SlideShare une entreprise Scribd logo

Attacking Pipelines--Security meets Continuous Delivery

James Wickett
James Wickett

Talk given at ISC2 Secure SDLC event in Austin, TX The release velocity for our applications is increasing, often leaving security testing behind. In some cases, the security team ends up being the bottleneck. That's bad. In an idyllic world, security testing would happen earlier in the development lifecycle, but lets do one better. Lets do security testing on every code change. Using automation tooling and DevOps practices, this talk will help you tune security testing to your release cadence and more importantly help you deliver more rugged software.

Technologie
1  sur  96
Télécharger pour lire hors ligne
Goal: Equip you with the Theory, Examples and Tooling so that you can begin Your rugged journey with an attacking pipeline you can lovingly call your very own
James Wickett james@gauntlt.org Austin, TX Gauntlt Core Team DevOps Days Austin Organizer Velocity, LASCON, ISC2, AppSecUSA, B-Sides, …
Why does this matter?
“I want to solve a problem so we can make awesome” - Business
CIO say whut?
…in 2 years with an expensive, bloated project that is so fragile that we can only make changes to it 4 times a year and only after the sacred upgrade rituals are performed
CISO say whut?
Biz say whut?
Just Ship It!
SPOILER ALERT!
the business wins
How did we get here?
Software has Changed
Software as a Service
Software as Bricolage
Bolt on Feature Approach
Fragile Code as a Service
Deploy Timelines Have Changed
Dev and Ops have teamed up in this new world
http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
DevOps is 5 years old now
The security organization is stuck in 1997 … mostly
Why is that?
Compliance Driven Culture: PCI, SOX, …
Ratio Problem Devs / Ops / Security 100 / 10 / 1
Security Tools are run out-of-band
But, there is hope
https://speakerdeck.com/garethr/security-monitoring-penetration-testing-meets-monitoring
http://www.youtube.com/watch?v=jQblKuMuS0Y
The Society of Rugged Developers ! ruggeddev.org
Rugged Journey Quality Transparency Value Creation Culture infusion
#RuggedDevOps
http://www.slideshare.net/wickett/putting-rugged-into-your-devops-toolchain
Pipelines!
Continuous Integration
commit -> test -> deploy
github -> travis -> s3
git -> jenkins -> rundeck
you can now answer the question of what is deployed and how it was tested
Simple is better
Continuous Integration Options On premise: Jenkins Cloud hosted: Travis CI, Circle CI, CloudBees, Wercker, Shippable, Drone.io… Or a mix: DotCI
Attacking Pipeline Guide Check your app/service/thing into a github repo Create some security tests Setup Travis CI to talk to your repo Create a .travis.yml file Write code, write moar security tests…
Try this at home
github.com/gauntlt/gauntlt-demo Fork This
What is gauntlt-demo Contains vulnerable web apps written in python and ruby on rails Easy hooks for spinning up the apps Contains labs and examples for writing attacks An attacking pipeline Travis CI to attack the web apps
Installation $ git clone https://github.com/gauntlt/ gauntlt-demo $ cd ./gauntlt-demo $ git submodule update --init --recursive $ bundle
