This document summarizes ABN AMRO's DevSecOps journey and initiatives. It discusses their implementation of continuous integration and delivery pipelines to improve software quality, reduce lead times, and increase developer productivity. It also covers their work to incorporate security practices like open source software management, container security, and credentials management into the development lifecycle through techniques like dependency scanning, security profiling, and a centralized secrets store. The presentation provides status updates on these efforts and outlines next steps to further mature ABN AMRO's DevSecOps capabilities.
Understanding DevOps Security - Full GuideLency Korien
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
DevOps Company In UAE ( https://opstree.com/ )
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
devops solutions ( https://opstree.com/usa/ )
This document discusses securing the DevOps lifecycle with continuous trust. It provides an overview of DevOps and how security remains a challenge that impacts code and data integrity. It discusses how security and quality assurance teams must integrate with DevOps. The benefits of DevOps like speed, reliability, scalability and collaboration are described. It also discusses potential vulnerabilities in DevOps and how establishing a chain of trust across tools is needed. Hardware security modules and key management systems can help support security in DevOps tools that manage the CI/CD pipeline and infrastructure.
Here is the small presentation on DevOps to DevSecOps Journey..
- What is DevOps and their best practices.
- Practical Scenario of DevOps practices.
- DevOps transformation Journey.
- Transition to DevSecOps and why we need it.
- Enterprise CI/CD Pipeline.
What skills are necessary to become a DevOps Engineer.pdfprabhuseshu
Learn the principles and tools of integrated software development with a Devops course on OnlineITGuru. Top rated experts can prepare you for your certification.
Our cutting-edge Blended Learning combines live online DevOps certification classes with interactive labs that will give you hands-on experience.
Security is tough and is even tougher to do, in complex environments with lots of dependencies and monolithic architecture. With emergence of Microservice architecture, security has become a bit easier however it introduces its own set of security challenges. This talk will showcase how we can leverage DevSecOps techniques to secure APIs/Microservices using free and open source software. We will also discuss how emerging technologies like Docker, Kubernetes, Clair, ansible, consul, vault, etc., can be used to scale/strengthen the security program for free.
More details here - https://www.practical-devsecops.com/
Eclipse Che - A Revolutionary IDE for Distributed & Mainframe DevelopmentDevOps.com
Eclipse Che introduces a new kind of developer tool that runs directly on Kubernetes and is accessible through a web-based IDE. The container architecture enables easy and rapid onboarding of new team members while eliminating workstation maintenance costs and limitations, all while leveraging a VS Code-like experience. The release of Che 7.0 by the open source community goes further by making the developer environment consistent, repeatable and reproducible. Now available for mainframe-based code with the Che4z subproject, teams can collaborate on cross-platform applications and bridge the distributed/mainframe divide.
The panel with discuss how the Eclipse Che IDE and workspace server drive developer productivity and improve overall software delivery.
This document summarizes ABN AMRO's DevSecOps journey and initiatives. It discusses their implementation of continuous integration and delivery pipelines to improve software quality, reduce lead times, and increase developer productivity. It also covers their work to incorporate security practices like open source software management, container security, and credentials management into the development lifecycle through techniques like dependency scanning, security profiling, and a centralized secrets store. The presentation provides status updates on these efforts and outlines next steps to further mature ABN AMRO's DevSecOps capabilities.
Understanding DevOps Security - Full GuideLency Korien
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
DevOps Company In UAE ( https://opstree.com/ )
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
devops solutions ( https://opstree.com/usa/ )
This document discusses securing the DevOps lifecycle with continuous trust. It provides an overview of DevOps and how security remains a challenge that impacts code and data integrity. It discusses how security and quality assurance teams must integrate with DevOps. The benefits of DevOps like speed, reliability, scalability and collaboration are described. It also discusses potential vulnerabilities in DevOps and how establishing a chain of trust across tools is needed. Hardware security modules and key management systems can help support security in DevOps tools that manage the CI/CD pipeline and infrastructure.
Here is the small presentation on DevOps to DevSecOps Journey..
- What is DevOps and their best practices.
- Practical Scenario of DevOps practices.
- DevOps transformation Journey.
- Transition to DevSecOps and why we need it.
- Enterprise CI/CD Pipeline.
What skills are necessary to become a DevOps Engineer.pdfprabhuseshu
Learn the principles and tools of integrated software development with a Devops course on OnlineITGuru. Top rated experts can prepare you for your certification.
Our cutting-edge Blended Learning combines live online DevOps certification classes with interactive labs that will give you hands-on experience.
