SlideShare une entreprise Scribd logo

Alfresco Virtual DevCon 2020 - Security First!

Télécharger en tant que PPTX, PDF
Jason Jolley
Jason Jolley

Impress your security team and avoid becoming a cautionary tale! Security needs to come first, but how? What do you do if you're not a security expert? From secure development to dealing with cloud-native infrastructure, and being ready for trouble, this presentation will help you feel secure.

1  sur  34
Security First! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley
Objective © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 2 To empower Alfresco development teams to implement their solutions in a secure manner.
Agenda © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 3 SECURITY REQUIREMENTS SECURE DEVELOPMENT CLOUD SECURITY RESOURCES
Security Requirements © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 4 Understand Current State Security Authentication Authorization Content Security Regulations Governance Controlled Distribution Redaction Annotation Compliance Going Paperless Business Continuity Business Process Automation Auditing Detect mass downloads or deletions Viruses & Malware
Alfresco and Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 5 › Core Alfresco Features › Alfresco Enterprise Viewer › Alfresco Governance Services › Alfresco Cloud › Alfresco Encrypted Content Store › Core Alfresco Architecture › SAML Single Sign-On › Identity Services › Vulnerability Alerts › Partner Solutions
Alfresco and Security Tips & Tricks Alfresco Security Best Practices Checklist https://www.slideshare.net/toniblyx/alfresco- security-best-practices-check-list-only © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 6 Alfresco’s configuration can be tweaked in many ways. The Alfresco Security Best Practices Checklist presented by Toni de la Fuente details recommended configurations. This document is five years old, but still has many useful recommendations. For example: • Disable Unneeded services • Change File Permissions • Encrypt Passwords
Alfresco and Security Tips & Tricks Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption-atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 7 Additional Alfresco Security presentations with valuable tips and tricks:
Developer Security Myths 1. Security is just a task. 2. Security is just a feature. 3. You need to be a security expert. 4. We have a security team so we’re okay. 5. This project is a small target. Hackers won’t bother. 6. We need to overhaul everything to be secure. 7. Security can wait until the end. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 8
Building A Secure Development Culture Security Training Onboarding/Offboarding Checklist Add Security to your Agenda Be Ready for an Incident Have an Escalation Path Have a Contained Sandbox © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 9
Have a Developer Code of Conduct © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 10 1. Only Ship Quality Software 2. Stable Productivity 3. Inexpensive Adaptability 4. Continuous Improvement 5. Fearless Competence 6. Extreme Quality 7. QA Will Find Nothing! 8. Automation 9. Honest Estimates 10. Say No When We Can't Commit 11. Continuous Aggressive Learning 12. Mentor Each Other 13. Not Be A Knowledge Silo 14. Be Safe *This list is influenced by Robert C. Martin’s presentation: “The Reasonable Expectations of your CTO” https://vimeo.com/54025415
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 11 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 12 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Where is Security?
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 13 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Security is Pervasive!
Secure Development – Automated Builds Manage the Security Risk of Using Third-Party Components “Dependency Management” Use Approved Tools Perform Static Analysis Security Testing Perform Dynamic Analysis Security Testing Penetration Testing Track New Vulnerabilities, Release Notes © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 14
Secure Development – Monitoring & Analytics Safe Logging Log Collection, Archival & Access Define Metrics and Compliance Reporting Triggered Alerts © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 15
Secure Development – Incident Response “Better to have, and not need, than to need, and not have” F. Kafka © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 16
Any organization looking to establish their own incident response plan can benefit from the below best practices: https://msrc-blog.microsoft.com/2019/07/01/inside-the-msrc-building-your-own-security-incident-response-process/ Secure Development – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 17 Plan Stakeholder support Practice Leadership Empower Communication Collaborate Multithread Synch Learn
