Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security as Code


Published on

Short presentation showing how security can integrate with devops using free open source tools.

Published in: Technology
  • Be the first to comment

Security as Code

  1. 1. Security as Code Apollo Clark
  2. 2. ”Predicting doom from the technology of tomorrow ignores the nightmare of technology today. ” ll: — Taylor Swift
  3. 3. Where does Security fit into DevOps?
  4. 4. Sec
  5. 5. Static Analyzers = $$$ Quarterly Pentests = slow
  6. 6. "Developers can't fix a problem, if they can't reproduce it. "
  7. 7. "Security is another quality gate to clear. Make it reproducab| e."
  8. 8. Rugged Devops
  9. 9. lam rugged and, more importantly, my code is rugged. Irecognize that software has become a foundation of our modern world. Irecognize the awesome responsibility that comes with this foundational role.
  10. 10. [KKlil[L. [| ELHENJUDTXF” “the quieter you become, the more you are able to hear”
  11. 11. + ¢@, + IRE‘; lfliillfi 343333323 "' 3 | Kali Linux Jenkins
  12. 12. @s1ow @announce Feature: Run sq1map against a target # See: # https: //github. com/ sq1mapproject/ sq1map/ wiki/ Usage Scenario: Identify SQL injection vu1nerabi1ities Given "sq1map" is insta11ed And the fo11owing profi1e: I name I va1ue I I target_ur1 I http: //1oca1host:9292/sq1-injection? number_id=1 I when I ‘launch a "sq1map" attack with: python <sq1map_path> —u <target_ur1> --dbms sq1ite ——batch —v 0 ——tab1es Then the output shou1d contain: sq1map identified the fo11owing injection points And the output shou1d not contain: [2 tab1es] + --------------- ——+ I numbers I I sq1ite_sequence I + --------------- ——+ nun
  13. 13. Kev ’ »“" S’ A S7 IT nu Ifiifiiss smst I» / //‘ NLW in-noccou