A Secure DevOps Journey

•

0 likes•2,329 views

Pete Chestna has 25 years of experience in enterprise software development and has worked at Veracode for over 10 years. He discusses the evolution from waterfall to agile to DevOps approaches. With waterfall, quality tasks like security occurred late in the process and were unpredictable. Agile broke down silos but security initially remained separate. DevOps integrates security throughout by automating tasks, enabling zero downtime upgrades, and embedding security into definitions of done. The journey requires revolution at a micro level and evolution at a macro level through continuous improvement and empathy.

Software

A Secure DevOps
Journey
P e t e C h e s t n a , D i r e c t o r o f D e v e l o p e r E n g a g e m e n t

Waterfall - Process
Addressing
quality too far
down the
development
lifecycle
created a cycle
of waste

Waterfall - People
Dev QA Ops Security
Organizational silos
Arch Dev

Waterfall - Technology
• Gantt Charts
• Text documents
• Requirements
• Architecture
• Designs
• Test plans
• Manual tests
• Manual Deploy
• Shell Script
• SQL Script

Waterfall - Security
Back end of
process
Occurred during
testing cycle
Unpredictable
amount of work
Mostly manual

Agile - Process
Copyright 2005, Mountain Goat Software

Agile - People
Security
Dev & QA
IT
Operations
Product
Mgmt
Product
Mgmt
Security is a
gate keeper
on the
outside
looking in

Security Test Release
Static
Analysis
Pen
Testing
Code
Integrate
Function
al Test
Production
Ready
Develop
Agile Development with Waterfall Security Testing
Agile – Security in the early days

Agile – Security – Early Days
Security
Results 3
Build
5
Security
Results
4
Static
Analysis
Hardening
Sprint
1
Develop
2
Check in
Agile
Backlog

4
Check in
1
Develop
6
Static
Analysis
5
Build
7
Import
Static
Analysis
3
Build
& Test
2
Agile
Backlog
Agile – Security – Automated and Integrated
Nightly

Agile – Security is not limited to automation!
Security
Champions
Security
Grooming
(Requirements
Review)
Security as part
of the Definition
of Done
Threat Modeling
Secure Code
Review
Pen Testing
Pre-Productions
Dynamic
Analysis

Agile - Culture clash with OPS and Security

DevOps - People
Break the
Silos
Reorganize
Change
the Culture

DevOps - Technology
Automate!
Automate!
Automate!
Feature
switching
for
controlled
rollout
Rolling
upgrades
Zero
downtime
Make
incremental
changes

Training
(eLearning, instructor led, metadata driven)
Static Application Security Testing + Software Composition Analysis
Remediation and Mitigation Guidance
Secure Code Reviews
Manual Penetration Testing
Runtime Application
Security Protection
Dynamic Application Security Testing
Plan Code Build Test Stage Deploy Monitor
Threat Modeling
Security Grooming
DevOps – Pervasive Security

This Is Our Journey
•Revolution at the micro level
•Evolution at the macro level
Innovation
•Always constructively dissatisfied
•Hypothesize, prototype, measure
•Sharpen the saw
Continuous
Improvement
•We have been where our customers
are going
•Project Purina
Empathy

Thank You
w w w . v e r a c o d e . c o m
Pete Chestna: @PeteChestna

What's hot

Integrating DevOps and Security

Stijn Muylle

Unit testing : what are you missing for security

Suman Sourav

Just when you thought DevOps was the new black, along comes SecDevOps. In this webinar, Andrew Storms, Sr. Director of DevOps at CloudPassage and Alan Shimel Co-Founder of DevOps.com will discuss the emerging hybrid role of DevOps and Security. Tune in to hear them cover the following topics and why DevOps should want to play a bigger part in security: Go beyond the traditional using DevOps tools, practices, methods to create a force multiplier of SecDevOps Orchestrate and Automate - Deputize everyone to incorporate security into their day to day responsibilities Examples of security automation, case situations minimizing risk and driving flexibility for DevOps See how SaaS provider CloudPassage integrates security into its own development and operations workflows

SecDevOps: The New Black of IT

CloudPassage

Null application security in an agile world

Stefan Streichsbier

Embracing the Rise of SecDevOps

Tom Cappetta

In recent months we have seen several critical security threat because of third party libraries used in software products and services, Heartbleed, POODLE is a great example of it but things are not limited here since we have large threat landscape because of huge consumption of external third party components in cloud application development. Security threat will not stop ever since new attack vectors will keep coming in these open/external sources components but what is important here is how we handle risks due to these third party libraries.