Secure Development – Incident Handling Checklist Computer Security Incident Handling Guide Incident Handling Checklist https://nvlpubs.nist.gov/nistpubs/SpecialPublic ations/NIST.SP.800-61r2.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 18
Shared Responsibility Model © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 19 In the cloud, security is a partnership with your vendor. You need to be aligned on security responsibilities.
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 20 Shared Responsibility Model - AWS
© MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 21 Shared Responsibility Model - Azure
Cloud Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 22 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer OperationsMost Cloud Vendors have similar Security Concerns. These concerns can be grouped into six areas. Recommendations & Policies Cloud Security
Cloud Security Basics – Data Protection © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 23 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Encrypt data at rest Encrypt data in transit Protect data in use Use mechanisms to keep people away from data Recommendations & Policies Cloud Security
Cloud Security Basics – Identity Access Management © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 24 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Secure your account Use Centralized Identity Provider Use Multi-Factor Authentication Store Secrets Securely Recommendations & Policies Cloud Security
Cloud Security Basics – Detection & Monitoring © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 25 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Service and Application logging Monitoring and Alerts Investigate Events Use Analytics to discover malicious behavior Automatic Escalation of Events Recommendations & Policies Cloud Security
Cloud Security Basics – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 26 Data Protection Identity Access Management Detection & MonitoringIncident Response Developer Operations Have an Incident Plan Practice Responding to Events Ensure security contacts are valid and notified. Automate Responses where possible Recommendations & Policies Cloud Security
Cloud Security Basics – Recommendations & Policies © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 27 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Follow Vendor Recommendations Patch everything Secure Endpoints, Firewall, Network Define & Audit Policies Recommendations & Policies Cloud Security
Cloud Security Basics – Developer Operations © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 28 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Infrastructure as Code Continuous Integration & Deployment/Delivery Automation Release Management Auto-Scale & Load Testing Security Testing Recommendations & Policies Cloud Security
Additional References and Recommended Reading Setting up authentication and security https://docs.alfresco.com/6.2/concepts/auth-intro.html Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption- atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 29
Additional References and Recommended Reading AWS Security Checklist https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pd f AWS Well-Architected Framework https://aws.amazon.com/architecture/well-architected/ AWS Well-Architected Framework: Security Pillar https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf AWS Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/ © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 30
Additional References and Recommended Reading Azure operational security checklist https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist Microsoft Security Development Lifecycle https://www.microsoft.com/en-us/securityengineering/sdl/practices Planning and operations guide https://docs.microsoft.com/en-us/azure/security-center/security-center-planning- and-operations-guide Shared responsibility in the cloud https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 31
Additional References and Recommended Reading Cloud-native security practices in IBM Cloud https://www.ibm.com/cloud/architecture/files/ibm-cloud-security- white-paper.pdf IBM Cloud Security: An Essential Guide https://www.ibm.com/cloud/learn/cloud-security IBM Cloud Security https://www.ibm.com/security/cloud Shared responsibilities for using IBM Cloud offerings https://cloud.ibm.com/docs/overview?topic=overview-shared- responsibilities © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 32
Additional References and Recommended Reading Google Cloud security best practices center https://cloud.google.com/security/best-practices Best practices for enterprise organizations https://cloud.google.com/docs/enterprise/best- practices-for-enterprise-organizations Google Cloud security foundations guide https://services.google.com/fh/files/misc/google- cloud-security-foundations-guide.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 33
Thank You! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley

Recommandé

Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
Prathan Phongthiproek
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Cristian Garcia G.
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
Nur Shiqim Chok
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
Synopsys Software Integrity Group
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Microsoft Tech Community
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
Shah Sheikh
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 

Recommandé

Understanding ransomware
Understanding ransomwareUnderstanding ransomware
Understanding ransomware
Prathan Phongthiproek
 
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...
Cristian Garcia G.
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
Cristian Garcia G.
 
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy [Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
[Cisco Connect 2018 - Vietnam] Brian cotaz cyber security strategy
Nur Shiqim Chok
 
Webinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for DevelopersWebinar–OWASP Top 10 for JavaScript for Developers
Webinar–OWASP Top 10 for JavaScript for Developers
Synopsys Software Integrity Group
 
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Building secure cloud apps – lessons learned from Microsoft’s internal securi...
Microsoft Tech Community
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
Shah Sheikh
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Amazon Web Services
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Berezha Security Group
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Berezha Security Group
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
CA Technologies
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - Detailed
Moti Sagey מוטי שגיא
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)
Priyanka Aash
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
CA Technologies
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
VMware Tanzu
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Synopsys Software Integrity Group
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity Overview
Moti Sagey מוטי שגיא
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
Mighty Guides, Inc.
 

Contenu connexe

Tendances

Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Berezha Security Group
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Amazon Web Services
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Skycure
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Berezha Security Group
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Berezha Security Group
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
CA Technologies
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - Detailed
Moti Sagey מוטי שגיא
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Cristian Garcia G.
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)
Priyanka Aash
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
marketingunitrends
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
Prime Infoserv
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
Prime Infoserv
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
CA Technologies
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
VMware Tanzu
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Synopsys Software Integrity Group
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
Shawn Croswell
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity Overview
Moti Sagey מוטי שגיא
 

Tendances (19)

Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
 
Mobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 PredictionsMobile Security: 2016 Wrap-Up and 2017 Predictions
Mobile Security: 2016 Wrap-Up and 2017 Predictions
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
 
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
Webinar: "How to invest efficiently in cybersecurity (Return on Security Inv...
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
Check Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - DetailedCheck Point Corporate Overview 2020 - Detailed
Check Point Corporate Overview 2020 - Detailed
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)SACON - Automating SecOps (Murray Goldschmidt)
SACON - Automating SecOps (Murray Goldschmidt)
 
Tech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of RansomwareTech Demo: Take the Ransom Out of Ransomware
Tech Demo: Take the Ransom Out of Ransomware
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Secure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAltoSecure Access – Anywhere by Prisma, PaloAlto
Secure Access – Anywhere by Prisma, PaloAlto
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Practical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security InstrumentationPractical DevSecOps Using Security Instrumentation
Practical DevSecOps Using Security Instrumentation
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service RisksWebinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
Check point Infinity Overview
Check point Infinity OverviewCheck point Infinity Overview
Check point Infinity Overview
 

Similaire à Alfresco Virtual DevCon 2020 - Security First!

Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
Amazon Web Services
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
Mighty Guides, Inc.
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summits
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Software Integrity Group
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
Moshe Ferber
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
Rockwell Automation
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporePractical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Amazon Web Services
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
DevOps Indonesia
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
AT-NET Services, Inc. - Charleston Division
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
AppSense
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
Mohd Anwar Jamal Faiz
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
DevOps.com
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
Savinder Puri
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
Splunk
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 

Similaire à Alfresco Virtual DevCon 2020 - Security First! (20)

Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Building Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT PracticesBuilding Security Into Your Cloud IT Practices
Building Security Into Your Cloud IT Practices
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
RA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I startRA TechED 2019 - SS16 - Security Where and Why do I start
RA TechED 2019 - SS16 - Security Where and Why do I start
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_SingaporePractical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
 
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SCCyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
Cyber Security for Non-Technical Executives (SC GMIS) Columbia, SC
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksSecurity Across the Cloud Native Continuum with ESG and Palo Alto Networks
Security Across the Cloud Native Continuum with ESG and Palo Alto Networks
 
The Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdfThe Challenge of Integrating Security Solutions with CI.pdf
The Challenge of Integrating Security Solutions with CI.pdf
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 

Dernier

WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
ssuserad3af4
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
YousufSait3
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
GohKiangHock
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
Yara Milbes
 

Dernier (20)

WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
316895207-SAP-Oil-and-Gas-Downstream-Training.pptx
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code KataHand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User Validation Code Kata
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
SMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API ServiceSMS API Integration in Saudi Arabia| Best SMS API Service
SMS API Integration in Saudi Arabia| Best SMS API Service
 

Alfresco Virtual DevCon 2020 - Security First!