$ bundle exec start_services config/gruyere.rb
http://localhost:8008/
Attacking Pipeline Guide Check your app/service/thing into a github repo Create some security tests Setup Travis CI to talk to your repo Create a .travis.yml file Write code, write moar security tests…
Security Testing Static Code Analysis Dynamic Testing Virus Scanning Code Signing Checks Business logic/flow testing
convert thy pdf to tests!
Wouldn’t it be great if we could automate our security tests…
http://static.hothdwallpaper.net/51b8e4ee5a5ae19808.jpg
Security + Cucumber = Gauntlt
Built on Cucumber
Gauntlt Philosophy Gauntlt comes with pre-canned steps that hook security testing tools Gauntlt does not install tools Gauntlt can be part of the CI/CD pipeline Be a good citizen of exit status and stdout/stderr MIT Open Source License
Who uses Gauntlt?
TLDR; ! Gauntlt automates security tools
Attack Logic GIVEN WHEN THEN
Let’s automate two attacks
Garmr is Mozilla Security policy distilled for the rest of us
Check for XSS
Rake require 'gauntlt' task :gauntlt do sh "cd ./vendor/gruyere && ./manual_launch.sh && cd ../.." sh "cd ./examples && bundle exec gauntlt --tags @final && cd .." sh "cd ./vendor/gruyere && ./manual_kill.sh && cd ../.." end
Attacking Pipeline Guide Check your app/service/thing into a github repo Create some security tests Setup Travis CI to talk to your repo Create a .travis.yml file Write code, write moar security tests…
Let’s set up the pipeline
Setup Travis CI Go to travis-ci.org, login with github credentials Find the repo you cloned (might need to sync) Flip the switch ‘on’
Attacking Pipeline Guide Check your app/service/thing into a github repo Create some security tests Setup Travis CI to talk to your repo Create a .travis.yml file Write code, write moar security tests…
.travis.yml language: ruby rvm: - 1.9.3 before_install: - git submodule update --init -- recursive
.travis.yml before_script: - sudo apt-get install nmap - export SSLYZE_PATH="/home/travis/build/ gauntlt/gauntlt-demo/vendor/sslyze/sslyze.py" - export SQLMAP_PATH="/home/travis/build/ gauntlt/gauntlt-demo/vendor/sqlmap/sqlmap.py" - 'cd vendor/Garmr && sudo python setup.py install && cd ../..'
.travis.yml script: bundle exec rake
.travis.yml notifications: irc: channels: - “chat.freenode.net#gauntlt" use_notice: true
.travis.yml deploy: provider: s3 access_key_id: ASDBDSABDASDBDSDASD secret_access_key: secure:dasjdkla;sdjsakdsadasd bucket: build-artifacts
Sahweet!
Attacking Pipeline Guide Check your app/service/thing into a github repo Create some security tests Setup Travis CI to talk to your repo Create a .travis.yml file Write code, write moar security tests…
https://speakerdeck.com/mkonda/appsecusa-2013-insecure-expectations http://vimeo.com/75930344
more on gauntlt • Google Group > https://groups.google.com/d/ forum/gauntlt • Wiki > https://github.com/gauntlt/gauntlt/wiki • Twitter > @gauntlt • IRC > #gauntlt on freenode • Issue tracking > http://github.com/gauntlt/gauntlt
https://vimeo.com/79797907
50% off Gauntlt Book leanpub.com/hands-on-gauntlt/c/austin-sdlc Caveat Emptor: Under development! Valid until June 15th
Questions? ! twitter: @wickett email: james@gauntlt.org

