SlideShare a Scribd company logo

2020 05-tech saturday-devsecops-#2-v03

Download as PPTX, PDF
Diego Gabriel Cardoso
Diego Gabriel Cardoso

This document discusses DevSecOps and integrating security into the development process. It begins with an introduction to methodologies like Waterfall and Agile development. It then explains how DevOps aims to improve speed and collaboration between developers and operations teams. However, security teams are often separate from this process. DevSecOps aims to shift security left into planning, design, and coding to catch vulnerabilities earlier. It outlines how to implement security practices throughout the development cycle, including threat modeling, security scanning tools, training, and testing. The conclusion is that DevSecOps is becoming more important as the need for secure and private software increases.

Technology
1 of 23
Shaping the future of digital business 1CONFIDENTIALGFT GROUP 09/05/20 #Maio - 2020 DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil diego.cardoso@gft.com #DevSecOps #BeTransformationAgent #TechSaturday
• Orgulhoso Filho, Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • + 6 anos trabalhando na GFT • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
Shaping the future of digital business 3CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps Enablement 3. CyberSecurity 4. OWASP 5. DevSecOps
Shaping the future of digital business 4CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
Shaping the future of digital business 5CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
Shaping the future of digital business 6CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
Shaping the future of digital business 7CONFIDENTIALGFT GROUP 09/05/2020 DevOps – Landscape 2019
Shaping the future of digital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 10CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
Shaping the future of digital business 11CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
Shaping the future of digital business 12CONFIDENTIALGFT GROUP DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps – The Evolution of Security Teams
Shaping the future of digital business 13CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #BeTransformationAgent #TechSaturday
Shaping the future of digital business 14CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DevSecOps = DevOps + Security
Shaping the future of digital business 15CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software BUILD insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software RELEASE insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
Shaping the future of digital business 16CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build Repositório de Binários Repositório Código Release Tests Quality Scan Security Scan Configuration Repo Key vault / configuration Branches Policies Monitor Optmize User Stories PO / BA DEV QA OPS SEC Feature Flag Promoção de Pacotes DEV HML PPD Infra Performance Infra Costs Observability PRD Penetration Tests Version = TAG Release = TAG Infra Automation DevSecOps Services: Development Cycle
Shaping the future of digital business 17CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build master hotfix develop feature bugfix Testes Scan Qualidade Scan Segurança TAG: 1.0.0 Repositório de Binários Versão: 1.0.0.20200318-01 Branch Gate Release HML PPD PRD DEV Repositório Configuração Branch Gate Pull-Request Pull-Request Pull-Request DevSecOps: Build & Release
Shaping the future of digital business 18CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Azure Artifacts Azure Pipelines DevSecOps: Build & Release
Shaping the future of digital business 19CONFIDENTIALGFT GROUP SAST DevSecOps – Security Scan Tools (part I) DAST
Shaping the future of digital business 20CONFIDENTIALGFT GROUP IAST DevSecOps – Security Scan Tools (part. II) OSS
Shaping the future of digital business 21CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness and training • Evil Stories ( ethical hacking) • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Are you aware about TOP risks/vulnerabilities (OWASP) ? • Is my application/product protected ? • Is my application/product/code exposing sensitive data or secrets ? • Are my dependencies (3rd party libraries) secure ? Test • SAST + DAST + IAST • Sensitive info scan (SIS) • Composition Analysis (SCA) • Fuzzing (random inputs) • Pen-Test DevSecOps – Leading the Transformation
Shaping the future of digital business 22CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2020
Shaping the future of digital business 23CONFIDENTIALGFT GROUP Maio - 2020 We Innovate, Transform, Deliver DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil diego.cardoso@gft.com Muito Obrigado! Perguntas? #DevSecOps #BeTransformationAgent #TechSaturday

Recommended

DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
 
DevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDiego Gabriel Cardoso
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON
 
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOpsZero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOpsDevSecOps Days
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCSA Argentina
 

Recommended

DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
 
DevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDiego Gabriel Cardoso
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps WorldCA Technologies
 
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]José Vila - ¿Otro parche más? No, por favor. [rooted2018]
José Vila - ¿Otro parche más? No, por favor. [rooted2018]RootedCON
 
