SlideShare a Scribd company logo

Steering a Bullet Train: Owasp Latam Tour BA 2015

S
skantos

IT companies that do heavy software development have been shifting their paradigm from a traditional monolithic waterfall development lifecycle to a fully heterogeneous 24/7 devops culture. This implies more software deployment and more code developed. The traditional security approach, besides not being enough, is clearly outdated and non-applicable. This talk will tell how MercadoLibre evolved to a DevOps company, how information security was perceived and tackled then and now, what challenges we faced, what we made to drive change to a 15 years old company’s mindset, and how we are transforming into a SecDevOps culture and the way we envision that culture of work.

Technology
1 of 55
Steering a Bullet Train Santiago Kantorowicz Security Technical Leader at MercadoLibre bnbsec.blogspot.com
About Me? Information Security Technical Leader at MercadoLibre Software Security + Infrastructure Assessment Pen Testing & Development Background
Agenda Traditional SDLC MercadoLibre’s Context MercadoLibre goes Devops Security at Mercadolibre 5 years ago Our SDL approach
Agenda Traditional SDLC MercadoLibre’s Context MercadoLibre goes Devops Security at Mercadolibre 5 years ago Our SDL approach
Traditional SDLC Design Code Test Security Deploy 1 big release at a time
Traditional SDLC Not always Design Code Test Security Deploy
Traditional SDLC Matured Design Code Test Deploy QA Security Still: 1 big release at a time
Traditional Development Cycle Developers ≠ Ops Developers  access to production
Agenda Traditional SDLC MercadoLibre’s Context MercadoLibre goes Devops Security at Mercadolibre 5 years ago Our SDL approach
#1 e-commerce platform in Latin America #8 in the World > 2600 employees Who we are
Who we are
http://es.slideshare.net/DanielRabinovich/daniel-rabinovich-velocity-2014-santa-clara
http://es.slideshare.net/DanielRabinovich/daniel-rabinovich-php-conference
Mercadolibre 2010 http://es.slideshare.net/DanielRabinovich/daniel-rabinovich-velocity-2014-santa-clara
Agenda Traditional SDLC MercadoLibre’s Context MercadoLibre goes DevOps Security at Mercadolibre 5 years ago Our SDL approach
MercadoLibre Evolution: DevOps
http://es.slideshare.net/DanielRabinovich/daniel-rabinovich-velocity-2014-santa-clara
Today’s Picture >100 deploys a day Developers ~ Operations (24/7) Developers  Access to production Technology Diversity Developers >> AppSec
Today’s Picture “Desarrollamos a velocidad casi de Hackaton”
Today’s Picture
Agenda Traditional SDLC MercadoLibre’s Context MercadoLibre goes Devops Security at Mercadolibre 5 years ago Our SDL approach
How InfoSec was 5 years ago at Mercadolibre Operational tasks Security  Feature? Not involved in product development
How does DevOps affects InfoSec No formal security stage Security unaware of deploys No formal kick-off of every initiative
Agenda Traditional SDLC MercadoLibre’s Context MercadoLibre goes Devops Security at Mercadolibre 5 years ago Our SDL approach
Analysis Design Coding Testing How we envision AppSec in DevOps
Analysis Design Coding Testing How we envision AppSec in DevOps
Premises Security follows the business Explain impact in their words Be open and friendly! Choose your battles: Tradeoffs! Get feedback & iterate  more effective
Security Training Threat Modeling Security Code Review Secure Coding Culture Development Security Features Static Code Analysis Security Testing Internal Security Testing External Vulnerability Fixing Vulnerability Tracking WAF How we envision AppSec
How we envision AppSec Security Training Culture Development
Train every developer! (Mandatory) 8 hour Theory/Practical Training Developer oriented Examples in dev language they use Security Training Culture Development
Workshops Threat Modeling Hacking Infrastructure Browser Exploitation Dynamic Security Testing Whatever devs need to know! or may awake interest! e-learnings: Short! Security Training Culture Development
Games! SECURITY Security Training Culture Development
Security Training Culture Development Communicate Security News Vulnerabilities Breaches Invite Key Developers to security Events & conferences.
How we envision AppSec Security Training Threat Modeling Secure Coding Culture Development Security Features
http://www.microsoft.com/en-us/download/details.aspx?id=12379 http://www.microsoft.com/sdl/ Design stage Prevent vulnerabilities Adapt Threat Modeling to your organization Teach how to do it and ask for invites Threat Modeling
Security DevOps Teams … Threat Modeling
Security Security Focal Points … Threat Modeling
Security Focal Points Threat Modeling Volunteers Ask managers Start with Devs you know Next: critical Projects
Threat Modeling AppSec can’t be everywhere Define criteria for critical projects Set SFP in each of those Appsec participates in threat models of Critical Projects
Secure Coding Security Features Training! Security Checklists (Pre/Post)  OWASP TOP 10 Security Advisor position
How we envision AppSec Security Training Threat Modeling Security Code Review Secure Coding Culture Development Security Features Static Code Analysis Security Testing Internal
Manual tests! Abuse Cases (informal  Brainstorm) CI security integration Security Testing Internal
Security Code Review Agile Guidelines: Adapt to your organization Give alternatives Checklists of what to look for
Listener Static Code Review Static Code Analysis
Centralized + InfoSec view + All Source code - Another tool developers need to add to their routine. Decentralized + Integrated with CI + Developers don’t have to look at another tool, it’s in their every day. - Different CI solutions, sometimes not available. - Non centralized view of InfoSec Static Code Analysis
Security Training Threat Modeling Security Code Review Secure Coding Culture Development Security Features Static Code Analysis Security Testing Internal Security Testing External Vulnerability Fixing Vulnerability Tracking How we envision AppSec
Security Testing External Pen Test all you can!! White box (even if outsourced) Educate developers to ask for them  Prioritize!
Deploy Web Scanner Security Testing External
Use existing tools Classify! Type Manager/Director/etc. Team Communicate  Approach for help Vulnerability Fixing Vulnerability Tracking
Security Training Threat Modeling Security Code Review Secure Coding Culture Development Security Features Static Code Analysis Security Testing Internal Security Testing External Vulnerability Fixing Vulnerability Tracking How we envision AppSec WAF
WAF First Last Line of Defense Gain Visibility Quick reaction
Metrics, Metrics, Metrics Open vs Closed in Q Average fix time Aging Distribution (type, manager, project)
Conclusions Adapt to organization Evangelize  Games Start with less disruptive (time consuming) practices Measure
Blog: bnbsec.blogspot.com Thank you