Security is tough and is even tougher to do, in complex environments with lots of dependencies and monolithic architecture. With emergence of Microservice architecture, security has become a bit easier however it introduces its own set of security challenges. This talk will showcase how we can leverage DevSecOps techniques to secure APIs/Microservices using free and open source software. We will also discuss how emerging technologies like Docker, Kubernetes, Clair, ansible, consul, vault, etc., can be used to scale/strengthen the security program for free.
More details here - https://www.practical-devsecops.com/
Eclipse Che - A Revolutionary IDE for Distributed & Mainframe DevelopmentDevOps.com
Eclipse Che introduces a new kind of developer tool that runs directly on Kubernetes and is accessible through a web-based IDE. The container architecture enables easy and rapid onboarding of new team members while eliminating workstation maintenance costs and limitations, all while leveraging a VS Code-like experience. The release of Che 7.0 by the open source community goes further by making the developer environment consistent, repeatable and reproducible. Now available for mainframe-based code with the Che4z subproject, teams can collaborate on cross-platform applications and bridge the distributed/mainframe divide.
The panel with discuss how the Eclipse Che IDE and workspace server drive developer productivity and improve overall software delivery.
Top 5 DevSecOps Tools- You Need to Know AboutDev Software
The increased efficiency brought about by DevSecOps Tools can be attributed to its ability to streamline processes across all three groups involved: development, operations and security teams. For example, if there's an issue with your application's code or infrastructure configuration that needs fixing before it goes live on production servers (i.e., somewhere where users could see it), this process will now happen much faster because everyone involved has access to all relevant information at once instead of having separate conversations between each individual group member who might not know what another person knows about a particular problem area within their respective domains
DevSecOps Best Practices-Safeguarding Your Digital Landscapestevecooper930744
DevSecOps best practices help us to understand the culture and mindset, security, measuring and collecting data, training on secure coding, and security automation.
10 Reasons Your Software Sucks 2014 - Tax Day Edition!Caleb Jenkins
Based on years of consulting, and working with some of the largest (and smallest) software companies in the world.. these are the 10 practices that if you started doing today, would drastically improve the quality and delivery of your software! Also, be sure to hang around afterwards in the Open Spaces area.. Caleb will be around to discuss any of the areas from his talk in more detail. It’s going to be great time!
Topics hit on: Object Oriented Principals, SOLID Coding, Security Concerns, Software Patterns, Automated Testing, Source Control - Branching and Merging Strategies, Continuous Integration, Agile | Scrum | XP | Lean, Team Dynamics, Continually Learning
Introduction to DevOps in Cloud Computing.pptxLAKSHMIS553566
a collaborative approach to make the Application Development team and the IT Operations team of an organization to seamlessly work with better communication.
This was presented by Eric Tan, Solutions Engineer, Docker
at the Docker Tech Workshop, Singapore on 26th April 2018.
It covers -
Overview of CI/CD
CI / CD Workflow
Enterprise CI / CD with Docker
DevOps is a culture that promotes collaboration between Development and Operations Team to deploy code to production faster in an automated & repeatable way. The word 'DevOps' is a combination of two words 'development' and 'operations.'
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
DevSecOps is a development methodology that combines security measures at every stage of the software development lifecycle in order to provide reliable and secure systems. DevSecOps, in general, increases the benefits of a DevOps service.
DevOps security (DevSecOps) is an extension of DevOps that integrates security practices into the software development lifecycle. It addresses challenges like securing privileged credentials and tools used in DevOps environments. DevSecOps works by implementing security policies as code, separating duties between developers and security teams, and integrating security checks into continuous integration/delivery pipelines. Automating security mechanisms and taking a proactive security approach are also important for DevSecOps.
All organizations want to go faster and decrease friction in delivering software. The problem is that InfoSec has historically slowed this down or worse. But, with the rise of CD pipelines and new devsecops tooling, there is an opportunity to reverse this trend and move Security from being a blocker to being an enabler.
This talk will discuss hallmarks of doing security in a software delivery pipeline with an emphasis on being pragmatic. At each phase of the delivery pipeline, you will be armed with philosophy, questions, and tools that will get security up-to-speed with your software delivery cadence.
From DeliveryConf 2020
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Using Modern Tools and Technologies to Improve Your Software ArchitectureEran Stiller
This document discusses modern software architecture approaches and tools. It provides examples of how CodeValue has used microservices, serverless computing, and containers to architect solutions for clients. Specific technologies highlighted include Azure Functions, Docker, Kubernetes, and Service Fabric. The talks cover topics like breaking monoliths into microservices, mobile/web architecture, and using cloud-native approaches to future-proof applications.