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOpsZero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOpsDevSecOps Days
 
Csa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCsa Summit 2017 - Un viaje seguro hacia la nube
Csa Summit 2017 - Un viaje seguro hacia la nubeCSA Argentina
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresPriyanka Aash
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
Containers and Kubernetes without limits
Containers and Kubernetes without limitsContainers and Kubernetes without limits
Containers and Kubernetes without limitsAntje Barth
 
E bpf and profilers
E bpf and profilersE bpf and profilers
E bpf and profilersLibbySchulze
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftAarno Aukia
 
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...Agile Testing Alliance
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsDeborah Schalm
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentPriyanka Aash
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowAmien Harisen Rosyandino
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOpsUchit Vyas ☁
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationVMware Tanzu
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceEmerasoft, solutions to collaborate
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container EnvironmentsTwistlock
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019James Wickett
 
General presentation - Bitcraft
General presentation - Bitcraft General presentation - Bitcraft
General presentation - Bitcraft Kamila Katyal
 
Jose_Casorla_resume
Jose_Casorla_resumeJose_Casorla_resume
Jose_Casorla_resumeJoseCasorla1
 
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)Logico
 
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean ArchitectureDiego Gabriel Cardoso
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 

More Related Content

What's hot

DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresPriyanka Aash
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramDeborah Schalm
 
Containers and Kubernetes without limits
Containers and Kubernetes without limitsContainers and Kubernetes without limits
Containers and Kubernetes without limitsAntje Barth
 
E bpf and profilers
E bpf and profilersE bpf and profilers
E bpf and profilersLibbySchulze
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftAarno Aukia
 
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...Agile Testing Alliance
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsDeborah Schalm
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentPriyanka Aash
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowAmien Harisen Rosyandino
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationVMware Tanzu
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container EnvironmentsTwistlock
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019James Wickett
 
General presentation - Bitcraft
General presentation - Bitcraft General presentation - Bitcraft
General presentation - Bitcraft Kamila Katyal
 
Jose_Casorla_resume
Jose_Casorla_resumeJose_Casorla_resume
Jose_Casorla_resumeJoseCasorla1
 
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)Logico
 

What's hot (20)

DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructures
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Containers and Kubernetes without limits
Containers and Kubernetes without limitsContainers and Kubernetes without limits
Containers and Kubernetes without limits
 
E bpf and profilers
E bpf and profilersE bpf and profilers
E bpf and profilers
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
 
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management TeamsTop 10 Practices of Highly Successful DevOps Incident Management Teams
Top 10 Practices of Highly Successful DevOps Incident Management Teams
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot Application
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
Api gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a serviceApi gitlab: configurazione dei progetti as a service
Api gitlab: configurazione dei progetti as a service
 
Managing Compliance in Container Environments
Managing Compliance in Container EnvironmentsManaging Compliance in Container Environments
Managing Compliance in Container Environments
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
General presentation - Bitcraft
General presentation - Bitcraft General presentation - Bitcraft
General presentation - Bitcraft
 
Jose_Casorla_resume
Jose_Casorla_resumeJose_Casorla_resume
Jose_Casorla_resume
 
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
 

Similar to 2020 05-tech saturday-devsecops-#2-v03

2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean ArchitectureDiego Gabriel Cardoso
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
Future Of DevOps Trends 2023
Future Of DevOps Trends 2023Future Of DevOps Trends 2023
Future Of DevOps Trends 2023WeCode Inc
 
DevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the AnswerDevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the AnswerDevOpsGroup
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...CA Technologies
 
What is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptxWhat is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptxCalidad Infotech
 
Building and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent WayBuilding and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent WayDevOps Indonesia
 
Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...
Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...
Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...Pedro Moreira da Silva
 
COPADO - Plateforme de DEVOPS pour Salesforce
COPADO - Plateforme de DEVOPS pour SalesforceCOPADO - Plateforme de DEVOPS pour Salesforce
COPADO - Plateforme de DEVOPS pour SalesforceThierry TROUIN ☁
 
