SlideShare une entreprise Scribd logo

Seven Deadly Saves To Security With Integrations

S
SBWebinars

As software increasingly plays a critical role in how leaders run businesses, we are seeing that organizations want more software produced faster while at the same time protecting themselves against cyber attackers who are finding software a more attractive target to explore. For security professionals, this expanded and more complex threat landscape requires taking on a new defensive approach that is different from the traditional playbook they have been following. For developers, this simply means that their jobs are changing. The need to get software out the door faster has led to a shift to DevSecOps – where software ships quickly and incrementally, and where both teams address security and operational concerns early and often.

Technologie
1  sur  29
Télécharger pour lire hors ligne
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.1 DEVSECOPS
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.2 Who are we? Tim Jarrett (@tojarrett) • Over 20 years in software: development, project management, product management & strategy • At Veracode since 2008 • Grammy award winner, Bacon number of 3 Diptesh Shah • Over 15 years experience as a developer and engineering leader • At Veracode since 2017 • Recent Winter Olympics “swept” me into Curling
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.3 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Why appsec integrations?
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.4 • Continuous Delivery • Shorten feedback loops • Learn quickly DevSecOps: the end of manual security?
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.5 Fix earlier = fix cheaper 0 20 40 60 80 100 120 Design Implementation Testing Maintenance Source: IBM,based on Boehm, 1981/2001
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.6 Avoid rework Code Ship Discover issue Fix and ship again Development process – current state Code Discover issue Fix issue Ship Development process with integrations
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.7 Avoid context switching
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.8 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.9 DevSecOps – Follow the Code
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.10 Code phase 1 Develop 2 Check in Team processes (build, test, agile planning)
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.11 Build phase 1 Get latest check-ins from source control 2 Build and Run Tests Test Failures 3 Stage/ Deploy
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.12 Deploy and Production phase Deployment pipeline Stage/ Deploy Monitor for Incidents Scan for issues in production
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.13 Different development methodologies = different integration approaches Waterfall Agile DevOps 1-4 Releases Per Year 12-24 Releases Per Year 100+ Releases Per Year 50+ people 6-12 people 6-12 people
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.14 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog (tickets) Waterfall to agile: “build and test” Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 3a Manual Testing*
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.15 CI CD 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog DevOps: Protect the Pipeline Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.16 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.17 Veracode Integrations Team Focused on delivering integration capabilities with the Veracode platform that enable development teams to “shift security left” and make the idea of “DevSecOps” a reality. • 12 person team; geographically distributed • Responsible for 20+ applications & supporting modules • 75 releases in 2017 (on pace for 144 releases in 2018) • SAFe / Agile Scrum • DevSecOps (evolution continues) • Vested interest in achieving our mission!!
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.18 In The Beginning 3 Build 4 Static Analysis 5 Security Results 2 Check in 1 Develop Backlog Scheduled Build Nightly/ weekly
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.19 Initially Fast Forward to Now Empower Developers – IDE Integration 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1a Greenlight Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.20 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assessment – Build Server Integration 6 Static Analysis Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis Security Results 7
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.21 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Issue Tracking Nightly/ weekly Scheduled Build 1a Greenlight Static Analysis 6 Static Analysis 5 Build 7 Synchronize
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.22 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assurance – Fail the Build Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.23 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis Manual acceptance testing, move to stage, move to prod
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.24 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance – End Goal Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.25 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Making it happen
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.26 Relationships • Who is your peer in development / security? • Do you meet with them? • Do you understand each others’ goals? • Are you sympathetic to each others struggles?
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.27 Accountability • Shared between development and security • Part of annual goals for both teams • Measured and reported regularly
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.28 Plan Code Build Test Stage Deploy Monitor Shift Left & Monitor Dynamic Application Security Testing Runtime Application Self Protection Open Source Risk MonitoringStatic Application Security Testing + 3rd Party Risk Analysis Training (eLearning, instructor led, metadata driven) Manual Penetration Testing Red Team Activities Remediation and Mitigation Guidance Secure Code Reviews Threat Modeling Security Grooming Secure Design
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.29 © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES. Questions? @tojarrett

Recommandé

Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...CA Technologies
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTechWell
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionJosh Gough
 
Leading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the TrenchesLeading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the TrenchesDevOps.com
 
Testing in a DevOps team
Testing in a DevOps teamTesting in a DevOps team
Testing in a DevOps teamLaurent PY
 
Continuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and MilestonesContinuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and MilestonesDevOps.com
 
DevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente RotterdamDevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente RotterdamMiel Donkers
 

Recommandé

Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...CA Technologies
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTechWell
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTechWell
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionJosh Gough
 
Leading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the TrenchesLeading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the TrenchesDevOps.com
 
Testing in a DevOps team
Testing in a DevOps teamTesting in a DevOps team
Testing in a DevOps teamLaurent PY
 
Continuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and MilestonesContinuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and MilestonesDevOps.com
 
DevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente RotterdamDevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente RotterdamMiel Donkers
 
DevOps+ to Leverage Software Development
DevOps+ to Leverage Software DevelopmentDevOps+ to Leverage Software Development
DevOps+ to Leverage Software DevelopmentDOCOMO Innovations, Inc.
 
