SlideShare une entreprise Scribd logo

Shift Left for More Secure Apps with F5 NGINX

Télécharger en tant que PPTX, PDF
N
NGINX, Inc.

Learn how to automate application security into your CI/CD pipeline with NGINX App Protect WAF and DoS and protect your apps from attacks.

Logiciels
1  sur  31
Shift Left for More Secure Apps with F5 NGINX Thelen Blum Sr. Product Marketing Manager, F5 NGINX September 21, 2022 Fabrizio Fiorucci EMEA Solutions Architect, F5
©2022 F5 2 Agenda How is business digital transformation shifting the security paradigm? Shift Left – What is it? Why adopt a DevSecOps culture? DevSecOps - challenges, benefits and a path forward How NGINX App Protect can help organizations Shift Left Demo Best Practices what to consider when moving towards a Shift Left culture on the road to DevSecOps
©2022 F5 3 Business Digital Transformation Continues to Ramp in 2022 ALMOST TWO-THIRDS OF ORGANIZATIONS ARE WORKING ON AI-RELATED PROJECTS
©2022 F5 4 APP PORTFOLIO GROWS AND MODNERNATION CONTINUES WITH MULTI-CLOUD DEPLOYMENTS How Many Apps do Most Organizations Have Today? Source: F5 State of Application Strategy Report 2022 - up 31% from 5 years ago 77% of those surveyed run apps in multiple clouds with 95% modernizing older applications.
©2022 F5 5 CONTAINERS FOUND TO LACK SECURITY DUE TO CODE AND CONFIGURATION VULENRABILITIES Web Applications Remain a Top Attack Vector Source: Forrester, The State of Application Security, 2021
©2022 F5 6 Software Vulnerabilities & Common Attack Vectors SOFTWARE VULNERABILITIES IN APPLICATION STACKS (CVEs) Software vulnerabilities are found in components of virtually all software stacks • Operating systems (Windows, Linux, containers) • Application servers • Support libraries • Programming languages • 3rd party libraries (NPM, CPAN, Ruby Gems) Threats such as Injection and XSS are well known, but difficult to mitigate, thus remarkably common • Injection (SQLi) • Cross Site Scripting (XSS) • Cross-site request forgery • Insecure deserialization FREQUENTLY OCCURRING WEAKNESSES IN APPLICATION CODE (OWASP Top 10)
©2022 F5 7 Shif Left - refers to shifting “security” left and embedding security by design throughout the entire software development lifecycle. Some organizations also refer to shift left or shifting left as a “Security First” strategy or automating security-as-code into each stage of the continuous integration and continuous deployment (CI/CD) pipeline. This represents a change within in an organization from a DevOps to a DevSecOps culture. Shift Left - What is it? Continuous Integration / Continuous Deployment Pipeline
©2022 F5 8 MOST SIGNIFICANT COST SAVINGS IN THE 2021 IBM COST OF A DATA BREACH REPORT Security Automation and AI Reduced Breach Costs by 80% Source: Ponemon and IBM Security Cost of a Data Breach Report 2021
©2022 F5 9 HOW SECURE IS THE APPLICATION SOFTWARE IN YOUR CI/CD PIPELINE? Shifting Left Could Help You Prevent Significant Breaches • 2021 Git Server of the PHP Programming Languages Supply Chain Attack • Hackers pushed unauthorized updates to create a secret backdoor into its source code enabling attacker to take full control over any website. • PHP runs on an estimated 79% of websites. In this case, this attack was averted due to a discovery by community members. • 2020 SolarWinds Software Supply Chain Cyberattack – 30,000+ customers affected including the US Federal Government, Microsoft, Intel and FireEye • State Sponsored hackers added malicious code, “Starburst”, into the company’s IT performance monitoring system, Orion, sent to customers as a software update • The malicious code created a back door to customers IT resources for spying – one of the most significant cyber attacks in history • 2021 Codecov Supply Chain Hack – 29,000 customers affected including Twilio, HashiCorp, Rapid7 and Confluent • Attackers exploited an error in Codecov’s Docker image creation process and modified “Bash Uploader” script to create a backdoor to exfiltrate data from a CI build • Second most significant attack after SolarWinds
©2022 F5 1 0 Security Automation can Reduce a Breach Lifecycle by 77 Days
©2022 F5 1 1 Why are organizations moving to automating security early in the SDLC and adopting a DevSecOps culture? Benefits include the ability to incorporate security early, accelerate software development, provide agility and velocity, and save time and money in addition to the following: • Finding vulnerabilities early and fixing them • Building a more secure and reliable application (software-as-code / infrastructure-as-code) • Remove human error, deliver predictability • Enhanced compliance • Minimizing Risk and Reducing the Cost of a Breach • Taking advantage of cloud infrastructure and OpEx benefits • Providing a better customer experience (CX) • Faster time-to-market Security should be thought of as having its own operational lifecycle that extends beyond the SDLC.
©2022 F5 1 2 Top Three Org ChallengesAdopting DevSecOps 1 2 17.0% 19.5% 27.5% 28.0% 32.5% 44.5% 45.5% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Budget constraints Lack ownership of security by DevOps teams Fear security testing will slow down DevOps processes Lack of mature processes Knowledge/Job skills/training Lack collaboration between DevOps and security teams Overall organizational cultural resistance © IDC What are your top 3 organizational challenges with regards to DevSecOps adoption [Select up to 3]?  ToC n = 200 Source: US Survey of DevSecOps Adopters, Dec 2020