Platform governance, gestire un ecosistema di microservizi a livello enterprise
Platform governance, gestire un ecosistema di microservizi a livello enterprisePlatform governance, gestire un ecosistema di microservizi a livello enterprise
Platform governance, gestire un ecosistema di microservizi a livello enterpriseGiulio Roggero
 
A DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEER
A DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEERA DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEER
A DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEEROrion eSolutions
 
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na NuvemDiego Gabriel Cardoso
 
Barcelona global gathering 2020 jan21st
Barcelona global gathering 2020 jan21stBarcelona global gathering 2020 jan21st
Barcelona global gathering 2020 jan21stanimuscrm
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
Top 10 Low-CodeNo Code Development Platforms
Top 10 Low-CodeNo Code Development PlatformsTop 10 Low-CodeNo Code Development Platforms
Top 10 Low-CodeNo Code Development Platformsinsightssuccess2
 
Business intelligence & reporting
Business intelligence & reportingBusiness intelligence & reporting
Business intelligence & reportingNamita Ghate
 
2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your BusinessWeCode Inc
 

Similar to 2020 05-tech saturday-devsecops-#2-v03 (20)

2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
Future Of DevOps Trends 2023
Future Of DevOps Trends 2023Future Of DevOps Trends 2023
Future Of DevOps Trends 2023
 
DevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the AnswerDevOpsGuys FutureDecoded 2016 - is DevOps the Answer
DevOpsGuys FutureDecoded 2016 - is DevOps the Answer
 
DevOps trends to look out for in 2022
DevOps trends to look out for in 2022DevOps trends to look out for in 2022
DevOps trends to look out for in 2022
 
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOps
 
What is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptxWhat is the future of DevOps and its growing trends.pptx
What is the future of DevOps and its growing trends.pptx
 
Building and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent WayBuilding and Delivering Software in a Faster and More Consistent Way
Building and Delivering Software in a Faster and More Consistent Way
 
Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...
Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...
Simplifying complexity at GitLab (2023-07-31 @ OutSystems Product Design Unwr...
 
COPADO - Plateforme de DEVOPS pour Salesforce
COPADO - Plateforme de DEVOPS pour SalesforceCOPADO - Plateforme de DEVOPS pour Salesforce
COPADO - Plateforme de DEVOPS pour Salesforce
 
Platform governance, gestire un ecosistema di microservizi a livello enterprise
Platform governance, gestire un ecosistema di microservizi a livello enterprisePlatform governance, gestire un ecosistema di microservizi a livello enterprise
Platform governance, gestire un ecosistema di microservizi a livello enterprise
 
A DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEER
A DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEERA DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEER
A DETAILED ROADMAP TO BECOMING A DEVOPS ENGINEER
 
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
 
Barcelona global gathering 2020 jan21st
Barcelona global gathering 2020 jan21stBarcelona global gathering 2020 jan21st
Barcelona global gathering 2020 jan21st
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Jay Thakkar
Jay ThakkarJay Thakkar
Jay Thakkar
 
Top 10 Low-CodeNo Code Development Platforms
Top 10 Low-CodeNo Code Development PlatformsTop 10 Low-CodeNo Code Development Platforms
Top 10 Low-CodeNo Code Development Platforms
 
Business intelligence & reporting
Business intelligence & reportingBusiness intelligence & reporting
Business intelligence & reporting
 
2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business2022: 6 Cloud-Native App Development Trends to Transform Your Business
2022: 6 Cloud-Native App Development Trends to Transform Your Business
 

More from Diego Gabriel Cardoso

2024 Facens Semana Academica Carreira e o mercado de TI
2024 Facens Semana Academica Carreira e o mercado de TI2024 Facens Semana Academica Carreira e o mercado de TI
2024 Facens Semana Academica Carreira e o mercado de TIDiego Gabriel Cardoso
 
Facens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TIFacens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TIDiego Gabriel Cardoso
 
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...Diego Gabriel Cardoso
 
TDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean ArchitectureTDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean ArchitectureDiego Gabriel Cardoso
 
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...Diego Gabriel Cardoso
 
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#Diego Gabriel Cardoso
 
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteiraTDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteiraDiego Gabriel Cardoso
 

