SlideShare a Scribd company logo

Demystifying DevSecOps

Archana Joshi
Archana Joshi

Demystifying DevSecOps

Software
1 of 14
Download to read offline
Demystifying DevSecOps Archana Joshi Director – Digital Engineering, Cognizant
Did you know? Over 53, 000 cyber security incidents like phishing, website intrusions and defacements, virus and ransomware attacks were observed in the country during 2017, Parliament was informed today…. Source: https://economictimes.indiatimes.com/tech/ites/over-53000-cyber-security-incidents-observed-in- 2017/articleshow/62852008.cms
Did you know? Source: State of Application Security – Forrester 2018 https://www.forrester.com/report/...State...Application+Security+2018/-/E-RES141676
Did you know? Source: “The State of Open Source Security,” Snyk, 2017
What is DevSecOps? Infusing Security practices that lead to While still retaining the core DevOps benefits of Faster Release Cycles Early Defect Detection Lesser Deployment Failures and Rollbacks ReducedTime to Recover upon Failure
But, we have security related NFR in our backlog Isn’t that enough? By 2021, DevSecOps will be embedded into 80% of rapid development teams Source: https://www.gartner.com/doc/3811369/-things-right-successful-devsecops
Needs changes across People Processes Tools Governance Implementing DevSecOps
Security is everyone’s business… … Not just of Security & Compliance teams  Culture that encourages “Security as a code”  Equip developers on concepts of secure coding People
Practice “SecureSDLC” Update your SDLC processes and practices to include  Security Epics and User Stories in the backlog  Security criteria included in Definition of Done for the sprint  Secure coding practices as part ofTechnical Debt measurements  Security testing embedded in the testing cycles Processes
Select from wide range of available tools Tools &Technology Cloudwatch Alarm Docker Bench Amazon Inspector gitrob
Don’t forget to govern Governance Security Officer Security Architect (Value Stream 1) DevSecOps Engg (Release Train 1) DevSecOps Engg (Release Train 2) Security Architect (Portfolio) DevSecOps Engg 1 DevSecOps Engg 2 DevSecOps Platform Architect Dedicated Roles and Ceremonies Security Huddle Meetings / Security Chapter Leads / DevSecOps Engineers
Typical DevOps pipeline Typical DevOps pipeline Story boarding Coding Integrate Test Deploy Monitor
Typical DevSecOps pipeline Security NFR Story boarding • Threat Modelling • Security Backlog Security Consultation Coding Security in DoD • IDE Security Plugin • Code reviews • Regular Expression Analysis Integrate Analyse • StaticApplication Security Testing(SAST) • WebServices • Automated SecurityTests Early Detection (Shift-Left) Test Scan • Dynamic Application Security Testing(DAST) • DB SecurityTests • Automated SecurityTests Outside-In Hacker Style Deploy Inspect • Config Management • PenTesting • Compliance & Audit Exploit Vulnerabilities Monitor Continuous • Monitoring and alerting(Intrusion/A pp attack) • BCP/DR • Audit & compliance Continuously Improve Security Consultation Early Detection (Shift-Left) Outside-In Hacker Style Exploit Vulnerabilities Security Consultation Early Detection (Shift-Left)
Thank You https://www.linkedin.com/in/arcjoshi Note:The views represented in the presentation are solely of the author and do not represent those of the company / clients she is associated with

Recommended

The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOpsDevOps Indonesia
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 

Recommended

The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOpsDevOps Indonesia
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
DevSecOps What Why and How
DevSecOps What Why and HowDevSecOps What Why and How
DevSecOps What Why and HowNotSoSecure Global Services
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfiantoidsecconf
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsJoel Divekar
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines Abdul_Mujeeb
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsAmazon Web Services
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsabhimanyubhogwan
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019NotSoSecure Global Services
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...Mohamed Nizzad
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsCheah Eng Soon
 
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxSeceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxCompanySeceon
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 

More Related Content

What's hot

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfiantoidsecconf
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines Abdul_Mujeeb
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOpsOpsta
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyJason Suttie
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...Mohamed Nizzad
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyDerek E. Weeks
 

What's hot (20)

DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..
 