©2022 F5 1 3 DevOps SecOps AppDev • Understaffed and struggle to keep up with rapidly changing threats • Business leaders consider compliance versus security the goal • Tool sprawl and inconsistent security policies spanning multiple architectures and clouds creates risk • Security slows down the application lifecycle and is perceived as a bottleneck • CI/CD pipelines that automate app development/deployment lack security • Business imperatives and incentives such as time to market compel DevOps to bypass SecOps. DevOps KPIs do not include security-related metrics • Developer training on security is lacking • Developers are focused on modern app development and are not able to stay abreast of the security landscape • Cloud and open-source software introduce unknown risks to the business Team Pain Points to Consider whenAdopting DevSecOps
©2022 F5 1 4 Bridging the gap from DevOps to DevSecOps One team, one objective Fluid integration Different teams, different interests Friction Goal: Infuse good security practices into development DevOps SecOps Dev Sec Ops Security Automation
©2022 F5 1 5 1 Security 10 DevOps Developers 100 REALITY: THE AGILE IMBALANCE The CI/CD Pipeline is Built for Speed, Not Security “Waterfall” security policies often don’t translate well to Agile and cloud environments. Security control objectives can’t be adequately applied and enforced.
©2022 F5 1 6 Enabling Security-as-Code DEV SEC OPS Integration into application security right from the start Automates security gates to keep the DevOps workflow from slowing down Enables DevOps to consume SecOps managed policies to create a culture of DevSecOps
©2022 F5 1 7 Tools to Automate Security within your CI/CD Pipeline
©2022 F5 1 8 Why a WAF is Critical for App Security and Protecting your Apps from Attacks Active attacks Vulnerabilities Risk and address compliance
©2022 F5 1 9 Strong App and API Security Built for Modern Apps CI/CD Friendly NGINX App Protect WAF and DoS
©2022 F5 2 0 NGINX App Protect WAF and DoS Deployment Options 3
©2022 F5 2 1 CONFIDENTIAL NGINX App Protect WAF Secures Your Apps Against the Most SophisticatedAttacks A LIGHTWEIGHT, HIGH PERFORMANCE, MODERN APP SOFTWARE SECURITY SOLUTION
©2022 F5 2 2 CONFIDENTIAL NGINX App Protect DoS Secures Your Apps from Layer 7 DoS Attacks A DYNAMIC, DoS SECURITY SOLUTION WITH ADAPTIVE LEARNING AND AUTOMATED PROTECTION
©2022 F5 2 3 CONFIDENTIAL Shifting Left for Modern Apps with NGINX App Protect AUTOMATE SECURITY AS CODE WITH NGINX APP PROTECT WAF AND DOS Source Code Repository CI/CD Pipeline Tool IT Automation Application code/config for App X security policy/config for App X Pipeline for build/test/deploy of App X Ansible playbook for deployment of App X with its app services Owned by SecOps Operated by DevOps { "entityChanges": { "type": "explicit" }, "entity": { "name": "bak" }, "entityKind": "tm:asm:policies:filetypes:filetypestate", "action": "delete", "description": "Delete Disallowed File Type" } o Declarative security policy (JSON file) allows DevOps to use CI/CD tools natively o The same policy can be pushed to the application from a developer tool o Allows SecOps to own the file and DevOps owns everything else including security as a part of testing
©2022 F5 2 4 CONFIDENTIAL Shifting Left with NGINX App Protect – Demo • SecOps define NGINX App Protect WAF security policies • WAF policies, certificates and configuration snippets are stored on the source of truth (GitHub) • DevOps use CI/CD pipelines to publish applications through NGINX with WAF security enabled • NGINX Instance Manager applies policies as part of the CI/CD pipeline GitOps Automation Via CI/CD
©2022 F5 2 5 DEMO
©2022 F5 2 6 Shifting Left with NGINX App Protect - Review Staged Config creation CI/CD pipeline Catalog objects retrieval Configuration published to Instance Group Configuration committed
©2022 F5 2 7 CONFIDENTIAL Shifting Left with NGINX App Protect WAF and DoS Built for Modern Apps CI/CD Friendly Strong App & API Security
©2022 F5 2 8 • Nurture a culture where there is an understanding that security is everyone’s responsibility. • Think of security as an operational lifecycle, not just hardware or software based, it’s a combination of methodology, training and policy. • Select cloud agnostic tools – these are important to providing you with flexibility for using different cloud platforms and security tools for business reasons, costs internal needs and / or customer requirements. (Universal tools example: WAFs, APIs, Terraform, Puppet, Chef, Jenkins, etc.) • Create a liaison between DevOps, Security and AppDev teams to understand the difference between policy vs. what is practical. Best Practices – What to Consider when moving towards a Shift Left Culture on the Road to DevSecOps
©2022 F5 2 9 Q & A
©2022 F5 3 0 Test Drive NGINX App Protect TODAY https://www.nginx.com/free-trial-request/ https://www.nginx.com/success-stories/modern-hire-and- nginx-deliver-modern-app-security-in-the-cloud/
Shift Left for More Secure Apps with F5 NGINX

