SlideShare a Scribd company logo

DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

Download as PPTX, PDF
OWASP Nagpur
OWASP Nagpur

Introduction to DevSecOps by Mr.Tushar Joshi on OWASP Nagpur's Monthly Meet (OWASP Nagpur Meet #5)

Software
1 of 10
Introduction to DevSecOps Tushar Joshi Senior Architect @ Persistent Systems 12 May 2019 @ OWASP Nagpur Meetup
Need for DevSecOps • Full StackOverflow Development • DevOps accelerate the speed of development • Security controls from Security Specialists non-scalable • Security must be primary concern of development team
What is DevOps • A new role? • Partnership/communication/empathy between Dev and Ops • CI/CD Tools? • Automation? • Self Service? • Techniques like feature flags or traffic shaping? • Move fast and break things? • Culture change( systems thinking, continuous improvements?)
DevOps IS • Empowered engineering teams • Taking ownership of how the product/application • Performs in Production
Mature DevOps Practices • Develop in TRUNK • No long lived branches • Short branches – code review, release changes, security scanning • Dead end release branch OK • Feature behind flags, toggles, traffic shaping • Automated validation, automated push to prod
What is Dev[Sec]Ops • Thinking of security as a primary concern • Empowered engineering teams • Taking ownership of how their product/application • Performs in production [including security]
Dev[Sec]Ops Manifesto • Build security in • more than bolt it on • Rely on empowered engineering teams • more than security specialists • Implement features securely • more than security features • Rely on continuous learning • more than end-of-phase gates • Build on culture change • more than policy enforcement
DevSecOps Tool Landscape
Thank You! There are no silly questions!
References • https://www.youtube.com/watch?v=BA9DqsgfgRQ • https://linkedIn.com/in/LarryMaccherone • https://www.devsecopsdays.com/articles/devsecops-securing- software-in-a-devops-world • https://christianheilmann.com/2015/07/17/the-full-stackoverflow- developer/ • https://snyk.io/opensourcesecurity-2019/ • https://prezi.com/view/zhn9TQFjQexTQqQk5jwT/ • https://www.devsecopsdays.com/articles/trust-algorithm-applied-to- devsecops

Recommended

DevOps
DevOpsDevOps
DevOpsRavneetArora
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07Jorge Hidalgo
 
DevOps
DevOpsDevOps
DevOpsAbhay Kumar
 
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTSDevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTSSolidify
 
Continuous integration
Continuous integrationContinuous integration
Continuous integrationAbhay Kumar
 
DevOps Overview
DevOps OverviewDevOps Overview
DevOps OverviewOmri Spector
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Vimal Suba
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionJagatveer Singh
 

Recommended

DevOps
DevOpsDevOps
DevOpsRavneetArora
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07Jorge Hidalgo
 
DevOps
DevOpsDevOps
DevOpsAbhay Kumar
 
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTSDevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTSSolidify
 
Continuous integration
Continuous integrationContinuous integration
Continuous integrationAbhay Kumar
 
DevOps Overview
DevOps OverviewDevOps Overview
DevOps OverviewOmri Spector
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Vimal Suba
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps IntroductionJagatveer Singh
 
DevOps presentation
DevOps presentationDevOps presentation
DevOps presentationAxsh Co. LTD
 
DevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsDevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsTonex
 
DevOps
DevOps DevOps
DevOps Hakan Yüksel
 
Devops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMADevops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMAArnaud Héritier
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyDevOps.com
 
An Overview Of Silverlight 2
An Overview Of Silverlight 2An Overview Of Silverlight 2
An Overview Of Silverlight 2Clint Edmonson
 
Implementing DevOps In Practice
Implementing DevOps In PracticeImplementing DevOps In Practice
Implementing DevOps In PracticeZoltán Németh
 
Super Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOpsSuper Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOpsSpyros Lambrinidis
 
Deploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilityDeploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilitySpyros Lambrinidis
 
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011Kapil Mohan
 
Devops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for HorsesDevops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for HorsesBoonNam Goh
 
Achieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the EnterpriseAchieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the EnterpriseCollabNet
 
BASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examplesBASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examplesGiulio Vian
 
Infragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagmentInfragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagmentChris Riley ☁
 