Recommandé

Scrum Team Workshop Training Agenda
Scrum Team Workshop Training AgendaScrum Team Workshop Training Agenda
Scrum Team Workshop Training Agenda
Karlo Magdic
 
Hablemos de Agilidad y de Scrum
Hablemos de Agilidad y de ScrumHablemos de Agilidad y de Scrum
Hablemos de Agilidad y de Scrum
Jorge Hernán Abad Londoño
 
Squad health-check-model v2-fr
Squad health-check-model v2-frSquad health-check-model v2-fr
Squad health-check-model v2-fr
Fabrice Aimetti
 
Clean Code: Successive Refinement
Clean Code: Successive RefinementClean Code: Successive Refinement
Clean Code: Successive Refinement
Ali A Jalil
 
Introduction à l'agilité ensmse
Introduction à l'agilité ensmseIntroduction à l'agilité ensmse
Introduction à l'agilité ensmse
agnes_crepet
 
Agile Coaching Growth Wheel intro report
Agile Coaching Growth Wheel intro reportAgile Coaching Growth Wheel intro report
Agile Coaching Growth Wheel intro report
Frederik Vannieuwenhuyse
 
Kanban pizza game
Kanban pizza gameKanban pizza game
Kanban pizza game
Ralf Kruse
 
Porque estimar e porque deixar de estimar
Porque estimar e porque deixar de estimarPorque estimar e porque deixar de estimar
Porque estimar e porque deixar de estimar
Rodrigo Yoshima
 

Recommandé

Scrum Team Workshop Training Agenda
Scrum Team Workshop Training AgendaScrum Team Workshop Training Agenda
Scrum Team Workshop Training Agenda
Karlo Magdic
 
Hablemos de Agilidad y de Scrum
Hablemos de Agilidad y de ScrumHablemos de Agilidad y de Scrum
Hablemos de Agilidad y de Scrum
Jorge Hernán Abad Londoño
 
Squad health-check-model v2-fr
Squad health-check-model v2-frSquad health-check-model v2-fr
Squad health-check-model v2-fr
Fabrice Aimetti
 
Clean Code: Successive Refinement
Clean Code: Successive RefinementClean Code: Successive Refinement
Clean Code: Successive Refinement
Ali A Jalil
 
Introduction à l'agilité ensmse
Introduction à l'agilité ensmseIntroduction à l'agilité ensmse
Introduction à l'agilité ensmse
agnes_crepet
 
Agile Coaching Growth Wheel intro report
Agile Coaching Growth Wheel intro reportAgile Coaching Growth Wheel intro report
Agile Coaching Growth Wheel intro report
Frederik Vannieuwenhuyse
 
Kanban pizza game
Kanban pizza gameKanban pizza game
Kanban pizza game
Ralf Kruse
 
Porque estimar e porque deixar de estimar
Porque estimar e porque deixar de estimarPorque estimar e porque deixar de estimar
Porque estimar e porque deixar de estimar
Rodrigo Yoshima
 
Agile fakty i mity
Agile fakty i mityAgile fakty i mity
Agile fakty i mity
Krystian Kaczor
 
10 Deploys a Day - A Case Study of Continuous Delivery at Envato
10 Deploys a Day - A Case Study of Continuous Delivery at Envato10 Deploys a Day - A Case Study of Continuous Delivery at Envato
10 Deploys a Day - A Case Study of Continuous Delivery at Envato
John Viner
 
Project Management With Scrum
Project Management With ScrumProject Management With Scrum
Project Management With Scrum
Tommy Norman
 
Agile Basics / Fundamentals
Agile Basics / FundamentalsAgile Basics / Fundamentals
Agile Basics / Fundamentals
sparkagility
 
PMI-ACP Training Deck
PMI-ACP Training DeckPMI-ACP Training Deck
PMI-ACP Training Deck
wjperez0629
 
Introducción a git y git hub
Introducción a git y git hubIntroducción a git y git hub
Introducción a git y git hub
Miguel Ascanio Gómez
 
5.objetivos do curso garçon
5.objetivos do curso garçon5.objetivos do curso garçon
5.objetivos do curso garçon
Lca Treinamentos
 
Standardization and strategy in agile
Standardization and strategy in agileStandardization and strategy in agile
Standardization and strategy in agile
Naveen Gupta
 
Materi Training Leadership Skills
Materi Training Leadership SkillsMateri Training Leadership Skills
Materi Training Leadership Skills
Yodhia Antariksa
 
The Lego Kanban Game
The Lego Kanban GameThe Lego Kanban Game
The Lego Kanban Game
Liz Keogh
 
Introdução de Kanban para Equipes Scrum
Introdução de Kanban para Equipes ScrumIntrodução de Kanban para Equipes Scrum
Introdução de Kanban para Equipes Scrum
Camilo Almendra
 
The high performance tree
The high performance treeThe high performance tree
The high performance tree
Merlyn Jyothi
 
Release Train Engineer - the Master Scrum Master
Release Train Engineer - the Master Scrum Master Release Train Engineer - the Master Scrum Master
Release Train Engineer - the Master Scrum Master
Mia Horrigan
 
Software Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesSoftware Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code Games
Mike Clement
 
Directive Coaching - Meeting Intervention
Directive Coaching - Meeting InterventionDirective Coaching - Meeting Intervention
Directive Coaching - Meeting Intervention
Ikhwan Sopa
 