Recommandé

Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceNGINX, Inc.
 
[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdf
[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdf[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdf
[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdfJo Hoon
 
Moving a Monolith to Kubernetes
Moving a Monolith to KubernetesMoving a Monolith to Kubernetes
Moving a Monolith to KubernetesM. Scott Ford
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdKohei Tokunaga
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Nalee Jang
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링
[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링
[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링OpenStack Korea Community
 
ISO 27001:2022 implementatieplan - stappenplan
ISO 27001:2022 implementatieplan - stappenplanISO 27001:2022 implementatieplan - stappenplan
ISO 27001:2022 implementatieplan - stappenplanAd Voets
 

Recommandé

Installing and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceInstalling and Configuring NGINX Open Source
Installing and Configuring NGINX Open SourceNGINX, Inc.
 
[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdf
[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdf[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdf
[GuideDoc] Deploy EKS thru eksctl - v1.22_v0.105.0.pdfJo Hoon
 
Moving a Monolith to Kubernetes
Moving a Monolith to KubernetesMoving a Monolith to Kubernetes
Moving a Monolith to KubernetesM. Scott Ford
 
Introduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdIntroduction and Deep Dive Into Containerd
Introduction and Deep Dive Into ContainerdKohei Tokunaga
 
Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Red Hat OpenStack 17 저자직강+스터디그룹_1주차
Red Hat OpenStack 17 저자직강+스터디그룹_1주차Nalee Jang
 
VMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectVMware NSX - Lessons Learned from real project
VMware NSX - Lessons Learned from real projectDavid Pasek
 
[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링
[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링
[OpenInfra Days Korea 2018] (Track 4) - Grafana를 이용한 OpenStack 클라우드 성능 모니터링OpenStack Korea Community
 
ISO 27001:2022 implementatieplan - stappenplan
ISO 27001:2022 implementatieplan - stappenplanISO 27001:2022 implementatieplan - stappenplan
ISO 27001:2022 implementatieplan - stappenplanAd Voets
 
[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축
[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축
[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축Ji-Woong Choi
 
Using Docker for Testing
Using Docker for TestingUsing Docker for Testing
Using Docker for TestingMukta Aphale
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSNGINX, Inc.
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes ArchitectureKnoldus Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practiceRoom 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practiceVietnam Open Infrastructure User Group
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceNGINX, Inc.
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network ViewNeuVector
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0MohamedAzizKandil1
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshoploodse
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenTrang Nguyen
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstackAchhar Kalia
 