Open Source Libraries - Managing Risk in Cloud

Suman Sourav

DevSecOps : an Introduction

Prashanth B. P.

ABN AMRO DevSecOps Journey

Derek E. Weeks

Application Security in an Agile World - Agile Singapore 2016

Stefan Streichsbier

This article examines the emerging need for software assurance. As defense contractors continue to develop systems for the Department of Defense (DoD) those systems must meet stringent requirements for deployment. However as over half of the vulnerabilities are found at the application layer organizations must ensure that proper mechanisms are in place to ensure the integrity, availability, and confidentiality of the code is maintained. Download paper at https://www.researchgate.net/publication/255965523_Integrating_Software_Assurance_into_the_Software_Development_Life_Cycle_(SDLC)

Secure Software Development Life Cycle

Maurice Dawson

Link to Youtube video: https://youtu.be/-awH_CC4DLo You can contact me at abhimanyu.bhogwan@gmail.com My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/ Basic Introduction to DevSecOps concept Why What and How for DevSecOps Basic intro for Threat Modeling Basic Intro for Security Champions 3 pillars of DevSecOps 6 important components of a DevSecOps approach DevSecOps Security Best Practices How to integrate security in CI/CD pipeline

Introduction to DevSecOps

abhimanyubhogwan

DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps

Suman Sourav

Succeeding-Marriage-Cybersecurity-DevOps final

rkadayam

Dev seccon london 2016 intelliment security

DevSecCon

Introducing: Klocwork Insight Pro | November 2009

Klocwork

Renato Rodrigues - Security in the wild

DevSecCon

DevSecCon London 2017: How far left do you want to go with security? by Javie...

DevSecCon

When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective. In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions. Webinar recording: http://www.roguewave.com/events/on-demand-webinars/shifting-the-conversation-from-active-interception

Shifting the conversation from active interception to proactive neutralization

Rogue Wave Software

OWASP Top 10 practice workshop by Stanislav Breslavskyi

Nazar Tymoshyk, CEH, Ph.D.

DevSecOps - The big picture

Stefan Streichsbier

What's hot (20)

Integrating DevOps and Security

Unit testing : what are you missing for security

SecDevOps: The New Black of IT

Null application security in an agile world

Embracing the Rise of SecDevOps

Open Source Libraries - Managing Risk in Cloud

DevSecOps : an Introduction

ABN AMRO DevSecOps Journey

Application Security in an Agile World - Agile Singapore 2016

Secure Software Development Life Cycle

Introduction to DevSecOps

DevSecOps Indonesia : Pain & Pleasure of doing AppSec in DevOps

Succeeding-Marriage-Cybersecurity-DevOps final

Dev seccon london 2016 intelliment security

Introducing: Klocwork Insight Pro | November 2009

Renato Rodrigues - Security in the wild

DevSecCon London 2017: How far left do you want to go with security? by Javie...

Shifting the conversation from active interception to proactive neutralization

OWASP Top 10 practice workshop by Stanislav Breslavskyi

DevSecOps - The big picture

Similar to A Secure DevOps Journey

Presenter - Peter Chestna, Veracode If you are moving between methodologies, you are probably looking for a roadmap or at least lessons from someone that’s been through it already. Over its 10+ years, Veracode has moved from monolith to microservice and fromwaterfall to DevOps. We have learned a lot along the way and I’m eager to share the story. As you consider the shift from waterfall to agile, or agile to continuous deployment and eventually DevOps, there is more to think about than just architecture. Peter Chestna, the Director of Developer Engagement at Veracode, led Veracode’s own transition from Waterfall to DevOps and in turn has helped hundreds of customers do the same. Join us as Peter shares his own case study, how Veracode reengineered its own architecture but more importantly the overall process including team structure, the technologies to build a robust pipeline, security considerations and the cultural shifts required.