Angelique henry performance non regression
Angelique henry performance non regressionAngelique henry performance non regression
Angelique henry performance non regression🎸 Angélique Jard 🎸
 
Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing SOASTA
 
How to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsHow to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsEthan Ram
 
How a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryHow a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryXebiaLabs
 
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalAgile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalXebia IT Architects
 
Performance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsPerformance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsTechWell
 
Agile Load Testing In The Real World
Agile Load Testing In The Real WorldAgile Load Testing In The Real World
Agile Load Testing In The Real WorldSOASTA
 
Testing in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionTesting in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionMichael Palotas
 
Solve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsSolve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsJosiah Renaudin
 
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Serena Software
 
ApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexVamshidhar Gandham
 
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...Jennifer Finney
 
Requirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project EnvironmentRequirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project EnvironmentAssociation for Project Management
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi AgileSparks
 
Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018DevOps.com
 
ITIL® Release, Control and Validation
ITIL® Release, Control and ValidationITIL® Release, Control and Validation
ITIL® Release, Control and Validationmitchell burner
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSai Jithesh ☁️
 
What's the State of Agile Software Development?
What's the State of Agile Software Development?What's the State of Agile Software Development?
What's the State of Agile Software Development?VersionOne
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudSOASTA
 
Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityRocket Software
 
Extend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITExtend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITDevOps.com
 

Contenu connexe

Tendances

Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing SOASTA
 
How to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsHow to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsEthan Ram
 
How a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryHow a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryXebiaLabs
 
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalAgile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalXebia IT Architects
 
Performance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsPerformance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsTechWell
 
Agile Load Testing In The Real World
Agile Load Testing In The Real WorldAgile Load Testing In The Real World
Agile Load Testing In The Real WorldSOASTA
 
Testing in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionTesting in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionMichael Palotas
 
Solve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsSolve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsJosiah Renaudin
 
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Serena Software
 
ApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexVamshidhar Gandham
 
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...Jennifer Finney
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi AgileSparks
 
Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018DevOps.com
 
ITIL® Release, Control and Validation
ITIL® Release, Control and ValidationITIL® Release, Control and Validation
ITIL® Release, Control and Validationmitchell burner
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSai Jithesh ☁️
 
What's the State of Agile Software Development?
What's the State of Agile Software Development?What's the State of Agile Software Development?
What's the State of Agile Software Development?VersionOne
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudSOASTA
 

Tendances (20)

DevOps+ to Leverage Software Development
DevOps+ to Leverage Software DevelopmentDevOps+ to Leverage Software Development
DevOps+ to Leverage Software Development
 
Angelique henry performance non regression
Angelique henry performance non regressionAngelique henry performance non regression
Angelique henry performance non regression
 
Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing
 
How to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsHow to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business Terms
 
How a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryHow a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous Delivery
 
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalAgile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
 
Performance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsPerformance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps Environments
 
Agile Load Testing In The Real World
Agile Load Testing In The Real WorldAgile Load Testing In The Real World
Agile Load Testing In The Real World
 
Testing in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionTesting in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detection
 
Solve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsSolve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOps
 
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
 
ApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apex
 
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
 
Requirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project EnvironmentRequirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project Environment
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi
 
Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018
 
ITIL® Release, Control and Validation
ITIL® Release, Control and ValidationITIL® Release, Control and Validation
ITIL® Release, Control and Validation
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & Agile
 
What's the State of Agile Software Development?
What's the State of Agile Software Development?What's the State of Agile Software Development?
What's the State of Agile Software Development?
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the Cloud
 

Similaire à Seven Deadly Saves To Security With Integrations

Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityRocket Software
 
Extend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITExtend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITDevOps.com
 
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG EnterpriseA Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG EnterpriseeG Innovations
 
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...CA Technologies
 
Components of CI/CD in DevOps
Components of CI/CD in DevOpsComponents of CI/CD in DevOps
Components of CI/CD in DevOpssunil173422
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueRapidValue
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything CA Technologies
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Deborah Schalm
 
DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017Jouni Jätyri
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageDevOps.com
 
Developing a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDeveloping a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDevOps.com
 
This is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy WebinarThis is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy WebinarAntoine Craske
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Amazon Web Services
 
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...eG Innovations
 
Case Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation JourneyCase Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation JourneyCA Technologies
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline DevOps.com
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingTechWell
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator DevOps.com
 

Similaire à Seven Deadly Saves To Security With Integrations (20)

Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
 
Extend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITExtend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid IT
 
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG EnterpriseA Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
 