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發Edward Kuo
 
Hci solution with VxRail
Hci solution with VxRailHci solution with VxRail
Hci solution with VxRailAnton An
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack NetworkingIlya Shakhat
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법Open Source Consulting
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Nalee Jang
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your BusinessWeCode Inc
 

Contenu connexe

Tendances

[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축
[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축
[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축Ji-Woong Choi
 
Using Docker for Testing
Using Docker for TestingUsing Docker for Testing
Using Docker for TestingMukta Aphale
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSNGINX, Inc.
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes ArchitectureKnoldus Inc.
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch TuesdayIvanti
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceNGINX, Inc.
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network ViewNeuVector
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0MohamedAzizKandil1
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshoploodse
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenTrang Nguyen
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstackAchhar Kalia
 
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發Edward Kuo
 
Hci solution with VxRail
Hci solution with VxRailHci solution with VxRail
Hci solution with VxRailAnton An
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack NetworkingIlya Shakhat
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법Open Source Consulting
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Nalee Jang
 

Tendances (20)

[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축
[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축
[오픈소스컨설팅]쿠버네티스를 활용한 개발환경 구축
 
Using Docker for Testing
Using Docker for TestingUsing Docker for Testing
Using Docker for Testing
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWS
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practiceRoom 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
Room 2 - 1 - Phạm Quang Minh - A real DevOps culture in practice
 
June 2023 Patch Tuesday
June 2023 Patch TuesdayJune 2023 Patch Tuesday
June 2023 Patch Tuesday
 
Best Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open SourceBest Practices for Getting Started with NGINX Open Source
Best Practices for Getting Started with NGINX Open Source
 
Docker Container Security - A Network View
Docker Container Security - A Network ViewDocker Container Security - A Network View
Docker Container Security - A Network View
 
Nsx t reference design guide 3-0
Nsx t reference design guide 3-0Nsx t reference design guide 3-0
Nsx t reference design guide 3-0
 
Kubernetes Workshop
Kubernetes WorkshopKubernetes Workshop
Kubernetes Workshop
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
 
Packet flow on openstack
Packet flow on openstackPacket flow on openstack
Packet flow on openstack
 
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發
[2018 .NET Conf].NET Core與Azure DevOps應用於企業開發
 
Hci solution with VxRail
Hci solution with VxRailHci solution with VxRail
Hci solution with VxRail
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack Networking
 
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
[오픈소스컨설팅] 쿠버네티스와 쿠버네티스 on 오픈스택 비교 및 구축 방법
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차Red Hat OpenStack 17 저자직강+스터디그룹_2주차
Red Hat OpenStack 17 저자직강+스터디그룹_2주차
 

Similaire à Shift Left for More Secure Apps with F5 NGINX

Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your BusinessWeCode Inc
 
Application Security with NGINX | APAC
Application Security with NGINX | APACApplication Security with NGINX | APAC
Application Security with NGINX | APACNGINX, Inc.
 
Application Security with NGINX
Application Security with NGINXApplication Security with NGINX
Application Security with NGINXNGINX, Inc.
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secopsMohammed Ahmed
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsDevOps.com
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtectNGINX, Inc.
 
Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSecPhillip Marlow
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesAvi Networks
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOpsAnshulkichara3
 
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...Urolime Technologies
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Enov8
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsXebiaLabs
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 

Similaire à Shift Left for More Secure Apps with F5 NGINX (20)

Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
 
2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business
 
Application Security with NGINX | APAC
Application Security with NGINX | APACApplication Security with NGINX | APAC
Application Security with NGINX | APAC
 
Application Security with NGINX
Application Security with NGINXApplication Security with NGINX
Application Security with NGINX
 
DevOps trends to look out for in 2022
DevOps trends to look out for in 2022DevOps trends to look out for in 2022
DevOps trends to look out for in 2022
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
10 things to get right for successful dev secops
10 things to get right for successful dev secops10 things to get right for successful dev secops
10 things to get right for successful dev secops
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
 
Découvrez NGINX AppProtect
Découvrez NGINX AppProtectDécouvrez NGINX AppProtect
Découvrez NGINX AppProtect
 
Using Cloud to Improve AppSec
Using Cloud to Improve AppSecUsing Cloud to Improve AppSec
Using Cloud to Improve AppSec
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPSecuring Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAP
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
 
understanding devops security - DevSecOps
understanding devops security - DevSecOpsunderstanding devops security - DevSecOps
understanding devops security - DevSecOps
 
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
DevSecOps Trends in 2022 How to Stay Secured, Innovative, and Productive in D...
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?
 
Infrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale OrganizationsInfrastructure as Code in Large Scale Organizations
Infrastructure as Code in Large Scale Organizations
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 

Plus de NGINX, Inc.

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法NGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナーNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法NGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3NGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101NGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...NGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXNGINX, Inc.
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes APINGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxNGINX, Inc.
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティKubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティNGINX, Inc.
 
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...NGINX, Inc.
 
Open Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and DemoOpen Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and DemoNGINX, Inc.
 

Plus de NGINX, Inc. (20)

【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
 
Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3Get Hands-On with NGINX and QUIC+HTTP/3
Get Hands-On with NGINX and QUIC+HTTP/3
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & KubecostManaging Kubernetes Cost and Performance with NGINX & Kubecost
Managing Kubernetes Cost and Performance with NGINX & Kubecost
 
Manage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with ObservabilityManage Microservices Chaos and Complexity with Observability
Manage Microservices Chaos and Complexity with Observability
 
Accelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with AutomationAccelerate Microservices Deployments with Automation
Accelerate Microservices Deployments with Automation
 
Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101Unit 2: Microservices Secrets Management 101
Unit 2: Microservices Secrets Management 101
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices ArchitecturesUnit 1: Apply the Twelve-Factor App to Microservices Architectures
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINXKeep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
 
Protecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINXProtecting Apps from Hacks in Kubernetes with NGINX
Protecting Apps from Hacks in Kubernetes with NGINX
 
NGINX Kubernetes API
NGINX Kubernetes APINGINX Kubernetes API
NGINX Kubernetes API
 
Successfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINXSuccessfully Implement Your API Strategy with NGINX
Successfully Implement Your API Strategy with NGINX
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptxHow to Avoid the Top 5 NGINX Configuration Mistakes.pptx
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
 
Kubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティKubernetes環境で実現するWebアプリケーションセキュリティ
Kubernetes環境で実現するWebアプリケーションセキュリティ
 
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
Software Delivery and the Rube Goldberg Machine: What Is the Problem We Are T...
 
Open Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and DemoOpen Sourcing NGINX Agent and Demo
Open Sourcing NGINX Agent and Demo
 

Dernier

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 

Dernier (20)

GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 

Shift Left for More Secure Apps with F5 NGINX

  • 1. Shift Left for More Secure Apps with F5 NGINX Thelen Blum Sr. Product Marketing Manager, F5 NGINX September 21, 2022 Fabrizio Fiorucci EMEA Solutions Architect, F5
  • 2. ©2022 F5 2 Agenda How is business digital transformation shifting the security paradigm? Shift Left – What is it? Why adopt a DevSecOps culture? DevSecOps - challenges, benefits and a path forward How NGINX App Protect can help organizations Shift Left Demo Best Practices what to consider when moving towards a Shift Left culture on the road to DevSecOps
  • 3. ©2022 F5 3 Business Digital Transformation Continues to Ramp in 2022 ALMOST TWO-THIRDS OF ORGANIZATIONS ARE WORKING ON AI-RELATED PROJECTS
  • 4. ©2022 F5 4 APP PORTFOLIO GROWS AND MODNERNATION CONTINUES WITH MULTI-CLOUD DEPLOYMENTS How Many Apps do Most Organizations Have Today? Source: F5 State of Application Strategy Report 2022 - up 31% from 5 years ago 77% of those surveyed run apps in multiple clouds with 95% modernizing older applications.
  • 5. ©2022 F5 5 CONTAINERS FOUND TO LACK SECURITY DUE TO CODE AND CONFIGURATION VULENRABILITIES Web Applications Remain a Top Attack Vector Source: Forrester, The State of Application Security, 2021
  • 6. ©2022 F5 6 Software Vulnerabilities & Common Attack Vectors SOFTWARE VULNERABILITIES IN APPLICATION STACKS (CVEs) Software vulnerabilities are found in components of virtually all software stacks • Operating systems (Windows, Linux, containers) • Application servers • Support libraries • Programming languages • 3rd party libraries (NPM, CPAN, Ruby Gems) Threats such as Injection and XSS are well known, but difficult to mitigate, thus remarkably common • Injection (SQLi) • Cross Site Scripting (XSS) • Cross-site request forgery • Insecure deserialization FREQUENTLY OCCURRING WEAKNESSES IN APPLICATION CODE (OWASP Top 10)
  • 7. ©2022 F5 7 Shif Left - refers to shifting “security” left and embedding security by design throughout the entire software development lifecycle. Some organizations also refer to shift left or shifting left as a “Security First” strategy or automating security-as-code into each stage of the continuous integration and continuous deployment (CI/CD) pipeline. This represents a change within in an organization from a DevOps to a DevSecOps culture. Shift Left - What is it? Continuous Integration / Continuous Deployment Pipeline
  • 8. ©2022 F5 8 MOST SIGNIFICANT COST SAVINGS IN THE 2021 IBM COST OF A DATA BREACH REPORT Security Automation and AI Reduced Breach Costs by 80% Source: Ponemon and IBM Security Cost of a Data Breach Report 2021
  • 9. ©2022 F5 9 HOW SECURE IS THE APPLICATION SOFTWARE IN YOUR CI/CD PIPELINE? Shifting Left Could Help You Prevent Significant Breaches • 2021 Git Server of the PHP Programming Languages Supply Chain Attack • Hackers pushed unauthorized updates to create a secret backdoor into its source code enabling attacker to take full control over any website. • PHP runs on an estimated 79% of websites. In this case, this attack was averted due to a discovery by community members. • 2020 SolarWinds Software Supply Chain Cyberattack – 30,000+ customers affected including the US Federal Government, Microsoft, Intel and FireEye • State Sponsored hackers added malicious code, “Starburst”, into the company’s IT performance monitoring system, Orion, sent to customers as a software update • The malicious code created a back door to customers IT resources for spying – one of the most significant cyber attacks in history • 2021 Codecov Supply Chain Hack – 29,000 customers affected including Twilio, HashiCorp, Rapid7 and Confluent • Attackers exploited an error in Codecov’s Docker image creation process and modified “Bash Uploader” script to create a backdoor to exfiltrate data from a CI build • Second most significant attack after SolarWinds
  • 10. ©2022 F5 1 0 Security Automation can Reduce a Breach Lifecycle by 77 Days
  • 11. ©2022 F5 1 1 Why are organizations moving to automating security early in the SDLC and adopting a DevSecOps culture? Benefits include the ability to incorporate security early, accelerate software development, provide agility and velocity, and save time and money in addition to the following: • Finding vulnerabilities early and fixing them • Building a more secure and reliable application (software-as-code / infrastructure-as-code) • Remove human error, deliver predictability • Enhanced compliance • Minimizing Risk and Reducing the Cost of a Breach • Taking advantage of cloud infrastructure and OpEx benefits • Providing a better customer experience (CX) • Faster time-to-market Security should be thought of as having its own operational lifecycle that extends beyond the SDLC.
  • 12. ©2022 F5 1 2 Top Three Org ChallengesAdopting DevSecOps 1 2 17.0% 19.5% 27.5% 28.0% 32.5% 44.5% 45.5% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Budget constraints Lack ownership of security by DevOps teams Fear security testing will slow down DevOps processes Lack of mature processes Knowledge/Job skills/training Lack collaboration between DevOps and security teams Overall organizational cultural resistance © IDC What are your top 3 organizational challenges with regards to DevSecOps adoption [Select up to 3]?  ToC n = 200 Source: US Survey of DevSecOps Adopters, Dec 2020