This document discusses continuous delivery on AWS. It begins by explaining why software development processes need to move fast in today's environment. It then discusses the benefits of continuous integration, delivery, and deployment. The rest of the document dives into specific AWS tools that can help with each part of the software development lifecycle from hosting code and building/testing to deploying applications. It provides examples of how to use AWS CodeCommit, CodeBuild, CodePipeline, and CodeDeploy to automate an entire continuous delivery pipeline on AWS.
DockerCon SF 2015: Faster, Cheaper, SaferDocker, Inc.
This document discusses how Docker can help organizations achieve faster, cheaper, and safer development and operations. It outlines how Docker enables microservices architectures and continuous delivery for faster development. Using Docker allows consolidating resources for cheaper and more efficient infrastructure. Following security best practices like immutable deployments and role-based access helps ensure safer applications. The document provides examples of how different types of workloads can benefit from Docker in production environments.
DevOps Workshop, DevOps for DoD ProfessionalsTonex
DevOps and DevSecOps are organizational software engineering culture and best practices, aiming to unify software development (Dev), security (Sec) and operations (Ops).
The main feature and goal is to automate, monitor and apply security at all stages of the software life cycle: planning, development, construction, testing, release, delivery, deployment, operation and monitoring.
DoD’s legacy software acquisition and development practices and processes don't provide the agility to deploy new software “at the speed of operations”.
In addition, security is usually an afterthought, not inbuilt from the start of the lifecycle of the appliance and underlying infrastructure. DevOps and DevSecOps are the industry best practice for rapid, secure software development.
With the increasing demand for security development, testing, and deployment of IT professionals to improve business efficiency, DevOps has become a software development process that emphasizes communication and collaboration between products, software developers, and operations professionals .
Tonex Offers DevOps Training Workshop, DevOps for DoD Professionals
The DevOps workshop, The DevOps professional training workshop for DoD professionals will assist you master the art and science knowledge to enhance the event and operation activities of the whole DoD team.
Participants will use configuration management tools such as Puppet, SaltStack, and Ansible to build expertise in continuous deployment. The DoD enterprises DevOps and DevSecOps of the Department of Defense (DoD) focus on DOD needs DevOps to accelerate IT service delivery.
Participants will improve their knowledge and skills in the DevOps field through comprehensive courses covering DevOps, Git and GitHub, Jenkins' CI/CD, configuration management, Docker, Kubernetes and many other concepts.
Training Objectives
Learn how to build DevOps skills to meet team needs
Increase knowledge and skills in DevOps methodology
Use continuous integration and continuous delivery (CI/CD) to improve the productivity to gain a competitive advantage
Build and deepen knowledge about configuration management and containerization
Gain knowledge of Github, Chef, Jenkins, ChefSpec, Inspec, Test Kitchen, Groovy, Maven and JFrog Artifactory
Become skilled at cloud, source code control, deployment automation and DevOps on cloud platforms
Course Outline:
Introduction to DevOps
DoD DevOps Conceptual Model
DoD DevOps Ecosystem
DevOps Tools and Activities
DevOps Implementation
Overview of DevOps and DevSecOps Product Stack
Audience:
Engineers
Program and Project Managers
Developers
Application Team
Software Engineers, Managers and Directors
IT Executives
Operations Managers
QA and Test Engineers and Managers
Project Managers
Release and Configuration Managers
Scrum Masters
Learn More:
https://www.tonex.com/training-courses/devops-workshop-devops-for-dod/
Why DevSecOps Is Necessary For Your SDLC Pipeline?Enov8
DevSecOps environment allows integration of automated security checks within your SDLC pipeline to deliver early warnings and monitor escaped security vulnerabilities consistently.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
More Related Content
Similar to AddingtheSecToDevOpsBSides (1).pptx for Bsides Nairobi 22 with Joylynn Kirui
Top 5 DevSecOps Tools- You Need to Know AboutDev Software
The increased efficiency brought about by DevSecOps Tools can be attributed to its ability to streamline processes across all three groups involved: development, operations and security teams. For example, if there's an issue with your application's code or infrastructure configuration that needs fixing before it goes live on production servers (i.e., somewhere where users could see it), this process will now happen much faster because everyone involved has access to all relevant information at once instead of having separate conversations between each individual group member who might not know what another person knows about a particular problem area within their respective domains
DevSecOps Best Practices-Safeguarding Your Digital Landscapestevecooper930744
DevSecOps best practices help us to understand the culture and mindset, security, measuring and collecting data, training on secure coding, and security automation.
10 Reasons Your Software Sucks 2014 - Tax Day Edition!Caleb Jenkins
Based on years of consulting, and working with some of the largest (and smallest) software companies in the world.. these are the 10 practices that if you started doing today, would drastically improve the quality and delivery of your software! Also, be sure to hang around afterwards in the Open Spaces area.. Caleb will be around to discuss any of the areas from his talk in more detail. It’s going to be great time!