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
 
Components of CI/CD in DevOps
Components of CI/CD in DevOpsComponents of CI/CD in DevOps
Components of CI/CD in DevOps
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
 
DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security Coverage
 
Developing a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDeveloping a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps Success
 
This is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy WebinarThis is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy Webinar
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
 
Agile and Stage-Gate - Getting it Right
Agile and Stage-Gate - Getting it RightAgile and Stage-Gate - Getting it Right
Agile and Stage-Gate - Getting it Right
 
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
 
Case Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation JourneyCase Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous Testing
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 

Plus de SBWebinars

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSBWebinars
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySBWebinars
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...SBWebinars
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelSBWebinars
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application SecuritySBWebinars
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainSBWebinars
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...SBWebinars
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud SecuritySBWebinars
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementSBWebinars
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixSBWebinars
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementSBWebinars
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemSBWebinars
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouSBWebinars
 

Plus de SBWebinars (20)

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside Out
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application Security
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply Chain
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need Them
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
 

Dernier

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Dernier (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Seven Deadly Saves To Security With Integrations

  • 1. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.1 DEVSECOPS
  • 2. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.2 Who are we? Tim Jarrett (@tojarrett) • Over 20 years in software: development, project management, product management & strategy • At Veracode since 2008 • Grammy award winner, Bacon number of 3 Diptesh Shah • Over 15 years experience as a developer and engineering leader • At Veracode since 2017 • Recent Winter Olympics “swept” me into Curling
  • 3. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.3 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Why appsec integrations?
  • 4. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.4 • Continuous Delivery • Shorten feedback loops • Learn quickly DevSecOps: the end of manual security?
  • 5. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.5 Fix earlier = fix cheaper 0 20 40 60 80 100 120 Design Implementation Testing Maintenance Source: IBM,based on Boehm, 1981/2001
  • 6. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.6 Avoid rework Code Ship Discover issue Fix and ship again Development process – current state Code Discover issue Fix issue Ship Development process with integrations
  • 7. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.7 Avoid context switching
  • 8. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.8 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
  • 9. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.9 DevSecOps – Follow the Code
  • 10. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.10 Code phase 1 Develop 2 Check in Team processes (build, test, agile planning)
  • 11. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.11 Build phase 1 Get latest check-ins from source control 2 Build and Run Tests Test Failures 3 Stage/ Deploy
  • 12. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.12 Deploy and Production phase Deployment pipeline Stage/ Deploy Monitor for Incidents Scan for issues in production
  • 13. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.13 Different development methodologies = different integration approaches Waterfall Agile DevOps 1-4 Releases Per Year 12-24 Releases Per Year 100+ Releases Per Year 50+ people 6-12 people 6-12 people
  • 14. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.14 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog (tickets) Waterfall to agile: “build and test” Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 3a Manual Testing*
  • 15. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.15 CI CD 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog DevOps: Protect the Pipeline Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Static Analysis
  • 16. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.16 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
  • 17. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.17 Veracode Integrations Team Focused on delivering integration capabilities with the Veracode platform that enable development teams to “shift security left” and make the idea of “DevSecOps” a reality. • 12 person team; geographically distributed • Responsible for 20+ applications & supporting modules • 75 releases in 2017 (on pace for 144 releases in 2018) • SAFe / Agile Scrum • DevSecOps (evolution continues) • Vested interest in achieving our mission!!
  • 18. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.18 In The Beginning 3 Build 4 Static Analysis 5 Security Results 2 Check in 1 Develop Backlog Scheduled Build Nightly/ weekly
  • 19. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.19 Initially Fast Forward to Now Empower Developers – IDE Integration 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1a Greenlight Static Analysis
  • 20. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.20 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assessment – Build Server Integration 6 Static Analysis Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis Security Results 7
  • 21. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.21 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Issue Tracking Nightly/ weekly Scheduled Build 1a Greenlight Static Analysis 6 Static Analysis 5 Build 7 Synchronize
  • 22. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.22 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assurance – Fail the Build Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis
  • 23. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.23 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis Manual acceptance testing, move to stage, move to prod
  • 24. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.24 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance – End Goal Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis
  • 25. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.25 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Making it happen
  • 26. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.26 Relationships • Who is your peer in development / security? • Do you meet with them? • Do you understand each others’ goals? • Are you sympathetic to each others struggles?
  • 27. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.27 Accountability • Shared between development and security • Part of annual goals for both teams • Measured and reported regularly
  • 28. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.28 Plan Code Build Test Stage Deploy Monitor Shift Left & Monitor Dynamic Application Security Testing Runtime Application Self Protection Open Source Risk MonitoringStatic Application Security Testing + 3rd Party Risk Analysis Training (eLearning, instructor led, metadata driven) Manual Penetration Testing Red Team Activities Remediation and Mitigation Guidance Secure Code Reviews Threat Modeling Security Grooming Secure Design
  • 29. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.29 © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES. Questions? @tojarrett