Advertisement

Continuous Security

Equal Experts
Equal Experts
May. 24, 2016
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security
Continuous Security

Check these out next

Google penguin 3.0
Google penguin 3.0
Arun Mohapatra
IGSTK: Building High Quality Roads with Open Source Software-9300
IGSTK: Building High Quality Roads with Open Source Software-9300
Kitware Kitware
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri
LavaCon 2017 - Making a Quantum Shift in Structured Authoring
LavaCon 2017 - Making a Quantum Shift in Structured Authoring
Jack Molisani
Finding Hazards Using Washing State Hazard Zone Cchecklist
Finding Hazards Using Washing State Hazard Zone Cchecklist
MathesonWorkSafe
Hacking WordPress... and countermeasures.
Hacking WordPress... and countermeasures.
Nestor Angulo de Ugarte
Naswiz perfect app
Naswiz perfect app
dhekanenandkishor
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
1 of 30

Continuous Security

May. 24, 2016
Download to read offline
Software

Talk given by Phil Parker (Partner at Equal Experts) at London Continuous Delivery Meetup hosted at Financial Times, Monday 23rd May, 2016.

Equal Experts
Equal Experts
Advertisement
Advertisement
Advertisement

Recommended

Continuous SecurityContinuous Security
Continuous SecurityEqual Experts507 views28 slides
3Pillar Global's Kit Unger and Alok Jain to Explore "How Customers Think" at ...3Pillar Global's Kit Unger and Alok Jain to Explore "How Customers Think" at ...
3Pillar Global's Kit Unger and Alok Jain to Explore "How Customers Think" at ...3Pillar Global1.4K views36 slides
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...Human is an amateur; the monkey is an expert. How to stop trying to secure yo...
Human is an amateur; the monkey is an expert. How to stop trying to secure yo...Vlad Styran316 views42 slides
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteSucuri 792 views37 slides
Challenges Building the WordPress REST API (API Strategy & Practice, Chicago ...Challenges Building the WordPress REST API (API Strategy & Practice, Chicago ...
Challenges Building the WordPress REST API (API Strategy & Practice, Chicago ...andrewnacin1.9K views89 slides
Prototyping Your Way to Better and Faster Outcomes Prototyping Your Way to Better and Faster Outcomes
Prototyping Your Way to Better and Faster Outcomes 3Pillar Global1K views32 slides

More Related Content

Slideshows for you(7)

Google penguin 3.0Google penguin 3.0
Google penguin 3.0
Arun Mohapatra319 views
IGSTK: Building High Quality Roads with Open Source Software-9300IGSTK: Building High Quality Roads with Open Source Software-9300
IGSTK: Building High Quality Roads with Open Source Software-9300
Kitware Kitware725 views
Sucuri Webinar: Is SSL enough to secure your website?Sucuri Webinar: Is SSL enough to secure your website?
Sucuri Webinar: Is SSL enough to secure your website?
Sucuri 548 views
LavaCon 2017 - Making a Quantum Shift in Structured AuthoringLavaCon 2017 - Making a Quantum Shift in Structured Authoring
LavaCon 2017 - Making a Quantum Shift in Structured Authoring
Jack Molisani30 views
Finding Hazards Using Washing State Hazard Zone CchecklistFinding Hazards Using Washing State Hazard Zone Cchecklist
Finding Hazards Using Washing State Hazard Zone Cchecklist
MathesonWorkSafe1.1K views
Hacking WordPress... and countermeasures.Hacking WordPress... and countermeasures.
Hacking WordPress... and countermeasures.
Nestor Angulo de Ugarte1.3K views
Naswiz perfect appNaswiz perfect app
Naswiz perfect app
dhekanenandkishor458 views

Similar to Continuous Security(20)

Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars474 views
Continuous Security: 5 Ways DevOps Improves SecurityContinuous Security: 5 Ways DevOps Improves Security
Continuous Security: 5 Ways DevOps Improves Security
Sonatype 1.5K views
Cybersecurity: A game of innovationCybersecurity: A game of innovation
Cybersecurity: A game of innovation
W2O Group1.7K views
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
OWASP Kyiv693 views
S TECHNOLOGY Product/ Services Presentation S TECHNOLOGY Product/ Services Presentation
S TECHNOLOGY Product/ Services Presentation
Sameer Padwal32 views
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Cyren, Inc439 views
Splunk Webinar: Splunk App for Palo Alto NetworksSplunk Webinar: Splunk App for Palo Alto Networks
Splunk Webinar: Splunk App for Palo Alto Networks
Georg Knon2.1K views
Cybercrime and the developer 2021 styleCybercrime and the developer 2021 style
Cybercrime and the developer 2021 style
Steve Poole139 views
SharePoint Fest Denver - Practical Tools and Techniques for the SharePoint Bu...SharePoint Fest Denver - Practical Tools and Techniques for the SharePoint Bu...
SharePoint Fest Denver - Practical Tools and Techniques for the SharePoint Bu...
Richard Harbridge1.5K views
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC3.9K views
Cyber Security Dr Sally ErnstCyber Security Dr Sally Ernst
Cyber Security Dr Sally Ernst
Cissy Ma FCPA GAICD116 views
Getting Started with Splunk Hands-onGetting Started with Splunk Hands-on
Getting Started with Splunk Hands-on
Splunk601 views
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
Electric Imp1K views
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa1.3K views
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
vicenteDiaz_KL1.6K views
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...
Liran Tal62 views
Think horizontally - Giuliano and De DonatoThink horizontally - Giuliano and De Donato
Think horizontally - Giuliano and De Donato
Codemotion628 views
Disruptive Product Positioning with A/B TestingDisruptive Product Positioning with A/B Testing
Disruptive Product Positioning with A/B Testing
Optimizely698 views
SplunkLive! Utrecht - Splunk for Security - Monzy MerzaSplunkLive! Utrecht - Splunk for Security - Monzy Merza
SplunkLive! Utrecht - Splunk for Security - Monzy Merza
Splunk1.2K views
AgileMidwest2018-Goulet-KeynoteCommunicationCodeStrategistsTechniciansAgileMidwest2018-Goulet-KeynoteCommunicationCodeStrategistsTechnicians
AgileMidwest2018-Goulet-KeynoteCommunicationCodeStrategistsTechnicians
Jason Tice59 views
Advertisement

More from Equal Experts(20)