Topics hit on: Object Oriented Principals, SOLID Coding, Security Concerns, Software Patterns, Automated Testing, Source Control - Branching and Merging Strategies, Continuous Integration, Agile | Scrum | XP | Lean, Team Dynamics, Continually Learning
Introduction to DevOps in Cloud Computing.pptxLAKSHMIS553566
a collaborative approach to make the Application Development team and the IT Operations team of an organization to seamlessly work with better communication.
This was presented by Eric Tan, Solutions Engineer, Docker
at the Docker Tech Workshop, Singapore on 26th April 2018.
It covers -
Overview of CI/CD
CI / CD Workflow
Enterprise CI / CD with Docker
DevOps is a culture that promotes collaboration between Development and Operations Team to deploy code to production faster in an automated & repeatable way. The word 'DevOps' is a combination of two words 'development' and 'operations.'
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfMobibizIndia1
DevSecOps is a development methodology that combines security measures at every stage of the software development lifecycle in order to provide reliable and secure systems. DevSecOps, in general, increases the benefits of a DevOps service.
DevOps security (DevSecOps) is an extension of DevOps that integrates security practices into the software development lifecycle. It addresses challenges like securing privileged credentials and tools used in DevOps environments. DevSecOps works by implementing security policies as code, separating duties between developers and security teams, and integrating security checks into continuous integration/delivery pipelines. Automating security mechanisms and taking a proactive security approach are also important for DevSecOps.
All organizations want to go faster and decrease friction in delivering software. The problem is that InfoSec has historically slowed this down or worse. But, with the rise of CD pipelines and new devsecops tooling, there is an opportunity to reverse this trend and move Security from being a blocker to being an enabler.
This talk will discuss hallmarks of doing security in a software delivery pipeline with an emphasis on being pragmatic. At each phase of the delivery pipeline, you will be armed with philosophy, questions, and tools that will get security up-to-speed with your software delivery cadence.
From DeliveryConf 2020
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Using Modern Tools and Technologies to Improve Your Software ArchitectureEran Stiller
This document discusses modern software architecture approaches and tools. It provides examples of how CodeValue has used microservices, serverless computing, and containers to architect solutions for clients. Specific technologies highlighted include Azure Functions, Docker, Kubernetes, and Service Fabric. The talks cover topics like breaking monoliths into microservices, mobile/web architecture, and using cloud-native approaches to future-proof applications.
This document discusses continuous delivery on AWS. It begins by explaining why software development processes need to move fast in today's environment. It then discusses the benefits of continuous integration, delivery, and deployment. The rest of the document dives into specific AWS tools that can help with each part of the software development lifecycle from hosting code and building/testing to deploying applications. It provides examples of how to use AWS CodeCommit, CodeBuild, CodePipeline, and CodeDeploy to automate an entire continuous delivery pipeline on AWS.
DockerCon SF 2015: Faster, Cheaper, SaferDocker, Inc.
This document discusses how Docker can help organizations achieve faster, cheaper, and safer development and operations. It outlines how Docker enables microservices architectures and continuous delivery for faster development. Using Docker allows consolidating resources for cheaper and more efficient infrastructure. Following security best practices like immutable deployments and role-based access helps ensure safer applications. The document provides examples of how different types of workloads can benefit from Docker in production environments.
DevOps Workshop, DevOps for DoD ProfessionalsTonex
DevOps and DevSecOps are organizational software engineering culture and best practices, aiming to unify software development (Dev), security (Sec) and operations (Ops).
The main feature and goal is to automate, monitor and apply security at all stages of the software life cycle: planning, development, construction, testing, release, delivery, deployment, operation and monitoring.
DoD’s legacy software acquisition and development practices and processes don't provide the agility to deploy new software “at the speed of operations”.
In addition, security is usually an afterthought, not inbuilt from the start of the lifecycle of the appliance and underlying infrastructure. DevOps and DevSecOps are the industry best practice for rapid, secure software development.
With the increasing demand for security development, testing, and deployment of IT professionals to improve business efficiency, DevOps has become a software development process that emphasizes communication and collaboration between products, software developers, and operations professionals .
Tonex Offers DevOps Training Workshop, DevOps for DoD Professionals
The DevOps workshop, The DevOps professional training workshop for DoD professionals will assist you master the art and science knowledge to enhance the event and operation activities of the whole DoD team.
Participants will use configuration management tools such as Puppet, SaltStack, and Ansible to build expertise in continuous deployment. The DoD enterprises DevOps and DevSecOps of the Department of Defense (DoD) focus on DOD needs DevOps to accelerate IT service delivery.