Practical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief KarfiantoPractical DevSecOps - Arief Karfianto
Practical DevSecOps - Arief Karfianto
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines DevSecOps Basics with Azure Pipelines
DevSecOps Basics with Azure Pipelines
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
Security Process in DevSecOps
Security Process in DevSecOpsSecurity Process in DevSecOps
Security Process in DevSecOps
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
DevSecOps | DevOps Sec
DevSecOps | DevOps SecDevSecOps | DevOps Sec
DevSecOps | DevOps Sec
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 

Similar to Demystifying DevSecOps

Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxSeceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxCompanySeceon
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSAmazon Web Services
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Berezha Security Group
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Ernest Staats
 
Accelerating Your Cyber Security Career North Texas Edition
Accelerating Your Cyber Security Career North Texas EditionAccelerating Your Cyber Security Career North Texas Edition
Accelerating Your Cyber Security Career North Texas EditionAmy Hughey
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021Archana Joshi
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondAPNIC
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chainCameron Townshend
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Stefan Streichsbier
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information SecurityRyan Elkins
 
Digitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíDigitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíMarketingArrowECS_CZ
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdf2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdfSavinder Puri
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Black Duck by Synopsys
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyOrganization
 

Similar to Demystifying DevSecOps (20)

Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptxSeceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
Seceon 2023 Cybersecurity Predictions by Seceon Thought Leadership - Seceon.pptx
 
Best practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWSBest practices for automating cloud security processes with Evident.io and AWS
Best practices for automating cloud security processes with Evident.io and AWS
 
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
Webinar | Cybersecurity vulnerabilities of your business - Berezha Security G...
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
 
Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3Why security is the kidney not the tail of the dog v3
Why security is the kidney not the tail of the dog v3
 
Accelerating Your Cyber Security Career North Texas Edition
Accelerating Your Cyber Security Career North Texas EditionAccelerating Your Cyber Security Career North Texas Edition
Accelerating Your Cyber Security Career North Texas Edition
 
Dev week cloud world conf2021
Dev week cloud world conf2021Dev week cloud world conf2021
Dev week cloud world conf2021
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyondLessons learned from 2017 cybersecurity incidents, 2018 and beyond
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
 
2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain2019 04-18 -DevSecOps-software supply chain
2019 04-18 -DevSecOps-software supply chain
 
Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018Securing a great DX - DevSecOps Days Singapore 2018
Securing a great DX - DevSecOps Days Singapore 2018
 
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security
 
Digitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředíDigitální transformace: zabezpečení agilních prostředí
Digitální transformace: zabezpečení agilních prostředí
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdf2021-10-14 The Critical Role of Security in DevOps.pdf
2021-10-14 The Critical Role of Security in DevOps.pdf
 
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
Open Source Insight: 2017 Top 10 IT Security Stories, Breaches, and Predictio...
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 

More from Archana Joshi

Security in Product Aligned IT
Security in Product Aligned ITSecurity in Product Aligned IT
Security in Product Aligned ITArchana Joshi
 
Harness the power of 3 Devops, Cloud, AI
Harness the power of 3 Devops, Cloud, AIHarness the power of 3 Devops, Cloud, AI
Harness the power of 3 Devops, Cloud, AIArchana Joshi
 
Agile India 2019 Propel by Scaling Innovation
Agile India 2019 Propel by Scaling InnovationAgile India 2019 Propel by Scaling Innovation
Agile India 2019 Propel by Scaling InnovationArchana Joshi
 
Container based CI Solution that creates build infrastructure on demand
Container based CI Solution that creates build infrastructure on demandContainer based CI Solution that creates build infrastructure on demand
Container based CI Solution that creates build infrastructure on demandArchana Joshi
 
Being Agile in an IT Services Industry
Being Agile in an IT Services IndustryBeing Agile in an IT Services Industry
Being Agile in an IT Services IndustryArchana Joshi
 