A Secure DevOps Journey

Sonatype

This talk will argue that DevOps methodologies can be applied to traditional application security practices. Only when developers and operations team members are enabled to make security a part of their everyday work will an organization's security culture change. We must meet security at the sweet spot between running a marathon and sprinting towards a software deployment. So put on your running shoes; it’s time for Dev{Sec}Ops!

Product Security

Steven Carlson

DevSecOps Basics with Azure Pipelines

Abdul_Mujeeb

Abstract: See how an Ottawa company has built a SOC2 Type 2 audited software delivery system with less pain, and more value. Build security, and compliance into the way software is delivered and operated to * Make secure development easier * Provide real customer value * Avoid security theatre * Reduce security and audit bottlenecks Bio: Dag Rowe is a BA in security and compliance. Passionate about improving systems of work, he is actively involved in the local software community. Dag helps to organize the Agile Ottawa Meetup group, and the Gatineau-Ottawa Agile Tour conference.

Dev secops security and compliance at the speed of continuous delivery - owasp

Dag Rowe

DevSecOps - It can change your life (cycle)

Qualitest

SDLC & DevSecOps

Irina Kostina

BSides Vienna 2015

Daniel Liber

As DevOps continue to advance, and agile development continues to be widely adopted, the latest OWASP top 10 list shows little to no movement at the top in terms of the most serious vulnerabilities affecting web applications. With a plethora of tools and information to help reduce application vulnerabilities and increase the level of security awareness in development team available, why do we still see web applications as a significant attack vector?

Outpost24 webinar - application security in a dev ops world-08-2018

Outpost24

Dev opsandsecurity owasp

Helen Bravo

Whether you're a huge enterprise or a small start-up, you can't escape global digitalization. As digital technologies like machine-2-machine communication, device-2-device telematics, connected cars, and the Internet of Things become more integral in today’s world, more threats will appear as hackers use new ways to exploit weaknesses in your organization and products. During SoftServe’s free security webinar, Nazar Tymoshyk will explore the reasons why recent victims of digital attacks couldn’t withstand a threat to their security and share how you can build secure and compliant software with the help of security experts. A real-life case study will demonstrate how SoftServe assessed and mitigated security threats for a top organization.

Digital Product Security

SoftServe

Journey to the center of DevOps - v6

Venkat Janardhanam, MS, MBA

Are Agile And Secure Development Mutually Exclusive?

Source Conference

How do you integrate security within a Continuous Deployment (CD) environment - where every 5 minutes a feature, an enhancement, or a bug fix needs to be released? Traditional application security tools which require lengthy periods of configuration, tuning and application learning have become irrelevant in these fast-pace environments. Yet, falling back only on the secure coding practices of the developer cannot be tolerated. Secure coding requires a new approach where security tools become part of the development environment – and eliminate any unnecessary overhead. By collaborating with development teams, understanding their needs and requirements, you can pave the way to a secure deployment in minutes.

DevOps & Security: Here & Now

Checkmarx

A journey into Application Security

Christian Martorella

Owasp summit slides day 2

Dinis Cruz

Two models for running automated security tests in a CI/CD pipeline: either blocking or parallel security tests Integration depends on the level of cultural integration of security into DevOps. 3 Models of test ownership: 1. Owned by Security team - least desirable 2. Owned by DevOps, overseen by security - better 3. Owned by SecDevOps, look Ma, no silos. Overview of BDD-Security Configuring Jenkins with BDD-Security as inline tests

Automating security tests for Continuous Integration

Stephen de Vries

This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. We’ll discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.

Automating Security in Cloud Workloads with DevSecOps

Amazon Web Services

OWASP LASCON 2015 - Agile Security, The Fails Noboty Told You About

Daniel Liber

Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti

Raphael Denipotti

Continuous Security Testing with Devops - OWASP EU 2014

Stephen de Vries

Similar to A Secure DevOps Journey (20)

A Secure DevOps Journey

Product Security

DevSecOps Basics with Azure Pipelines

Dev secops security and compliance at the speed of continuous delivery - owasp

DevSecOps - It can change your life (cycle)

SDLC & DevSecOps

BSides Vienna 2015

Outpost24 webinar - application security in a dev ops world-08-2018

Dev opsandsecurity owasp

Digital Product Security

Journey to the center of DevOps - v6

Are Agile And Secure Development Mutually Exclusive?

