Your Chance to Get It Right - PowerPoint Presentation

356 views
Uploaded On 2018-11-19

Your Chance to Get It Right - PPT Presentation

Five Keys to Building AppSec into DevOps Chris Wysopal Redev Boston August 8 th 2017 Applications are riskier than ever Majority of internally developed applications fail OWASP ID: 730840

security devops code commit devops security commit code applications pipeline release build fail verification analysis pass operational false testing conversation secure starters

Link:

Copy

Embed:

<iframe width="560" height="315" src="https://www.docslides.com/embed/730840" frameborder="0" allowfullscreen></iframe>

Download Presentation from below link

Download Presentation The PPT/PDF document "Your Chance to Get It Right" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentation Transcript

Slide1

Your Chance to Get It RightFive Keys to Building AppSec into DevOps

Chris Wysopal

Redev

Boston

–

August 8

, 2017Slide2

Applications are riskier than everSlide3

Majority of internally developed applications fail OWASPSlide4

DevOps enables competitivenessSlide5

Why Security is EssentialSlide6

5 steps to achieving secure DevOpsSlide7

Automate Security In

Automated

testing

Static Analysis

Software Composition Analysis

Interactive

Dynamic Analysis

Invoke via APIs from your build and release

pipeline

Still do penetration testing, but don’t gate the release on it!Slide8

2. Fail QuicklySlide9

A pipeline example

Code commit

Pre-check in review

mainline

Pre-submit verification

Pass; commit

to master

Fail

Submit verification

Full verification

Release candidateSlide10

3. No false alarmsSlide11

4. Build security champions

Build security championsSlide12

Keep operational visibility Slide13

Where should you secure DevOps?Slide14

Which of your applications will pass through a CI/CD pipeline?What tolerance do you have for “false alarms” (FPs) that is integrated into your DevOps practice?Are you using Microservices?

Conversation starters (1)Slide15

How do you plan to monitor your operational applications for security attacks?How do you plan to bring security expertise into the DevOps team?

Conversation starters (2)Slide16

Train beyond your walls

Get smart on DevOps