Scrum - As Regras do Jogo segundo o Guia do Scrum
Scrum - As Regras do Jogo segundo o Guia do ScrumScrum - As Regras do Jogo segundo o Guia do Scrum
Scrum - As Regras do Jogo segundo o Guia do Scrum
André Borgonovo
 
Gerenciamento de tempo
Gerenciamento de tempoGerenciamento de tempo
Gerenciamento de tempo
Lucas Pedrosa
 
Agile & Scrum Training
Agile & Scrum TrainingAgile & Scrum Training
Agile & Scrum Training
Conscires Agile Practices
 
Metrics in Agile: SCRUM, XP and Agile Methods
Metrics in Agile: SCRUM, XP and Agile MethodsMetrics in Agile: SCRUM, XP and Agile Methods
Metrics in Agile: SCRUM, XP and Agile Methods
Mihir Thuse
 
Agile metrics for predicting the future
Agile metrics for predicting the futureAgile metrics for predicting the future
Agile metrics for predicting the future
Mattia Battiston
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
The "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/OpsThe "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/Ops
Erik Osterman
 

Contenu connexe

Tendances

Agile fakty i mity
Agile fakty i mityAgile fakty i mity
Agile fakty i mity
Krystian Kaczor
 
Standardization and strategy in agile
Standardization and strategy in agileStandardization and strategy in agile
Standardization and strategy in agile
Naveen Gupta
 
Software Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesSoftware Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code Games
Mike Clement
 
Scrum - As Regras do Jogo segundo o Guia do Scrum
Scrum - As Regras do Jogo segundo o Guia do ScrumScrum - As Regras do Jogo segundo o Guia do Scrum
Scrum - As Regras do Jogo segundo o Guia do Scrum
André Borgonovo
 

Tendances (20)

Agile fakty i mity
Agile fakty i mityAgile fakty i mity
Agile fakty i mity
 
10 Deploys a Day - A Case Study of Continuous Delivery at Envato
10 Deploys a Day - A Case Study of Continuous Delivery at Envato10 Deploys a Day - A Case Study of Continuous Delivery at Envato
10 Deploys a Day - A Case Study of Continuous Delivery at Envato
 
Project Management With Scrum
Project Management With ScrumProject Management With Scrum
Project Management With Scrum
 
Agile Basics / Fundamentals
Agile Basics / FundamentalsAgile Basics / Fundamentals
Agile Basics / Fundamentals
 
PMI-ACP Training Deck
PMI-ACP Training DeckPMI-ACP Training Deck
PMI-ACP Training Deck
 
Introducción a git y git hub
Introducción a git y git hubIntroducción a git y git hub
Introducción a git y git hub
 
5.objetivos do curso garçon
5.objetivos do curso garçon5.objetivos do curso garçon
5.objetivos do curso garçon
 
Standardization and strategy in agile
Standardization and strategy in agileStandardization and strategy in agile
Standardization and strategy in agile
 
Materi Training Leadership Skills
Materi Training Leadership SkillsMateri Training Leadership Skills
Materi Training Leadership Skills
 
The Lego Kanban Game
The Lego Kanban GameThe Lego Kanban Game
The Lego Kanban Game
 
Introdução de Kanban para Equipes Scrum
Introdução de Kanban para Equipes ScrumIntrodução de Kanban para Equipes Scrum
Introdução de Kanban para Equipes Scrum
 
The high performance tree
The high performance treeThe high performance tree
The high performance tree
 
Release Train Engineer - the Master Scrum Master
Release Train Engineer - the Master Scrum Master Release Train Engineer - the Master Scrum Master
Release Train Engineer - the Master Scrum Master
 
Software Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code GamesSoftware Craftsmanship and Agile Code Games
Software Craftsmanship and Agile Code Games
 
Directive Coaching - Meeting Intervention
Directive Coaching - Meeting InterventionDirective Coaching - Meeting Intervention
Directive Coaching - Meeting Intervention
 