More from Diego Gabriel Cardoso (7)

2024 Facens Semana Academica Carreira e o mercado de TI
2024 Facens Semana Academica Carreira e o mercado de TI2024 Facens Semana Academica Carreira e o mercado de TI
2024 Facens Semana Academica Carreira e o mercado de TI
 
Facens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TIFacens - Plugin - A Evolução na carreira de TI
Facens - Plugin - A Evolução na carreira de TI
 
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
 
TDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean ArchitectureTDC SP 2019 - Trilha .NET - Clean Architecture
TDC SP 2019 - Trilha .NET - Clean Architecture
 
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
 
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
 
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteiraTDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
 

Recently uploaded

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

2020 05-tech saturday-devsecops-#2-v03

  • 1. Shaping the future of digital business 1CONFIDENTIALGFT GROUP 09/05/20 #Maio - 2020 DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil diego.cardoso@gft.com #DevSecOps #BeTransformationAgent #TechSaturday
  • 2. • Orgulhoso Filho, Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • + 6 anos trabalhando na GFT • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
  • 3. Shaping the future of digital business 3CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps Enablement 3. CyberSecurity 4. OWASP 5. DevSecOps
  • 4. Shaping the future of digital business 4CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
  • 5. Shaping the future of digital business 5CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
  • 6. Shaping the future of digital business 6CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
  • 7. Shaping the future of digital business 7CONFIDENTIALGFT GROUP 09/05/2020 DevOps – Landscape 2019
  • 8. Shaping the future of digital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 9. Shaping the future of digital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 10. Shaping the future of digital business 10CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
  • 11. Shaping the future of digital business 11CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
  • 12. Shaping the future of digital business 12CONFIDENTIALGFT GROUP DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps – The Evolution of Security Teams
  • 13. Shaping the future of digital business 13CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #BeTransformationAgent #TechSaturday
  • 14. Shaping the future of digital business 14CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DevSecOps = DevOps + Security
  • 15. Shaping the future of digital business 15CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software BUILD insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software RELEASE insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
  • 16. Shaping the future of digital business 16CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build Repositório de Binários Repositório Código Release Tests Quality Scan Security Scan Configuration Repo Key vault / configuration Branches Policies Monitor Optmize User Stories PO / BA DEV QA OPS SEC Feature Flag Promoção de Pacotes DEV HML PPD Infra Performance Infra Costs Observability PRD Penetration Tests Version = TAG Release = TAG Infra Automation DevSecOps Services: Development Cycle
  • 17. Shaping the future of digital business 17CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build master hotfix develop feature bugfix Testes Scan Qualidade Scan Segurança TAG: 1.0.0 Repositório de Binários Versão: 1.0.0.20200318-01 Branch Gate Release HML PPD PRD DEV Repositório Configuração Branch Gate Pull-Request Pull-Request Pull-Request DevSecOps: Build & Release
  • 18. Shaping the future of digital business 18CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Azure Artifacts Azure Pipelines DevSecOps: Build & Release
  • 19. Shaping the future of digital business 19CONFIDENTIALGFT GROUP SAST DevSecOps – Security Scan Tools (part I) DAST
  • 20. Shaping the future of digital business 20CONFIDENTIALGFT GROUP IAST DevSecOps – Security Scan Tools (part. II) OSS
  • 21. Shaping the future of digital business 21CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness and training • Evil Stories ( ethical hacking) • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Are you aware about TOP risks/vulnerabilities (OWASP) ? • Is my application/product protected ? • Is my application/product/code exposing sensitive data or secrets ? • Are my dependencies (3rd party libraries) secure ? Test • SAST + DAST + IAST • Sensitive info scan (SIS) • Composition Analysis (SCA) • Fuzzing (random inputs) • Pen-Test DevSecOps – Leading the Transformation
  • 22. Shaping the future of digital business 22CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2020
  • 23. Shaping the future of digital business 23CONFIDENTIALGFT GROUP Maio - 2020 We Innovate, Transform, Deliver DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil diego.cardoso@gft.com Muito Obrigado! Perguntas? #DevSecOps #BeTransformationAgent #TechSaturday