Will it matter if your child cannot code?Will it matter if your child cannot code?
Will it matter if your child cannot code?
Equal Experts956 views
Platform Security IRL: Busting Buzzwords & Building BetterPlatform Security IRL: Busting Buzzwords & Building Better
Platform Security IRL: Busting Buzzwords & Building Better
Equal Experts1.5K views
Software development practices & Infrastructure as Code - how well do they wo...Software development practices & Infrastructure as Code - how well do they wo...
Software development practices & Infrastructure as Code - how well do they wo...
Equal Experts700 views
A Whole Team Approach to Quality in Continuous Delivery - Lisa CrispinA Whole Team Approach to Quality in Continuous Delivery - Lisa Crispin
A Whole Team Approach to Quality in Continuous Delivery - Lisa Crispin
Equal Experts1.5K views
Secure Continuous DeliverySecure Continuous Delivery
Secure Continuous Delivery
Equal Experts781 views
Smoothing the continuous delivery path a tale of two architectures - expert...Smoothing the continuous delivery path a tale of two architectures - expert...
Smoothing the continuous delivery path a tale of two architectures - expert...
Equal Experts708 views
Embracing collaborative chaos (April 2020) by Lyndsay PrewerEmbracing collaborative chaos (April 2020) by Lyndsay Prewer
Embracing collaborative chaos (April 2020) by Lyndsay Prewer
Equal Experts731 views
Design Systems: Designing out Waste, Designing in ConsistencyDesign Systems: Designing out Waste, Designing in Consistency
Design Systems: Designing out Waste, Designing in Consistency
Equal Experts699 views
Growing Together - software development in the Developing worldGrowing Together - software development in the Developing world
Growing Together - software development in the Developing world
Equal Experts755 views
Infrastructure - a journey from datacentres to cloudInfrastructure - a journey from datacentres to cloud
Infrastructure - a journey from datacentres to cloud
Equal Experts719 views
Data Science In Action: Prenatal Screening for Down SyndromeData Science In Action: Prenatal Screening for Down Syndrome
Data Science In Action: Prenatal Screening for Down Syndrome
Equal Experts471 views
The essentials of the IT industry or What I wish I was taught about at Univer...The essentials of the IT industry or What I wish I was taught about at Univer...
The essentials of the IT industry or What I wish I was taught about at Univer...
Equal Experts293 views
Secrets of an agile transformationSecrets of an agile transformation
Secrets of an agile transformation
Equal Experts604 views
Obstacles of Digital Transformation EvolutionObstacles of Digital Transformation Evolution
Obstacles of Digital Transformation Evolution
Equal Experts606 views
Avoiding the security brickAvoiding the security brick
Avoiding the security brick
Equal Experts349 views
Embracing collaborative chaosEmbracing collaborative chaos
Embracing collaborative chaos
Equal Experts345 views
Continuous SecurityContinuous Security
Continuous Security
Equal Experts351 views
Organising for Continuous DeliveryOrganising for Continuous Delivery
Organising for Continuous Delivery
Equal Experts318 views
Cracking passwords via common topologiesCracking passwords via common topologies
Cracking passwords via common topologies
Equal Experts735 views
Inception Phases - Handling ComplexityInception Phases - Handling Complexity
Inception Phases - Handling Complexity
Equal Experts1.2K views

Recently uploaded(20)

ConsolidatedSlides (1).pdfConsolidatedSlides (1).pdf
ConsolidatedSlides (1).pdf
2BA19CS016BharatiJad1 view
Basics of JavascriptBasics of Javascript
Basics of Javascript
Universe412 views
SEPM Presentation (2).pptxSEPM Presentation (2).pptx
SEPM Presentation (2).pptx
YogeshKSahu0 views
Benefits of salesforce Pardot integration for Sales & MarketingBenefits of salesforce Pardot integration for Sales & Marketing
Benefits of salesforce Pardot integration for Sales & Marketing
Concretio9 views
operating system1.pdfoperating system1.pdf
operating system1.pdf
Ganesh1982712 views
Office365.pptxOffice365.pptx
Office365.pptx
SidikMohamed4 views
Introductory Statistics Explained.pdfIntroductory Statistics Explained.pdf
Introductory Statistics Explained.pdf
ssuser4492e20 views
Zodiac Onboarding: The case for personalizing experiences based on users' ast...Zodiac Onboarding: The case for personalizing experiences based on users' ast...
Zodiac Onboarding: The case for personalizing experiences based on users' ast...
EricKeating35 views
New Website Creation United Kingdom.pdfNew Website Creation United Kingdom.pdf
New Website Creation United Kingdom.pdf
HenryWilliam216 views
3. Android Architecture.pptx3. Android Architecture.pptx
3. Android Architecture.pptx
HarshiniB112 views
Training Materials.pdfTraining Materials.pdf
Training Materials.pdf
MailJauggernaut2 views
SEMINAR Presentation ppt.pptxSEMINAR Presentation ppt.pptx
SEMINAR Presentation ppt.pptx
WageYado2 views
Chapter 1-Note.docxChapter 1-Note.docx
Chapter 1-Note.docx
TigistTilahun13 views
[PHPers Summit 2023] Business logic testing[PHPers Summit 2023] Business logic testing
[PHPers Summit 2023] Business logic testing
Mateusz Zalewski5 views
software testing 5.1.pdfsoftware testing 5.1.pdf
software testing 5.1.pdf
HarshPrajapati6702624 views
Glimpse Into My Work Methodology by Project Manager Rakib HasanGlimpse Into My Work Methodology by Project Manager Rakib Hasan
Glimpse Into My Work Methodology by Project Manager Rakib Hasan
Rakib Hasan4 views
无法毕业?澳大利亚科廷科技大学毕业证书和学位证书办理无法毕业?澳大利亚科廷科技大学毕业证书和学位证书办理
无法毕业?澳大利亚科廷科技大学毕业证书和学位证书办理
sefomo2 views
Maximizing the potential of ai in palm oil : a guide for top managementMaximizing the potential of ai in palm oil : a guide for top management
Maximizing the potential of ai in palm oil : a guide for top management
Khalizan Halid0 views
ZatinshchikovSV_M112201_Dragonblood_v2.pptxZatinshchikovSV_M112201_Dragonblood_v2.pptx
ZatinshchikovSV_M112201_Dragonblood_v2.pptx
ssuser5f47eb0 views
(C In-Depth Series) Bjarne Stroustrup - A Tour of C-Addison-Wesley Profession...(C In-Depth Series) Bjarne Stroustrup - A Tour of C-Addison-Wesley Profession...
(C In-Depth Series) Bjarne Stroustrup - A Tour of C-Addison-Wesley Profession...
afra1514 views
Advertisement