The Human Side of DevSecOps
The Human Side of DevSecOpsThe Human Side of DevSecOps
The Human Side of DevSecOpsJules Pierre-Louis
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introductionChristian F. Nissen
 
DevOps
DevOpsDevOps
DevOpsGehad Elsayed
 
Very first introduction to DevOps
Very first introduction to DevOps Very first introduction to DevOps
Very first introduction to DevOps Hien Nguyen
 
The Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration ManagementThe Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration ManagementJules Pierre-Louis
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsSeaLights
 
Testing in DevOps world
Testing in DevOps worldTesting in DevOps world
Testing in DevOps worldMoataz Nabil
 
Dev ops concept
Dev ops conceptDev ops concept
Dev ops conceptProfessional Guru
 

More Related Content

What's hot

DevOps presentation
DevOps presentationDevOps presentation
DevOps presentationAxsh Co. LTD
 
DevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsDevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsTonex
 
Devops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMADevops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMAArnaud Héritier
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyDevOps.com
 
An Overview Of Silverlight 2
An Overview Of Silverlight 2An Overview Of Silverlight 2
An Overview Of Silverlight 2Clint Edmonson
 
Implementing DevOps In Practice
Implementing DevOps In PracticeImplementing DevOps In Practice
Implementing DevOps In PracticeZoltán Németh
 
Super Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOpsSuper Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOpsSpyros Lambrinidis
 
Deploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilityDeploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilitySpyros Lambrinidis
 
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011Kapil Mohan
 
Devops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for HorsesDevops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for HorsesBoonNam Goh
 
Achieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the EnterpriseAchieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the EnterpriseCollabNet
 
BASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examplesBASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examplesGiulio Vian
 
Infragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagmentInfragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagmentChris Riley ☁
 
Very first introduction to DevOps
Very first introduction to DevOps Very first introduction to DevOps
Very first introduction to DevOps Hien Nguyen
 
The Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration ManagementThe Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration ManagementJules Pierre-Louis
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsSeaLights
 

What's hot (20)

DevOps presentation
DevOps presentationDevOps presentation
DevOps presentation
 
DevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsDevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD Professionals
 
DevOps
DevOps DevOps
DevOps
 
Devops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMADevops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMA
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps Journey
 
An Overview Of Silverlight 2
An Overview Of Silverlight 2An Overview Of Silverlight 2
An Overview Of Silverlight 2
 
Implementing DevOps In Practice
Implementing DevOps In PracticeImplementing DevOps In Practice
Implementing DevOps In Practice
 
Super Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOpsSuper Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOps
 
Deploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilityDeploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragility
 
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
 
Devops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for HorsesDevops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for Horses
 
Achieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the EnterpriseAchieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the Enterprise
 
BASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examplesBASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examples
 
Infragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagmentInfragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagment
 
The Human Side of DevSecOps
The Human Side of DevSecOpsThe Human Side of DevSecOps
The Human Side of DevSecOps
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
DevOps
DevOpsDevOps
DevOps
 
Very first introduction to DevOps
Very first introduction to DevOps Very first introduction to DevOps
Very first introduction to DevOps
 
The Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration ManagementThe Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration Management
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOps
 

Similar to DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

Testing in DevOps world
Testing in DevOps worldTesting in DevOps world
Testing in DevOps worldMoataz Nabil
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatMarc Hornbeek
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseTonex
 
DevOps, from inception to conclusion
DevOps, from inception to conclusionDevOps, from inception to conclusion
DevOps, from inception to conclusionAbhishek Gaurav
 
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP AhmedabadIntroduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabadkunwaratul hax0r
 
Best Practices & Tools for DevOps Testing Strategy.pdf
Best Practices & Tools for DevOps Testing Strategy.pdfBest Practices & Tools for DevOps Testing Strategy.pdf
Best Practices & Tools for DevOps Testing Strategy.pdfRohitBhandari66
 
Dg-DevOps_seminar.pptx
Dg-DevOps_seminar.pptxDg-DevOps_seminar.pptx
Dg-DevOps_seminar.pptxArunRangrej1
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOpsCprime
 
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017Amazon Web Services
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!Sandeep Joshi
 
The Road to DevOps V3
The Road to DevOps V3The Road to DevOps V3
The Road to DevOps V3Ahmed Misbah
 