Agility with Microservices and DevOps
Agility with Microservices and DevOpsAgility with Microservices and DevOps
Agility with Microservices and DevOpsArchana Joshi
 
Applying lean techniques in software
Applying lean techniques in software Applying lean techniques in software
Applying lean techniques in software Archana Joshi
 
How do i know agile is working for me or not an executives dilemma
How do i know agile is working for me or not an executives dilemmaHow do i know agile is working for me or not an executives dilemma
How do i know agile is working for me or not an executives dilemmaArchana Joshi
 
Minimum viable product_to_deliver_business_value_v0.4
Minimum viable product_to_deliver_business_value_v0.4Minimum viable product_to_deliver_business_value_v0.4
Minimum viable product_to_deliver_business_value_v0.4Archana Joshi
 
Archana Joshi Aug 2013 Kanban Spin Pune
Archana Joshi Aug 2013 Kanban Spin Pune Archana Joshi Aug 2013 Kanban Spin Pune
Archana Joshi Aug 2013 Kanban Spin Pune Archana Joshi
 
Archana Joshi Agile2010 Agile at services organization
Archana Joshi Agile2010 Agile at services organizationArchana Joshi Agile2010 Agile at services organization
Archana Joshi Agile2010 Agile at services organizationArchana Joshi
 
Archana Joshi Agile2010 Make your retrospectives fun and effective
Archana Joshi Agile2010 Make your retrospectives fun and effectiveArchana Joshi Agile2010 Make your retrospectives fun and effective
Archana Joshi Agile2010 Make your retrospectives fun and effectiveArchana Joshi
 
Archana Joshi Testing in agile is it easier said than done
Archana Joshi Testing in agile is it easier said than doneArchana Joshi Testing in agile is it easier said than done
Archana Joshi Testing in agile is it easier said than doneArchana Joshi
 

More from Archana Joshi (13)

Security in Product Aligned IT
Security in Product Aligned ITSecurity in Product Aligned IT
Security in Product Aligned IT
 
Harness the power of 3 Devops, Cloud, AI
Harness the power of 3 Devops, Cloud, AIHarness the power of 3 Devops, Cloud, AI
Harness the power of 3 Devops, Cloud, AI
 
Agile India 2019 Propel by Scaling Innovation
Agile India 2019 Propel by Scaling InnovationAgile India 2019 Propel by Scaling Innovation
Agile India 2019 Propel by Scaling Innovation
 
Container based CI Solution that creates build infrastructure on demand
Container based CI Solution that creates build infrastructure on demandContainer based CI Solution that creates build infrastructure on demand
Container based CI Solution that creates build infrastructure on demand
 
Being Agile in an IT Services Industry
Being Agile in an IT Services IndustryBeing Agile in an IT Services Industry
Being Agile in an IT Services Industry
 
Agility with Microservices and DevOps
Agility with Microservices and DevOpsAgility with Microservices and DevOps
Agility with Microservices and DevOps
 
Applying lean techniques in software
Applying lean techniques in software Applying lean techniques in software
Applying lean techniques in software
 
How do i know agile is working for me or not an executives dilemma
How do i know agile is working for me or not an executives dilemmaHow do i know agile is working for me or not an executives dilemma
How do i know agile is working for me or not an executives dilemma
 
Minimum viable product_to_deliver_business_value_v0.4
Minimum viable product_to_deliver_business_value_v0.4Minimum viable product_to_deliver_business_value_v0.4
Minimum viable product_to_deliver_business_value_v0.4
 
Archana Joshi Aug 2013 Kanban Spin Pune
Archana Joshi Aug 2013 Kanban Spin Pune Archana Joshi Aug 2013 Kanban Spin Pune
Archana Joshi Aug 2013 Kanban Spin Pune
 
Archana Joshi Agile2010 Agile at services organization
Archana Joshi Agile2010 Agile at services organizationArchana Joshi Agile2010 Agile at services organization
Archana Joshi Agile2010 Agile at services organization
 