Participants will improve their knowledge and skills in the DevOps field through comprehensive courses covering DevOps, Git and GitHub, Jenkins' CI/CD, configuration management, Docker, Kubernetes and many other concepts.
Training Objectives
Learn how to build DevOps skills to meet team needs
Increase knowledge and skills in DevOps methodology
Use continuous integration and continuous delivery (CI/CD) to improve the productivity to gain a competitive advantage
Build and deepen knowledge about configuration management and containerization
Gain knowledge of Github, Chef, Jenkins, ChefSpec, Inspec, Test Kitchen, Groovy, Maven and JFrog Artifactory
Become skilled at cloud, source code control, deployment automation and DevOps on cloud platforms
Course Outline:
Introduction to DevOps
DoD DevOps Conceptual Model
DoD DevOps Ecosystem
DevOps Tools and Activities
DevOps Implementation
Overview of DevOps and DevSecOps Product Stack
Audience:
Engineers
Program and Project Managers
Developers
Application Team
Software Engineers, Managers and Directors
IT Executives
Operations Managers
QA and Test Engineers and Managers
Project Managers
Release and Configuration Managers
Scrum Masters
Learn More:
https://www.tonex.com/training-courses/devops-workshop-devops-for-dod/
Why DevSecOps Is Necessary For Your SDLC Pipeline?Enov8
DevSecOps environment allows integration of automated security checks within your SDLC pipeline to deliver early warnings and monitor escaped security vulnerabilities consistently.
Similar to AddingtheSecToDevOpsBSides (1).pptx for Bsides Nairobi 22 with Joylynn Kirui (20)
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Tatiana Kojar
Skybuffer AI, built on the robust SAP Business Technology Platform (SAP BTP), is the latest and most advanced version of our AI development, reaffirming our commitment to delivering top-tier AI solutions. Skybuffer AI harnesses all the innovative capabilities of the SAP BTP in the AI domain, from Conversational AI to cutting-edge Generative AI and Retrieval-Augmented Generation (RAG). It also helps SAP customers safeguard their investments into SAP Conversational AI and ensure a seamless, one-click transition to SAP Business AI.
With Skybuffer AI, various AI models can be integrated into a single communication channel such as Microsoft Teams. This integration empowers business users with insights drawn from SAP backend systems, enterprise documents, and the expansive knowledge of Generative AI. And the best part of it is that it is all managed through our intuitive no-code Action Server interface, requiring no extensive coding knowledge and making the advanced AI accessible to more users.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
2. Securing software development 2
What do we mean by Devops
DevOps Definition
(Development +
Operations)
DevOps is the union of people,
processes, and technology to
deliver continuous value to
users.
4. Securing software development 4
Threat landscape is changing
Breach
Vulnerable developer secrets
Vulnerable supply chain
Electronic Arts
Breach
Vulnerable Applications
Vulnerable ID Verification
5. Securing software development 5
What do we mean
by DevSecOps?
Application
PLAN DEVELOP
OPERATE DELIVER
DevOps Definition
(Development + Operations)
DevOps is the union of people,
processes, and technology to
deliver continuous value to
users.
DevSecOps Definition
(Development + Security + Operations)
DevSecOps is an evolution in the way
development organizations approach
security by introducing a security-first
mindset culture, and automating
security into every phase of the
software development lifecycle from
design to delivery.