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxGCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxTalluriRenuka
 
DevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software DeliveryDevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software DeliveryNajib Radzuan
 

Similar to DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019 (20)

Testing in DevOps world
Testing in DevOps worldTesting in DevOps world
Testing in DevOps world
 
Dev ops concept
Dev ops conceptDev ops concept
Dev ops concept
 
Dev ops
Dev opsDev ops
Dev ops
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and What
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
 
DevOps, from inception to conclusion
DevOps, from inception to conclusionDevOps, from inception to conclusion
DevOps, from inception to conclusion
 
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP AhmedabadIntroduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabad
 
Dev ops
Dev opsDev ops
Dev ops
 
Best Practices & Tools for DevOps Testing Strategy.pdf
Best Practices & Tools for DevOps Testing Strategy.pdfBest Practices & Tools for DevOps Testing Strategy.pdf
Best Practices & Tools for DevOps Testing Strategy.pdf
 
Dg-DevOps_seminar.pptx
Dg-DevOps_seminar.pptxDg-DevOps_seminar.pptx
Dg-DevOps_seminar.pptx
 
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!
 
The Road to DevOps V3
The Road to DevOps V3The Road to DevOps V3
The Road to DevOps V3
 
Portfolio
PortfolioPortfolio
Portfolio
 
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxGCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
 
DevOps and Tools
DevOps and ToolsDevOps and Tools
DevOps and Tools
 
intro to DevOps
intro to DevOpsintro to DevOps
intro to DevOps
 
DevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software DeliveryDevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software Delivery
 

More from OWASP Nagpur

Fortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
Fortifying Ruby on Rails Web Application Framework Security by Sahil TembhareFortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
Fortifying Ruby on Rails Web Application Framework Security by Sahil TembhareOWASP Nagpur
 
Open Source Everything
Open Source EverythingOpen Source Everything
Open Source EverythingOWASP Nagpur
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur
 
OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur
 
OWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur
 

More from OWASP Nagpur (7)

Fortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
Fortifying Ruby on Rails Web Application Framework Security by Sahil TembhareFortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
Fortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
 
Open Source Everything
Open Source EverythingOpen Source Everything
Open Source Everything
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
 
OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101
 
OWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android RE
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
 

Recently uploaded

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Recently uploaded (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

  • 1. Introduction to DevSecOps Tushar Joshi Senior Architect @ Persistent Systems 12 May 2019 @ OWASP Nagpur Meetup
  • 2. Need for DevSecOps • Full StackOverflow Development • DevOps accelerate the speed of development • Security controls from Security Specialists non-scalable • Security must be primary concern of development team
  • 3. What is DevOps • A new role? • Partnership/communication/empathy between Dev and Ops • CI/CD Tools? • Automation? • Self Service? • Techniques like feature flags or traffic shaping? • Move fast and break things? • Culture change( systems thinking, continuous improvements?)
  • 4. DevOps IS • Empowered engineering teams • Taking ownership of how the product/application • Performs in Production
  • 5. Mature DevOps Practices • Develop in TRUNK • No long lived branches • Short branches – code review, release changes, security scanning • Dead end release branch OK • Feature behind flags, toggles, traffic shaping • Automated validation, automated push to prod
  • 6. What is Dev[Sec]Ops • Thinking of security as a primary concern • Empowered engineering teams • Taking ownership of how their product/application • Performs in production [including security]
  • 7. Dev[Sec]Ops Manifesto • Build security in • more than bolt it on • Rely on empowered engineering teams • more than security specialists • Implement features securely • more than security features • Rely on continuous learning • more than end-of-phase gates • Build on culture change • more than policy enforcement
  • 9. Thank You! There are no silly questions!
  • 10. References • https://www.youtube.com/watch?v=BA9DqsgfgRQ • https://linkedIn.com/in/LarryMaccherone • https://www.devsecopsdays.com/articles/devsecops-securing- software-in-a-devops-world • https://christianheilmann.com/2015/07/17/the-full-stackoverflow- developer/ • https://snyk.io/opensourcesecurity-2019/ • https://prezi.com/view/zhn9TQFjQexTQqQk5jwT/ • https://www.devsecopsdays.com/articles/trust-algorithm-applied-to- devsecops