Archana Joshi Agile2010 Make your retrospectives fun and effective
Archana Joshi Agile2010 Make your retrospectives fun and effectiveArchana Joshi Agile2010 Make your retrospectives fun and effective
Archana Joshi Agile2010 Make your retrospectives fun and effective
 
Archana Joshi Testing in agile is it easier said than done
Archana Joshi Testing in agile is it easier said than doneArchana Joshi Testing in agile is it easier said than done
Archana Joshi Testing in agile is it easier said than done
 

Recently uploaded

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareJim McKeeth
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...masabamasaba
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisamasabamasaba
 
tonesoftg
tonesoftgtonesoftg
tonesoftglanshi9
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastPapp Krisztián
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Hararemasabamasaba
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

Recently uploaded (20)

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 

Demystifying DevSecOps

  • 1. Demystifying DevSecOps Archana Joshi Director – Digital Engineering, Cognizant
  • 2. Did you know? Over 53, 000 cyber security incidents like phishing, website intrusions and defacements, virus and ransomware attacks were observed in the country during 2017, Parliament was informed today…. Source: https://economictimes.indiatimes.com/tech/ites/over-53000-cyber-security-incidents-observed-in- 2017/articleshow/62852008.cms
  • 3. Did you know? Source: State of Application Security – Forrester 2018 https://www.forrester.com/report/...State...Application+Security+2018/-/E-RES141676
  • 4. Did you know? Source: “The State of Open Source Security,” Snyk, 2017
  • 5. What is DevSecOps? Infusing Security practices that lead to While still retaining the core DevOps benefits of Faster Release Cycles Early Defect Detection Lesser Deployment Failures and Rollbacks ReducedTime to Recover upon Failure
  • 6. But, we have security related NFR in our backlog Isn’t that enough? By 2021, DevSecOps will be embedded into 80% of rapid development teams Source: https://www.gartner.com/doc/3811369/-things-right-successful-devsecops
  • 8. Security is everyone’s business… … Not just of Security & Compliance teams  Culture that encourages “Security as a code”  Equip developers on concepts of secure coding People
  • 9. Practice “SecureSDLC” Update your SDLC processes and practices to include  Security Epics and User Stories in the backlog  Security criteria included in Definition of Done for the sprint  Secure coding practices as part ofTechnical Debt measurements  Security testing embedded in the testing cycles Processes
  • 10. Select from wide range of available tools Tools &Technology Cloudwatch Alarm Docker Bench Amazon Inspector gitrob
  • 11. Don’t forget to govern Governance Security Officer Security Architect (Value Stream 1) DevSecOps Engg (Release Train 1) DevSecOps Engg (Release Train 2) Security Architect (Portfolio) DevSecOps Engg 1 DevSecOps Engg 2 DevSecOps Platform Architect Dedicated Roles and Ceremonies Security Huddle Meetings / Security Chapter Leads / DevSecOps Engineers
  • 13. Typical DevSecOps pipeline Security NFR Story boarding • Threat Modelling • Security Backlog Security Consultation Coding Security in DoD • IDE Security Plugin • Code reviews • Regular Expression Analysis Integrate Analyse • StaticApplication Security Testing(SAST) • WebServices • Automated SecurityTests Early Detection (Shift-Left) Test Scan • Dynamic Application Security Testing(DAST) • DB SecurityTests • Automated SecurityTests Outside-In Hacker Style Deploy Inspect • Config Management • PenTesting • Compliance & Audit Exploit Vulnerabilities Monitor Continuous • Monitoring and alerting(Intrusion/A pp attack) • BCP/DR • Audit & compliance Continuously Improve Security Consultation Early Detection (Shift-Left) Outside-In Hacker Style Exploit Vulnerabilities Security Consultation Early Detection (Shift-Left)
  • 14. Thank You https://www.linkedin.com/in/arcjoshi Note:The views represented in the presentation are solely of the author and do not represent those of the company / clients she is associated with