Continuous Security

  1. CONTINUOUS SECURITY THANK YOU!
  2. @parker0phil
  3. @parker0phil How do we achieve Security in a Continuous Delivery environment?
  4. @parker0phil 3. Continuous Delivery IS MORE secure!
  5. @parker0phil 2. Continuous Delivery IS MORE secure!
  6. @parker0phil 2. Continuous Delivery IS MORE secure!
  7. @parker0phil 2. Continuous Delivery IS MORE secure!
  8. @parker0phil 1. Continuous Delivery IS MORE secure! Mean Time to Detect (MTTD) Mean Time to Resolve (MTTR) RELEASE FIND VULN FIX VULN Attack Window MTTD MTTE
  9. @parker0phil Continuous Delivery IS MORE secure!
  10. @parker0phil 3. Thinking about Security
  11. @parker0phil 3. Thinking about Security
  12. @parker0phil 2. Thinking about Security Exploitability Impact
  13. @parker0phil 1. Thinking about Security 1. Rely on developers and testers more than security specialists. 2. Secure while we work more than after we’re done. 3. Implement features securely more than adding on security features. 4. Mitigate risks more than fix bugs.
  14. @parker0phil Thinking about Security
  15. @parker0phil Pet Hate #3
  16. @parker0phil Encoding Hashing Encryption Signing Pet Hate #2 b2JmdXNjYXRpb24= %3Cscript%3Ealert(0) %3C%2Fscript%3E Integrity + Non-repudiation Confidentiality
  17. @parker0phil Pet Hate #1
  18. @parker0phil Pet Hates!
  19. @parker0phil 3. Enumeration of Usernames
  20. @parker0phil 3. Enumeration of Usernames
  21. @parker0phil 2. Unvalidated Redirects ?queryString=param Cookie:value Persisted
  22. @parker0phil 2. Unvalidated Redirects ?queryString=param Cookie:value Persisted
  23. @parker0phil 1. Cross-Site Request Forgery (CSRF)
  24. @parker0phil BONUS. SelfXSS
  25. @parker0phil BONUS. SelfXSS
  26. @parker0phil My Favourite attacks!
  27. @parker0phil Continuous Delivery IS MORE secure How we achieve Security in a CD environment Mental Models for Security Pet Hates My Favourite attacks
  28. @parker0phil Security is HARD
  29. #DevSecOpsDevSecOps#DevSecOps
  30. CONTINUOUS SECURITY
Advertisement