memes - Dharmafarerdharmafarer.org/wordpress/wp-content/uploads/2009/12/26.3-Memes...Piya Tan SD 26.3 Memes 31 Memes An idea of samsaric genes Theme: How religion

Humanising DevSecOps

Humanising DevSecOps

Final Ppt_Mendoza & Magno

Final Ppt_Mendoza & Magno

Grammarware Memes

Grammarware Memes

DevSecOps of Containerization

DevSecOps of Containerization

Exorcismo Magno

Exorcismo Magno

A Proposition on Memes and Meta-Memes in Computing for Higher ...

A Proposition on Memes and Meta-Memes in Computing for Higher ...

A proposition on memes and meta-memes in computing for ...memetic-computing.org/publication/journal/memes-meta-memes.pdfing with memes and meta-memes, exposing some important issues

A proposition on memes and meta-memes in computing for ...memetic-computing.org/publication/journal/memes-meta-memes.pdfing with memes and meta-memes, exposing some important issues

Magno - Major Desatre

Magno - Major Desatre

DevSecOps in 10 minutes

DevSecOps in 10 minutes