  • 1. Security First! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley
  • 2. Objective © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 2 To empower Alfresco development teams to implement their solutions in a secure manner.
  • 3. Agenda © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 3 SECURITY REQUIREMENTS SECURE DEVELOPMENT CLOUD SECURITY RESOURCES
  • 4. Security Requirements © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 4 Understand Current State Security Authentication Authorization Content Security Regulations Governance Controlled Distribution Redaction Annotation Compliance Going Paperless Business Continuity Business Process Automation Auditing Detect mass downloads or deletions Viruses & Malware
  • 5. Alfresco and Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 5 › Core Alfresco Features › Alfresco Enterprise Viewer › Alfresco Governance Services › Alfresco Cloud › Alfresco Encrypted Content Store › Core Alfresco Architecture › SAML Single Sign-On › Identity Services › Vulnerability Alerts › Partner Solutions
  • 6. Alfresco and Security Tips & Tricks Alfresco Security Best Practices Checklist https://www.slideshare.net/toniblyx/alfresco- security-best-practices-check-list-only © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 6 Alfresco’s configuration can be tweaked in many ways. The Alfresco Security Best Practices Checklist presented by Toni de la Fuente details recommended configurations. This document is five years old, but still has many useful recommendations. For example: • Disable Unneeded services • Change File Permissions • Encrypt Passwords
  • 7. Alfresco and Security Tips & Tricks Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption-atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 7 Additional Alfresco Security presentations with valuable tips and tricks:
  • 8. Developer Security Myths 1. Security is just a task. 2. Security is just a feature. 3. You need to be a security expert. 4. We have a security team so we’re okay. 5. This project is a small target. Hackers won’t bother. 6. We need to overhaul everything to be secure. 7. Security can wait until the end. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 8
  • 9. Building A Secure Development Culture Security Training Onboarding/Offboarding Checklist Add Security to your Agenda Be Ready for an Incident Have an Escalation Path Have a Contained Sandbox © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 9
  • 10. Have a Developer Code of Conduct © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 10 1. Only Ship Quality Software 2. Stable Productivity 3. Inexpensive Adaptability 4. Continuous Improvement 5. Fearless Competence 6. Extreme Quality 7. QA Will Find Nothing! 8. Automation 9. Honest Estimates 10. Say No When We Can't Commit 11. Continuous Aggressive Learning 12. Mentor Each Other 13. Not Be A Knowledge Silo 14. Be Safe *This list is influenced by Robert C. Martin’s presentation: “The Reasonable Expectations of your CTO” https://vimeo.com/54025415
  • 11. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 11 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer
  • 12. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 12 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Where is Security?
  • 13. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 13 Test Driven Development Clean Code Agile Practices OOD Principles Thinking & Learning Configuration Management Patterns & Practices Infrastructure as Code Continuous Integration & Deployment Separate Environments Automation Unit Testing Mock Objects Kata Test/Design Smells Readability Acceptance Testing TDD Cycle Code Enterprise Integration Incorporation of Patterns Refactoring Collective Ownership Sprints Kanban Boards Retrospectives DRY Automation Reviewing Code TDD Integrate Early & Often Mentoring Getting in the Zone Novice to Expert Debugging Expert Learning Leverage Experience SOLID Law of Demeter Polymorphism Inheritance Encapsulation Avoid Procedural Prog. Examples Readability Naming Functions Comments Formatting Objects & Data Structures Error Handling Classes Smells Professional Developer Security is Pervasive!
  • 14. Secure Development – Automated Builds Manage the Security Risk of Using Third-Party Components “Dependency Management” Use Approved Tools Perform Static Analysis Security Testing Perform Dynamic Analysis Security Testing Penetration Testing Track New Vulnerabilities, Release Notes © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 14
  • 15. Secure Development – Monitoring & Analytics Safe Logging Log Collection, Archival & Access Define Metrics and Compliance Reporting Triggered Alerts © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 15
  • 16. Secure Development – Incident Response “Better to have, and not need, than to need, and not have” F. Kafka © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 16
  • 17. Any organization looking to establish their own incident response plan can benefit from the below best practices: https://msrc-blog.microsoft.com/2019/07/01/inside-the-msrc-building-your-own-security-incident-response-process/ Secure Development – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 17 Plan Stakeholder support Practice Leadership Empower Communication Collaborate Multithread Synch Learn
  • 18. Secure Development – Incident Handling Checklist Computer Security Incident Handling Guide Incident Handling Checklist https://nvlpubs.nist.gov/nistpubs/SpecialPublic ations/NIST.SP.800-61r2.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 18
  • 19. Shared Responsibility Model © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 19 In the cloud, security is a partnership with your vendor. You need to be aligned on security responsibilities.