Recommended

apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructures
Priyanka Aash
 
How to transform developers into security people
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security people
Priyanka Aash
 
Product Security
Product SecurityProduct Security
Product Security
Steven Carlson
 
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
Agile Testing Alliance
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash
 
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOpsZero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
DevSecOps Days
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
Priyanka Aash
 

Recommended

apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays LIVE Paris 2021 - The Real World, API Security Edition by Michael Isb...
apidays
 
DevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructuresDevSecOps - Building continuous security into it and app infrastructures
DevSecOps - Building continuous security into it and app infrastructures
Priyanka Aash
 
How to transform developers into security people
How to transform developers into security peopleHow to transform developers into security people
How to transform developers into security people
Priyanka Aash
 
Product Security
Product SecurityProduct Security
Product Security
Steven Carlson
 
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
Agile Testing Alliance
 
A worldwide journey to build a secure development environment
A worldwide journey to build a secure development environmentA worldwide journey to build a secure development environment
A worldwide journey to build a secure development environment
Priyanka Aash
 
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOpsZero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
DevSecOps Days
 
Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?Securing 100 products - How hard can it be?
Securing 100 products - How hard can it be?
Priyanka Aash
 
Talk DevSecOps to me
Talk DevSecOps to meTalk DevSecOps to me
Talk DevSecOps to me
Michelle Ribeiro
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
Priyanka Aash
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Erkang Zheng
 
Harnessing the power of cloud for real security
Harnessing the power of cloud for real securityHarnessing the power of cloud for real security
Harnessing the power of cloud for real security
Erkang Zheng
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
Priyanka Aash
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
Franklin Mosley
 
Practical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPractical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOps
Priyanka Aash
 
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays
 
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiidaapidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
DevOps.com
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
Kevin Fealey
 
apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...
apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...
apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...
apidays
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
CA Technologies
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source Way
Yusuf Hadiwinata Sutandar
 
Lessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addictLessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addict
Priyanka Aash
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
Archana Joshi
 
Krzyztopor castle
Krzyztopor castleKrzyztopor castle
Krzyztopor castle
krystynalis
 
Netforyou
NetforyouNetforyou
Netforyou
Jhonny Bardella
 

More Related Content

What's hot

Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
Franklin Mosley
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
DevOps.com
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
Kevin Fealey
 

What's hot (20)

Talk DevSecOps to me
Talk DevSecOps to meTalk DevSecOps to me
Talk DevSecOps to me
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure SoftwareOWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 
Harnessing the power of cloud for real security
Harnessing the power of cloud for real securityHarnessing the power of cloud for real security
Harnessing the power of cloud for real security
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby Steps
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
 
Practical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOpsPractical appsec lessons learned in the age of agile and DevOps
Practical appsec lessons learned in the age of agile and DevOps
 
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
apidays LIVE Paris 2021 - API Attack Simulator - Find your API vulnerabilitie...
 
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiidaapidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
apidays LIVE Paris 2021 - Taming the beast by Markus Mueller, Apiida
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
DevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just SecurityDevSecOps without DevOps is Just Security
DevSecOps without DevOps is Just Security
 
apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...
apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...
apidays LIVE Paris 2021 - API design is where culture and tech meet each othe...
 