DevOps & Security: Here & Now

A journey into Application Security

Owasp summit slides day 2

Automating security tests for Continuous Integration

Automating Security in Cloud Workloads with DevSecOps

OWASP LASCON 2015 - Agile Security, The Fails Noboty Told You About

Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti

Continuous Security Testing with Devops - OWASP EU 2014

More from Veracode

The Four(ish) Appsec Metrics You Can’t Ignore

Veracode

Enterprises are constantly working to implement new, faster, better technology to run their businesses. In turn, cyberattackers are working equally as hard to find ways to breach that technology, and security professionals are churning out solutions to thwart attacks. This cycle of activity leads to today’s layered, complex enterprise security ecosystems. These ecosystems are like any ecosystem in the natural world, with interdependencies, limited resources, and a need for balance to make them run smoothly. If one layer falters, the whole ecosystem can become unstable. With the recent introduction of applications as a business driver, the security ecosystem needs to adapt. The application layer is now a critical player, and requires a reworking of the ecosystem to restore balance and security. However, this reworking has yet to happen in many cases, leading to the surge of breaches we’ve seen lately. End-point and network security tend to garner the lion’s share of IT attention – leading to an unbalanced security ecosystem, an exposed application layer, and serious breaches. It is important to understand all the layers of security and how they work together to secure your enterprise. Start by getting the facts and stats with our new gbook, The Seven Kinds of Security.

The Seven Kinds of Security

Veracode

You’ve studied the best practices, charted out your course and are ready to embark on your application security journey. But there is still one roadblock that could derail your entire program if you ignore it – getting buy-in from the rest of your company. You see, application security is unlike other forms of security in that it directly impacts the productivity of multiple teams outside the IT and security teams. Who are the groups you need to work with? At what point in the planning and execution stages should you engage with these teams? And why are they so concerned with your application security strategy? The answer to these questions can be found in this short, yet informative presentation. You'll learn about the teams you need to work with, and how to best communicate and work with them to ensure the success of your application security program.

Selling Your Organization on Application Security

Veracode

Retail Industry Application Security Survey Insights

Veracode

Even though Healthcare applications are a primary target for cyber-attacks, a new study from IDG Research reveals that sixty percent of internally developed applications are not assessed for critical security vulnerabilities such as SQL Injection and Cross-Site Scripting. IT leaders expect the number of healthcare applications to increase as organizations increasingly rely on software innovation. How will healthcare application security teams close this gap?

Healthcare application-security-practices-survey-veracode

Veracode

Why Benchmark Application Security - Veracode

Veracode

Every app that resides on our devices contains information on some aspect of our lives. What games we play, who we talk to, where we work, what utilities make our lives easier are all captured by our apps on our mobile devices. Anyone armed with this information can mimic our digital lives to friends, family, colleagues and even corporate systems. Who we are and what we know is valuable information – and not just for marketing folks like me. <a>Webinar: What Are Employees’ Mobile Apps Doing Behind Your Back?</a>

Mobile Security: Apps are our digital lives.

Veracode

Christien Rioux's keynote presentation slides from BSidesLV 2013 explores how to build a better hacker manager. Using his own career arch as a baseline Christien explores the evolution of how he became a hacker and transitioned into the management role he currently holds at Veracode. We all encounter different crossroads in life and the one constant we can count on is change. In defining success it's important to; separate business and personal goals, understand the factors that influence these and study how we can make the best decisions to achieve our goals. He breaks down the effects that hacker culture can have on companies and how many negative effects can also be turned positive. Finishing with his own Ten Commandments of Hacker Management, enjoy the presentation! You can follow Christien on Twitter: @dildog

The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote

Veracode

Neglecting to take proper security measures at the application layer is one of the most common causes of data breaches, yet many companies still leave their applications unprotected. Securing your applications begins with developer training on the risks applications face and the methods required for vulnerability prevention. This infographic focuses on defining these risks and combating common flaws.

Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...