  • 20. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 20 Shared Responsibility Model - AWS
  • 21. © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 21 Shared Responsibility Model - Azure
  • 22. Cloud Security © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 22 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer OperationsMost Cloud Vendors have similar Security Concerns. These concerns can be grouped into six areas. Recommendations & Policies Cloud Security
  • 23. Cloud Security Basics – Data Protection © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 23 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Encrypt data at rest Encrypt data in transit Protect data in use Use mechanisms to keep people away from data Recommendations & Policies Cloud Security
  • 24. Cloud Security Basics – Identity Access Management © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 24 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Secure your account Use Centralized Identity Provider Use Multi-Factor Authentication Store Secrets Securely Recommendations & Policies Cloud Security
  • 25. Cloud Security Basics – Detection & Monitoring © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 25 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Service and Application logging Monitoring and Alerts Investigate Events Use Analytics to discover malicious behavior Automatic Escalation of Events Recommendations & Policies Cloud Security
  • 26. Cloud Security Basics – Incident Response © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 26 Data Protection Identity Access Management Detection & MonitoringIncident Response Developer Operations Have an Incident Plan Practice Responding to Events Ensure security contacts are valid and notified. Automate Responses where possible Recommendations & Policies Cloud Security
  • 27. Cloud Security Basics – Recommendations & Policies © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 27 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Follow Vendor Recommendations Patch everything Secure Endpoints, Firewall, Network Define & Audit Policies Recommendations & Policies Cloud Security
  • 28. Cloud Security Basics – Developer Operations © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 28 Data Protection Identity Access Management Detection & Monitoring Incident Response Developer Operations Infrastructure as Code Continuous Integration & Deployment/Delivery Automation Release Management Auto-Scale & Load Testing Security Testing Recommendations & Policies Cloud Security
  • 29. Additional References and Recommended Reading Setting up authentication and security https://docs.alfresco.com/6.2/concepts/auth-intro.html Alfresco Security Best Practices Guide https://www.slideshare.net/toniblyx/alfresco-security-best-practices-guide Tech Talk Live #110: Alfresco Security Best Practices & Tips https://youtu.be/qEFHmsEV4bc Alfresco DevCon 2019: Encryption at-rest and in-transit https://www.slideshare.net/toniblyx/alfresco-devcon-2019-encryption- atrest-and-intransit © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 29
  • 30. Additional References and Recommended Reading AWS Security Checklist https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pd f AWS Well-Architected Framework https://aws.amazon.com/architecture/well-architected/ AWS Well-Architected Framework: Security Pillar https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf AWS Shared Responsibility Model https://aws.amazon.com/compliance/shared-responsibility-model/ © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 30
  • 31. Additional References and Recommended Reading Azure operational security checklist https://docs.microsoft.com/en-us/azure/security/fundamentals/operational-checklist Microsoft Security Development Lifecycle https://www.microsoft.com/en-us/securityengineering/sdl/practices Planning and operations guide https://docs.microsoft.com/en-us/azure/security-center/security-center-planning- and-operations-guide Shared responsibility in the cloud https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 31
  • 32. Additional References and Recommended Reading Cloud-native security practices in IBM Cloud https://www.ibm.com/cloud/architecture/files/ibm-cloud-security- white-paper.pdf IBM Cloud Security: An Essential Guide https://www.ibm.com/cloud/learn/cloud-security IBM Cloud Security https://www.ibm.com/security/cloud Shared responsibilities for using IBM Cloud offerings https://cloud.ibm.com/docs/overview?topic=overview-shared- responsibilities © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 32
  • 33. Additional References and Recommended Reading Google Cloud security best practices center https://cloud.google.com/security/best-practices Best practices for enterprise organizations https://cloud.google.com/docs/enterprise/best- practices-for-enterprise-organizations Google Cloud security foundations guide https://services.google.com/fh/files/misc/google- cloud-security-foundations-guide.pdf © MICRO STRATEGIES, INC. ALL RIGHTS RESERVED. 33
  • 34. Thank You! Alfresco Virtual DevCon 2020, Day 2 [September 16, 2020] Jason Jolley – Director, Application Development jjolley@microstrat.com@jasonjolley

Notes de l'éditeur

  1. Hi there. Thank you for coming to my talk on Security and Development
  2. It is not a question of “if” but “when” Security is important for EVERYONE Secure By Design Security & Quality are Interdependent! What – he’s gone? I have to remove him from x.. Multiple backups -current backup or current resume Sandbox needs to be separate from other environment
  3. Security is Pervasive?
  4. Security is Pervasive?
  5. Security is Pervasive?