Application Security in a DevOps World
Application Security in a DevOps WorldApplication Security in a DevOps World
Application Security in a DevOps World
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source Way
 
Lessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addictLessons from a recovering runtime application self protection addict
Lessons from a recovering runtime application self protection addict
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 

Viewers also liked

CURRICULUM VITAE-WALTER ALIMACHON
CURRICULUM VITAE-WALTER ALIMACHONCURRICULUM VITAE-WALTER ALIMACHON
CURRICULUM VITAE-WALTER ALIMACHON
Walter Alimachon
 
Efficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion DetectionEfficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion Detection
editor1knowledgecuddle
 
Floorbrite Brochure 2015
Floorbrite Brochure 2015Floorbrite Brochure 2015
Floorbrite Brochure 2015
Trudie Williams
 
camping 't Loo, vastgesteld
camping 't Loo, vastgesteldcamping 't Loo, vastgesteld
camping 't Loo, vastgesteld
Gabri de Jong
 
Senior operations manager perfomance appraisal 2
Senior operations manager perfomance appraisal 2Senior operations manager perfomance appraisal 2
Senior operations manager perfomance appraisal 2
tonychoper5704
 

Viewers also liked (14)

Krzyztopor castle
Krzyztopor castleKrzyztopor castle
Krzyztopor castle
 
Netforyou
NetforyouNetforyou
Netforyou
 
CURRICULUM VITAE-WALTER ALIMACHON
CURRICULUM VITAE-WALTER ALIMACHONCURRICULUM VITAE-WALTER ALIMACHON
CURRICULUM VITAE-WALTER ALIMACHON
 
Education: Public’s Feedback
Education: Public’s FeedbackEducation: Public’s Feedback
Education: Public’s Feedback
 
Patient powerpoint
Patient powerpointPatient powerpoint
Patient powerpoint
 
Social media white
Social media whiteSocial media white
Social media white
 
Efficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion DetectionEfficient String Matching Algorithm for Intrusion Detection
Efficient String Matching Algorithm for Intrusion Detection
 
CV CPB
CV CPBCV CPB
CV CPB
 
Floorbrite Brochure 2015
Floorbrite Brochure 2015Floorbrite Brochure 2015
Floorbrite Brochure 2015
 
Patti
PattiPatti
Patti
 
camping 't Loo, vastgesteld
camping 't Loo, vastgesteldcamping 't Loo, vastgesteld
camping 't Loo, vastgesteld
 
Senior operations manager perfomance appraisal 2
Senior operations manager perfomance appraisal 2Senior operations manager perfomance appraisal 2
Senior operations manager perfomance appraisal 2
 
Resources/competencies needed for developing a Global presence
Resources/competencies needed for developing a Global presenceResources/competencies needed for developing a Global presence
Resources/competencies needed for developing a Global presence
 
Power point
Power pointPower point
Power point
 

Similar to Steering a Bullet Train: Owasp Latam Tour BA 2015

Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?
Najib Radzuan
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 

Similar to Steering a Bullet Train: Owasp Latam Tour BA 2015 (20)

Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Why 'positive security' is a software security game changer
Why 'positive security' is a software security game changerWhy 'positive security' is a software security game changer
Why 'positive security' is a software security game changer
 
Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?Why Security Engineer Need Shift-Left to DevSecOps?
Why Security Engineer Need Shift-Left to DevSecOps?
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
Threat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps CulturesThreat Modelling in DevSecOps Cultures
Threat Modelling in DevSecOps Cultures
 
SC conference - Building AppSec Teams
SC conference - Building AppSec TeamsSC conference - Building AppSec Teams
SC conference - Building AppSec Teams
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019Matteo Meucci - Security Summit 12th March 2019
Matteo Meucci - Security Summit 12th March 2019
 
ABN AMRO DevSecOps Journey
ABN AMRO DevSecOps JourneyABN AMRO DevSecOps Journey
ABN AMRO DevSecOps Journey
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
SDLC & DevSecOps
SDLC & DevSecOpsSDLC & DevSecOps
SDLC & DevSecOps
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Vital - A Cybersecurity learning platform vital for everyone.
Vital - A Cybersecurity learning platform vital for everyone.Vital - A Cybersecurity learning platform vital for everyone.
Vital - A Cybersecurity learning platform vital for everyone.
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
 
DevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLCDevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLC
 
Agile Security—Field of Dreams
Agile Security—Field of DreamsAgile Security—Field of Dreams
Agile Security—Field of Dreams
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
 
Threat Modeling All Day!
Threat Modeling All Day!Threat Modeling All Day!
Threat Modeling All Day!
 

Recently uploaded

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Recently uploaded (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Steering a Bullet Train: Owasp Latam Tour BA 2015