Veracode

More from Veracode (9)

The Four(ish) Appsec Metrics You Can’t Ignore

The Seven Kinds of Security

Selling Your Organization on Application Security

Retail Industry Application Security Survey Insights

Healthcare application-security-practices-survey-veracode

Why Benchmark Application Security - Veracode

Mobile Security: Apps are our digital lives.

The Security Industry: How to Survive Becoming Management BSIDESLV 2013 Keynote

Developing Web Applications Securely - How to Fix Common Code Vulnerabilities...

Recently uploaded

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...

kellynguyen01

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

A Secure and Reliable Document Management System is Essential.docx

ComplianceQuest1

Diamond Application Development Crafting Solutions with Precision

SolGuruz

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

Foundation models are machine learning models which are easily capable of performing variable tasks on large and huge datasets. FMs have managed to get a lot of attention due to this feature of handling large datasets. It can do text generation, video editing to protein folding and robotics. In case we believe that FMs can help the hospitals and patients in any way, we need to perform some important evaluations, tests to test these assumptions. In this review, we take a walk through Fms and their evaluation regimes assumed clinical value. To clarify on this topic, we reviewed no less than 80 clinical FMs built from the EMR data. We added all the models trained on structured and unstructured data. We are referring to this combination of structured and unstructured EMR data or clinical data.

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

harshavardhanraghave

Conference: Engage2024 in Antwerp Type: Workshop Speakers: Florian Vogler, Henning Kunz, Christoph Adler Title: Navigating the Future with The Hitchhiker's Guide to Notes and Domino 14 Abstract: Embark on an exhilarating journey with industry trailblazers Florian Vogler, Henning Kunz, and Christoph Adler in this not-to-be-missed workshop at the forefront of the tech universe. Get ready for a thrilling kick-off as we navigate the current state of the HCL universe, setting the stage for an exploration of the groundbreaking Notes and Domino 14. Discover the latest enhancements and revolutionary features that will redefine your experience. In this interactive session, unlock a treasure trove of tips and tricks to elevate your utilization of version 14, both with and without the game-changing panagenda MarvelClient. Brace yourself for also diving into Nomad, Nomad Web, and VoltMX, expanding your horizons in the expansive HCL landscape. Be a part of this exclusive opportunity to stay ahead in the ever-evolving world of HCL technologies. Your journey to mastering Notes and Domino 14 begins here. And remember, in the spirit of intergalactic exploration, don't forget to bring your towel!

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

panagenda

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...

OnePlan Solutions

In an era where security concerns are paramount, the integration of artificial intelligence (AI) into CCTV cameras has revolutionized surveillance capabilities. One of the most significant advancements is the ability to achieve real-time threat detection, enabling immediate responses to potential security breaches. This blog explores how AI is reshaping surveillance through real-time threat detection and the implications of this technology.

Optimizing AI for immediate response in Smart CCTV

shikhaohhpro

Document contains steps to getting ups and running quickly with MyTimeClock Employee Scheduling and Time Keeping Cloud Software as a Service Solution, Web version. Try MyTimeClock or any of our other software packages risk-free by registering for a FREE ACCOUNT at https://register.myintellisource.com/. If you would like more information about our company or its software, follow us on Facebook, Instagram, LinkedIn, Twitter, or YouTube, visit our home page at https://www.myintellisource.com/, or send us an email at cs@myintellisource.com. Take care and have a great day.

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...

MyIntelliSource, Inc.

Unlocking the Future of AI Agents with Large Language Models

aagamshah0812

Test automation is a cornerstone of software development and quality assurance in today's rapidly evolving digital landscape. Its significance cannot be overstated. Businesses can enhance efficiency, productivity, and accelerate software delivery to market through automation, streamlining testing processes effectively. This comprehensive guide addresses the best practices for test automation in 2024. It offers a detailed checklist to empower you to optimize your automation efforts and maintain a competitive edge.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

kalichargn70th171

Introducing MyIntelliAccount™ Cloud Accounting Software as a Service (SaaS) , the complete system for simplifying business accounting needs. MyIntelliAccount Cloud Accounting SaaS is an easy to understand and easy to use application and system designed for the Web with supporting applications for iOS and Android devices. Designed to work like a natural extension of your web browser, the user interface for MyIntelliAccount Cloud Accounting SaaS is intuitive and thoughtfully organized to help you easily navigate and access your business accounting information. Because our company takes the time to research, study, and understand the applications we develop, we are confident that once you use MyIntelliAccount Cloud Accounting SaaS , you will be asking yourself how you ever got along without it.