6. Securing software development 6
The benefits of DevSecOps
MORE SECURE CODE, SHIPPED AT THE SAME SPEED
Reduce
remediation time
by shifting
security left
Integrate with
and secure your
existing
toolchains
Quickly identify new
threat vectors
7. Securing software development 7
Barriers to DevSecOps adoption
WHY IS DEVSECOPS HARDER TO ADOPT THAN DEVOPS
Organization and
team gaps
Skill and
knowledge gaps
Solutions aren't
built for
developers
8. Securing software development 8
Importance of
shifting security left
80
%
reduction in security
incidents by extending
security to development²
60x
Security cost to fix a security
defect in production versus in
development1
62
%
of enterprises do not
integrate security in the
development phase³
1https://www.gartner.com/doc/reprints?id=1-265CMWW4&ct=210527&st=sb
2https://www.gartner.com/smarterwithgartner/is-the-cloud-secure/
³Sources: McKinsey Developer Velocity, Microsoft Enterprise DevOps Report, GitHub Octoverse Report 2020
9. Securing software development 9
Three themes for successfully
securing the developer workflow
EMBEDDED SECURITY IN THE DEVELOPER WORKFLOW
Developer –
First Tooling
Native and
built-in
security
capabilities
Automation
10. Securing software development 10
How security fits in the development lifecycle
EMBEDDED SECURITY IN THE DEVELOPER WORKFLOW
PRE-COMMIT
• Threat modeling
• IDE security plug-in
• Pre-commit hooks
• Secure coding
standards
• Peer review
OPERATE &
MONITOR
• Continuous
monitoring
• Threat intelligence
• Blameless post-
mortems
COMMIT (CI)
• Static code analysis
• Security unit tests
• Dependency
management
• Credential scanning
DEPLOY (CD)
• Infra as code (IaC)
• Dynamic security scanning
• Cloud configuration
checks
• Security acceptance tests
11. Securing software development 11
Secure the DevOps Pipelines
SECURE THE DEVELOPMENT ENVIRONMENT - INFRASTRUCTURE
BE ABLE TO PRODUCE VERIFIABLE AND REPRODUCIBLE BUILDS
Compilers
Sign properly with
validated signatures
Builds
Produce verifiable
build manifests—
describing sources,
cryptographic
hashes of
binaries/artifacts and
full build parameters
Build Machines &
Infrastructure
Make highly restricted
with least privileged
access applied and with
ephemeral build agents
DevOps Services
Build and release infra
use isolated managed
identities and sensitive
tenant profiles for
isolation
Compilers &
User Processes
Execute in isolation
or locked down
environments
Software on
Build Machines
Sign properly with
validated signatures
PREVENT THESE TYPES OF ATTACKS:
• Compromised compilers and build machines
• Compromised dependencies
12. Securing software development 12
Harden Pipeline Access
SECURE THE DEVELOPMENT ENVIRONMENT – ACCESS MANAGEMENT
ENSURE CODE-TO-CLOUD PIPELINE IS SECURE
Create organization
device policies – AAD
+ Device policies - to
secure development
machines
Make sure all
operations adhere
to least privileged
principles
Regularly scan for
identity access
management to ensure
least-privileged access
management policies
Use multi-factor
authentication and dual
key/JIT approval for
privileged operations and
human-induced pushes
Enable endpoint
protection for
all workstations
and allow only
registered devices
Inject identity
early into the
automation pipeline
PREVENT THESE TYPES OF ATTACKS:
• Compromised credentials
• Malicious insiders
Today, we’re going to talk about devsecops and the difference between devops and devsecops in terms of adding security to software rollouts and infrastructure.As Tech permeates most if not all aspects of society it becomes important for the people building software as ourselves to take into account the security aspect of it all.The world now has a really large threat landscape offered to malicious actors.
Ellan - Devops as a culture has quickly risen to be a go to methodology for companies who want to stay ahead where the connection between devs and IT ops is paramount for an organization from building a product to roll out and support.
Problem with DevOps ---
Ellan - Use this picture to show the complexity of devops leading to security issues
Problem with DevOps
Set flow to introduce DevSecOps
Ellan - With this threat landscape changing, we’ve already seen two examples of modern attack vectors; CodeCov and Electronic Arts.
In CodeCov’s case, an attacker targeted their developer workflow and software supply chain. The attacker was able to not only gain access to their Google Cloud Storage account but also to upload a new image into thousands of builds that scanned their software supply chain, extracting even more secrets and widening the breach.
Another example is EA which recently had source code from one of their games stolen due to stolen cookies that contained Slack login information. They didn’t have the secret or identity protections needed and these vulnerabilities became an easy target.
There’s also a recent supply chain security example known as the log4j vulnerability, which has impacted more than 35k+ different java artifacts. The vulnerability, which comes from a popular logging tool in the biggest Java library – the Maven Central Repository - allows an attacker to perform remote code execution by exploiting the insecure JNDI lookups feature exposed by the logging library log4j. This exploitable feature was enabled by default in many versions of the library, allowing this attack to spread to many affected parties all at once.
But, this is not just an issue for enterprises…
-///Running modern applications on the cloud—which are exposed as APIs, designed as microservices, packaged with containers, and deployed with Kubernetes—introduces new dimensions of risk. Microservices open many perimeters (for many services), have a flexible flow and are constantly/rapidly deployed, which make it even more challenging to address security issues associated with them.as tech pwe see that the threat landscape has increased tremendously ,a while ago only a few devices were at risk.Tech incorporation to our cars,houses even Industrial control centers ,malicious actors now are able to cause massive damage as witnessed in e.g //EA ,CodeCovs cars example **Choose 2 after session
Joylynn - You may be familiar with how DevOps practices and collaboration between developer and operations teams led to faster software delivery. DevOps combines people, processes, and technology to deliver continuous value to users.
DevSecOps is the evolution of DevOps where the company takes on a security-first mindset — putting security into every phase of the development lifecycle, from design to delivery.
