Successfully reported this slideshow.

Continuous Security

4

Share

Upcoming SlideShare
Continuous Security
Continuous Security
Loading in …3
×
1 of 30
1 of 30

More Related Content

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Continuous Security

  1. 1. CONTINUOUS SECURITY THANK YOU!
  2. 2. @parker0phil
  3. 3. @parker0phil How do we achieve Security in a Continuous Delivery environment?
  4. 4. @parker0phil 3. Continuous Delivery IS MORE secure!
  5. 5. @parker0phil 2. Continuous Delivery IS MORE secure!
  6. 6. @parker0phil 2. Continuous Delivery IS MORE secure!
  7. 7. @parker0phil 2. Continuous Delivery IS MORE secure!
  8. 8. @parker0phil 1. Continuous Delivery IS MORE secure! Mean Time to Detect (MTTD) Mean Time to Resolve (MTTR) RELEASE FIND VULN FIX VULN Attack Window MTTD MTTE
  9. 9. @parker0phil Continuous Delivery IS MORE secure!
  10. 10. @parker0phil 3. Thinking about Security
  11. 11. @parker0phil 3. Thinking about Security
  12. 12. @parker0phil 2. Thinking about Security Exploitability Impact
  13. 13. @parker0phil 1. Thinking about Security 1. Rely on developers and testers more than security specialists. 2. Secure while we work more than after we’re done. 3. Implement features securely more than adding on security features. 4. Mitigate risks more than fix bugs.
  14. 14. @parker0phil Thinking about Security
  15. 15. @parker0phil Pet Hate #3
  16. 16. @parker0phil Encoding Hashing Encryption Signing Pet Hate #2 b2JmdXNjYXRpb24= %3Cscript%3Ealert(0) %3C%2Fscript%3E Integrity + Non-repudiation Confidentiality
  17. 17. @parker0phil Pet Hate #1
  18. 18. @parker0phil Pet Hates!
  19. 19. @parker0phil 3. Enumeration of Usernames
  20. 20. @parker0phil 3. Enumeration of Usernames
  21. 21. @parker0phil 2. Unvalidated Redirects ?queryString=param Cookie:value Persisted
  22. 22. @parker0phil 2. Unvalidated Redirects ?queryString=param Cookie:value Persisted
  23. 23. @parker0phil 1. Cross-Site Request Forgery (CSRF)
  24. 24. @parker0phil BONUS. SelfXSS
  25. 25. @parker0phil BONUS. SelfXSS
  26. 26. @parker0phil My Favourite attacks!
  27. 27. @parker0phil Continuous Delivery IS MORE secure How we achieve Security in a CD environment Mental Models for Security Pet Hates My Favourite attacks
  28. 28. @parker0phil Security is HARD
  29. 29. #DevSecOpsDevSecOps#DevSecOps
  30. 30. CONTINUOUS SECURITY

×