  • 13. ©2022 F5 1 3 DevOps SecOps AppDev • Understaffed and struggle to keep up with rapidly changing threats • Business leaders consider compliance versus security the goal • Tool sprawl and inconsistent security policies spanning multiple architectures and clouds creates risk • Security slows down the application lifecycle and is perceived as a bottleneck • CI/CD pipelines that automate app development/deployment lack security • Business imperatives and incentives such as time to market compel DevOps to bypass SecOps. DevOps KPIs do not include security-related metrics • Developer training on security is lacking • Developers are focused on modern app development and are not able to stay abreast of the security landscape • Cloud and open-source software introduce unknown risks to the business Team Pain Points to Consider whenAdopting DevSecOps
  • 14. ©2022 F5 1 4 Bridging the gap from DevOps to DevSecOps One team, one objective Fluid integration Different teams, different interests Friction Goal: Infuse good security practices into development DevOps SecOps Dev Sec Ops Security Automation
  • 15. ©2022 F5 1 5 1 Security 10 DevOps Developers 100 REALITY: THE AGILE IMBALANCE The CI/CD Pipeline is Built for Speed, Not Security “Waterfall” security policies often don’t translate well to Agile and cloud environments. Security control objectives can’t be adequately applied and enforced.
  • 16. ©2022 F5 1 6 Enabling Security-as-Code DEV SEC OPS Integration into application security right from the start Automates security gates to keep the DevOps workflow from slowing down Enables DevOps to consume SecOps managed policies to create a culture of DevSecOps
  • 17. ©2022 F5 1 7 Tools to Automate Security within your CI/CD Pipeline
  • 18. ©2022 F5 1 8 Why a WAF is Critical for App Security and Protecting your Apps from Attacks Active attacks Vulnerabilities Risk and address compliance
  • 19. ©2022 F5 1 9 Strong App and API Security Built for Modern Apps CI/CD Friendly NGINX App Protect WAF and DoS
  • 20. ©2022 F5 2 0 NGINX App Protect WAF and DoS Deployment Options 3
  • 21. ©2022 F5 2 1 CONFIDENTIAL NGINX App Protect WAF Secures Your Apps Against the Most SophisticatedAttacks A LIGHTWEIGHT, HIGH PERFORMANCE, MODERN APP SOFTWARE SECURITY SOLUTION
  • 22. ©2022 F5 2 2 CONFIDENTIAL NGINX App Protect DoS Secures Your Apps from Layer 7 DoS Attacks A DYNAMIC, DoS SECURITY SOLUTION WITH ADAPTIVE LEARNING AND AUTOMATED PROTECTION
  • 23. ©2022 F5 2 3 CONFIDENTIAL Shifting Left for Modern Apps with NGINX App Protect AUTOMATE SECURITY AS CODE WITH NGINX APP PROTECT WAF AND DOS Source Code Repository CI/CD Pipeline Tool IT Automation Application code/config for App X security policy/config for App X Pipeline for build/test/deploy of App X Ansible playbook for deployment of App X with its app services Owned by SecOps Operated by DevOps { "entityChanges": { "type": "explicit" }, "entity": { "name": "bak" }, "entityKind": "tm:asm:policies:filetypes:filetypestate", "action": "delete", "description": "Delete Disallowed File Type" } o Declarative security policy (JSON file) allows DevOps to use CI/CD tools natively o The same policy can be pushed to the application from a developer tool o Allows SecOps to own the file and DevOps owns everything else including security as a part of testing
  • 24. ©2022 F5 2 4 CONFIDENTIAL Shifting Left with NGINX App Protect – Demo • SecOps define NGINX App Protect WAF security policies • WAF policies, certificates and configuration snippets are stored on the source of truth (GitHub) • DevOps use CI/CD pipelines to publish applications through NGINX with WAF security enabled • NGINX Instance Manager applies policies as part of the CI/CD pipeline GitOps Automation Via CI/CD
  • 26. ©2022 F5 2 6 Shifting Left with NGINX App Protect - Review Staged Config creation CI/CD pipeline Catalog objects retrieval Configuration published to Instance Group Configuration committed
  • 27. ©2022 F5 2 7 CONFIDENTIAL Shifting Left with NGINX App Protect WAF and DoS Built for Modern Apps CI/CD Friendly Strong App & API Security
  • 28. ©2022 F5 2 8 • Nurture a culture where there is an understanding that security is everyone’s responsibility. • Think of security as an operational lifecycle, not just hardware or software based, it’s a combination of methodology, training and policy. • Select cloud agnostic tools – these are important to providing you with flexibility for using different cloud platforms and security tools for business reasons, costs internal needs and / or customer requirements. (Universal tools example: WAFs, APIs, Terraform, Puppet, Chef, Jenkins, etc.) • Create a liaison between DevOps, Security and AppDev teams to understand the difference between policy vs. what is practical. Best Practices – What to Consider when moving towards a Shift Left Culture on the Road to DevSecOps
  • 30. ©2022 F5 3 0 Test Drive NGINX App Protect TODAY https://www.nginx.com/free-trial-request/ https://www.nginx.com/success-stories/modern-hire-and- nginx-deliver-modern-app-security-in-the-cloud/