Scrum - As Regras do Jogo segundo o Guia do Scrum
Scrum - As Regras do Jogo segundo o Guia do ScrumScrum - As Regras do Jogo segundo o Guia do Scrum
Scrum - As Regras do Jogo segundo o Guia do Scrum
 
Gerenciamento de tempo
Gerenciamento de tempoGerenciamento de tempo
Gerenciamento de tempo
 
Agile & Scrum Training
Agile & Scrum TrainingAgile & Scrum Training
Agile & Scrum Training
 
Metrics in Agile: SCRUM, XP and Agile Methods
Metrics in Agile: SCRUM, XP and Agile MethodsMetrics in Agile: SCRUM, XP and Agile Methods
Metrics in Agile: SCRUM, XP and Agile Methods
 
Agile metrics for predicting the future
Agile metrics for predicting the futureAgile metrics for predicting the future
Agile metrics for predicting the future
 

Similaire à Attacking Pipelines--Security meets Continuous Delivery

Continuous Integration using Cruise Control
Continuous Integration using Cruise ControlContinuous Integration using Cruise Control
Continuous Integration using Cruise Control
elliando dias
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
DevOpsDays Tel Aviv
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
Amazon Web Services
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdf
Amazon Web Services
 
Simplified DevOps Bliss -with OpenAI API
Simplified DevOps Bliss -with OpenAI APISimplified DevOps Bliss -with OpenAI API
Simplified DevOps Bliss -with OpenAI API
VictorSzoltysek
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
Girish Kalamati
 
Integrating_Cloud_Development_Security_And_Operations.pdf
Integrating_Cloud_Development_Security_And_Operations.pdfIntegrating_Cloud_Development_Security_And_Operations.pdf
Integrating_Cloud_Development_Security_And_Operations.pdf
Amazon Web Services
 

Similaire à Attacking Pipelines--Security meets Continuous Delivery (20)

Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
The "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/OpsThe "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/Ops
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
CICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker HubCICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker Hub
 
Gitlab ci, cncf.sk
Gitlab ci, cncf.skGitlab ci, cncf.sk
Gitlab ci, cncf.sk
 
Security Testing with Zap
Security Testing with ZapSecurity Testing with Zap
Security Testing with Zap
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Continuous Integration using Cruise Control
Continuous Integration using Cruise ControlContinuous Integration using Cruise Control
Continuous Integration using Cruise Control
 
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
All you need is Zap - Omer Levi Hevroni & Yshay Yaacobi - DevOpsDays Tel Aviv...
 
DEV326_DevOps Essentials An Introductory Workshop on CICD Practices
DEV326_DevOps Essentials An Introductory Workshop on CICD PracticesDEV326_DevOps Essentials An Introductory Workshop on CICD Practices
DEV326_DevOps Essentials An Introductory Workshop on CICD Practices
 
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
Adopt DevOps philosophy on your Symfony projects (Symfony Live 2011)
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Intro to DevOps 4 undergraduates
Intro to DevOps 4 undergraduates Intro to DevOps 4 undergraduates
Intro to DevOps 4 undergraduates
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdf
 
Simplified DevOps Bliss -with OpenAI API
Simplified DevOps Bliss -with OpenAI APISimplified DevOps Bliss -with OpenAI API
Simplified DevOps Bliss -with OpenAI API
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Deploying R for Production - SRUG
Deploying R for Production - SRUGDeploying R for Production - SRUG
Deploying R for Production - SRUG
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
 
Integrating_Cloud_Development_Security_And_Operations.pdf
Integrating_Cloud_Development_Security_And_Operations.pdfIntegrating_Cloud_Development_Security_And_Operations.pdf
Integrating_Cloud_Development_Security_And_Operations.pdf
 

Plus de James Wickett

A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
James Wickett
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
James Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
James Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
James Wickett
 

Plus de James Wickett (20)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018
 
DevSecOps and the New Path Forward
DevSecOps and the New Path ForwardDevSecOps and the New Path Forward
DevSecOps and the New Path Forward
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Attacking Pipelines--Security meets Continuous Delivery