When implemented successfully, companies gain both the speed of DevOps development practices and the holistic security and peace of mind that comes with DevSecOps.
even with DevOps, the aspect of security remained unresolved. While you could improve the speed of deployment without compromising the reliability of the software using DevOps, the software development ended up either being slowed down due to security practices (which are implemented toward the end of the delivery pipeline) or having vulnerabilities that often leak into the production environment. DevOps could help patch these vulnerabilities quickly, but the ideal solution would have been to make the code secure without compromising the speed of delivery.
Joylynn - However, organizations that adopt DevSecOps unlock the ability to ship code at the same speed, securely.
Specifically, DevSecOps helps organizations:
Shift their security left to occur at more critical points throughout the development lifecycle, aiding to lower vulnerability remediation time.
It also helps organizations to form a seamless workflow by integrating into existing toolchains.
More so, this aids organizations to continually identify new threat vectors.
Joylynn - DevSecOps presents barriers and inefficiencies for developers that we don't find with DevOps.
These include:
Organization and team gaps: Some organizations have security-specific teams who own all of security. This siloes DevOps and SecOps teams and leads to a fragmented security culture.
Skill and knowledge gaps: When DevOps and Developer teams don’t see security as part of their responsibly, the skill base stays solely within the SecOps team.
Third, solutions are not being built for developers, leading to issues like false positives .
False positives are high because the tools live with security teams rather than developers. Since security teams are more likely to scan repositories than developers, they may only run them once a quarter, causing them to be higher than the rate would be if these tools lived with developers.
Another issue is that we also see misaligned expectations. In DevOps, having a 30% failure rate on Unit Tests is considered very bad. However, in security, having a 30% failure rate is actually good. While you are always dealing with a trade-off between false positives and false negatives, security prefers no false negatives and more false positives. However, a developer doesn't want any false positives and doesn't care as much about false negatives.
Joylynn - To safeguard the developer cloud against these new threat types, the answer is to shift security left and leverage cloud-native security.
Shifting left helps enterprises find and remediate vulnerabilities earlier and across their development lifecycle.
Enterprises that extend security to development reduce security incidents by 80%.
And it’s not just a reduction in events, there is also a financial component. It costs 60 times more to fix a security defect in production than in development.
Blending security and development together within the development workflow remains a challenge for many enterprises.
While more enterprises are starting their transforms, there are 62% of enterprises that have yet to integrate security into the development phase.
Now, how do we start shifting security left and moving to cloud-native environments?
Joylynn - To successfully implement DevSecOps, there are three themes that need to be considered:
The first is making sure to provide developer-first tooling that empowers developers to be more cognizant of the security impacts of the code they’ve created.
The second is to remove any friction for developers, by providing data and built-in automated security capabilities natively-integrated into their workflow.
The third is to apply automation to all of these different checks and within the developers’ workflows on their day-to-day. So instead of coming up with a huge list of vulnerabilities that need to be fixed, developers are constantly being guided in the right direction through continuous security feedback.
Now, let's talk about how we can realize these themes within the developer workflow:
Each stage of the development lifecycle has unique security components, that when used together help prevent threats at all critical junctions.
For pre-commit: It’s important to start with a focus on threat modeling and understanding the threat landscape, to grasp the overall risk of what you are looking to bring to execution in code. Employ a range of IDEs, security, plugins, and pre-commit hooks to make sure that the code you’re generating adheres to the security standards. This step also helps ensure there are no vulnerabilities created unintentionally. Don’t forget to hold peer reviews to align different teams about the security risks and code that they recently introduced into the code-base.
When it comes to the commit stage: It’s time to start taking on more extensive security methods to review the code, including static code analysis. Security unit tests may involve running scanners or performing manual tests on running code. In this stage, remember to review dependency management and the overall dependency tree for inherited vulnerabilities. After this is complete, you can check for credentials that may have been inadvertently introduced into the code-base. This is called credential scanning but may also be known as secret scanning or token scanning.In the deploy stage: We look at the overall health of the code-base and, in addition to the items checked in the commit stage (which can be repeated in the deploy stage), we also look at the infrastructure-as-code (IAC) segments, which are necessary for identifying abstracted layers of infrastructure. In Deploy, you also need to examine the high-level security risks, cloud configuration checks, and security acceptance tests to make sure everything is in line with the expectations and organizational security goals.
Once code is being deployed: Now it’s a matter of operating and monitoring through continuous monitoring and additional threat intelligence, which not only helps visualize results; it also covers the overall dependency vulnerabilities that may be inherited over time. Make sure to hold additional post-mortems, so your teams take away lessons learned, and to continue iterating as you move through the development lifecycle.