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...

MyIntelliSource, Inc.

In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs). Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease. In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Alberto González Trastoy

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

ThousandEyes

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI

ABDERRAOUF MEHENNI

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Steffen Staab

5 Signs You Need a Fashion PLM Software.pdf

Wave PLM

Recently uploaded (20)

Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...

Microsoft AI Transformation Partner Playbook.pdf

A Secure and Reliable Document Management System is Essential.docx

Diamond Application Development Crafting Solutions with Precision

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

TECUNIQUE: Success Stories: IT Service provider

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...

Optimizing AI for immediate response in Smart CCTV

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...

Unlocking the Future of AI Agents with Large Language Models

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

How To Use Server-Side Rendering with Nuxt.js

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

5 Signs You Need a Fashion PLM Software.pdf

A Secure DevOps Journey

1. A Secure DevOps Journey P e t e C h e s t n a , D i r e c t o r o f D e v e l o p e r E n g a g e m e n t

2. • Massachusetts born and raised – Grew up in Milford, Graduated from WPI, live in Auburn • 25 years experience in enterprise software development • 10+ years at Veracode – Individual contributor – Director of Engineering – Director of Developer Engagement – Certified Scrum Master & Scrum Product Owner – 2 trillion lines of code under my (Veracode’s) belt! About me

3. There Was Waterfall

4. Waterfall - Process Addressing quality too far down the development lifecycle created a cycle of waste

5. Waterfall - People Dev QA Ops Security Organizational silos Arch Dev

6. Waterfall - Technology • Gantt Charts • Text documents • Requirements • Architecture • Designs • Test plans • Manual tests • Manual Deploy • Shell Script • SQL Script

7. Waterfall - Security Back end of process Occurred during testing cycle Unpredictable amount of work Mostly manual

8. Coming of Age: Agile

10. Agile - People Security Dev & QA IT Operations Product Mgmt Product Mgmt Security is a gate keeper on the outside looking in

11. Agile – Technology Initially

12. Security Test Release Static Analysis Pen Testing Code Integrate Function al Test Production Ready Develop Agile Development with Waterfall Security Testing Agile – Security in the early days

13. Agile – Security – Early Days Security Results 3 Build 5 Security Results 4 Static Analysis Hardening Sprint 1 Develop 2 Check in Agile Backlog

14. 4 Check in 1 Develop 6 Static Analysis 5 Build 7 Import Static Analysis 3 Build & Test 2 Agile Backlog Agile – Security – Automated and Integrated Nightly

15. Agile – Security is not limited to automation! Security Champions Security Grooming (Requirements Review) Security as part of the Definition of Done Threat Modeling Secure Code Review Pen Testing Pre-Productions Dynamic Analysis

16. Agile - Culture clash with OPS and Security

17. We Have Arrived: DevOps

18. DevOps - Process

19. DevOps - People Break the Silos Reorganize Change the Culture

20. DevOps - Technology Automate! Automate! Automate! Feature switching for controlled rollout Rolling upgrades Zero downtime Make incremental changes

21. Training (eLearning, instructor led, metadata driven) Static Application Security Testing + Software Composition Analysis Remediation and Mitigation Guidance Secure Code Reviews Manual Penetration Testing Runtime Application Security Protection Dynamic Application Security Testing Plan Code Build Test Stage Deploy Monitor Threat Modeling Security Grooming DevOps – Pervasive Security

22. This Is Our Journey •Revolution at the micro level •Evolution at the macro level Innovation •Always constructively dissatisfied •Hypothesize, prototype, measure •Sharpen the saw Continuous Improvement •We have been where our customers are going •Project Purina Empathy

23. Thank You w w w . v e r a c o d e . c o m Pete Chestna: @PeteChestna

A Secure DevOps Journey

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to A Secure DevOps Journey

Similar to A Secure DevOps Journey (20)

More from Veracode

More from Veracode (9)

Recently uploaded

Recently uploaded (20)

A Secure DevOps Journey