Run Static and Dynamic Tests:
Another aspect of securing the developer workflow is through assessing our own created code. One of the ways to check our code is with Static and Dynamic analysis. It’s best to use a combination of these techniques to make sure that the findings are prioritized in the right way.
Let’s look at the techniques:
Static analysis: Examines the code-base and finds potential vulnerabilities that may be present in the code being created.
Dynamic analysis: Reviews running code and runs simulated attacks on the code-base itself.
Both techniques use automation, so inspect automated security reviews in different stages of the code as you move through the milestones of a project.
Running one of these methods will provide a good view of the security levels of the project before deployment. But running multiple techniques throughout the life cycle yields the best results as it provides full visibility of the code and potential effects. If followed correctly, these practices will help your business defend and remediate common technical application security attacks.
sast in
1.Code use codesonar
2.building use tainted data analysis in build to detect code injection
Check for Hard-Coded Secrets:
Secret scanning is another component that needs to be secured within the developer workflow. Specifically, secret scanning looks at secrets (also known as “credentials” or “tokens”) that can be hard-coded into the code.
While this process can be lengthy if done manually, you can easily enable automation to help you:
Prevent secrets leaving development machines with push protection
While detecting previously leaked secrets by scanning full git history
And you can even resolve issues faster with automated resolution (e.g., revoking found credentials)
Secret scanning helps any organization fend off attacks like:
Privilege escalation by internal actors due to leaked credentials in private repos
And infrastructure compromise due to leaked credentials in public repos
//tools such as Microsoft threat modelling tools,git-secrets,goSDL,pytm,Threagle
Ellan - DevOps Pipelines are another important consideration when securing the development environment.
To ensure your organization is producing verifiable and reproducible builds you’ll need to adjust security at every point from compilers to build machines. Let’s take a look at each step in more detail:
Compilers
Confirm that each compiler signs properly with validated signatures.
Builds
Produce verifiable build manifests—describing sources, cryptographic hashes of binaries/artifacts and full build parameters.
Build Machines and Infrastructure
Make these highly restricted with least privileged access applied and with ephemeral build agents.
DevOps Services
Build and release infrastructure uses isolated managed identities and sensitive tenant profiles for isolation.
Compilers and User Processes
Execute in isolation or locked down environments.
Software on Build Machines
Sign properly with validated signatures.
Practices like these secure your organization from threats like:
Compromised compilers and build machines (Electronic Extreme – video game company, is an example of this type of breach)
Compromised dependencies (An example is the Copay application attack)
--
Notes:
Compromised compilers (more examples from the first attack type)
Link 1 : https://faun.pub/zombie-infestation-software-developer-tools-the-ms-visual-studio-attack-7fc8cd257eb9
Link 2 : https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain/
Compromised build machines (more examples from the first attack type)
Link 1 : https://www.wired.com/story/inside-the-unnerving-supply-chain-attack-that-corrupted-ccleaner/
Compromised dependencies (more examples from the second attack type)
Malicious dependency – event-stream attack: https://blog.npmjs.org/post/180565383195/details-about-the-event-stream-incident
Joylynn - In order to ensure the code-to-cloud pipeline is secure, organizations need to do the following:
Create AAD and device polices that will secure development machines. For example, if a device gets lost, wipe the device.
Ensure all operations adhere to least-privileged principles. A privileged operation means granting more privileged access, adding a user, changing build / deployment steps, etc.
Run regular Identity Access Management scans that enforce least privileged access policies
Use multi-factor authentication and dual key/IT approval for privileged operations and human-induced pushes, like CI/CD. Dual key addresses credential loss and malicious insiders, which is critical to use.
Enable endpoint protection: Imagine if a developer’s laptop was affected by ransomware… To protect these endpoints, deploy an endpoint protection platform, including next-generation antivirus (NGAV) to protect against unknown and zero-day malware, behavioral analysis to identify anomalous activity on an endpoint, and vulnerability scanning.
And lastly, inject identity early in the automation pipeline: Injecting identity as early as possible into automation pipelines is a key step to minimizing the exposure of sensitive accounts and credentials. This way, your DevOps team can remove static credentials from code, replacing them with just-in-time credentials that help to reduce the threat surface and enterprise-wide risk.
Fortifying identity controls like this helps protect against attacks like:
Compromised credentials (2018 eslint incident is a good example of this type of attack)
Malicious insiders
--
Leaked credential example: Malicious maintainer - ESLint-Scope attack: https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes
// https://francescodeliva.medium.com/devsecops-with-github-f8b9d07702c3
Thank you for this opportunity to share with you how DevSecOps can accelerate and transform your business.