SlideShare a Scribd company logo

Devsec ops

Download as PPTX, PDF
V
VipinYadav257

DevSecOps is an approach that implements security practices throughout the development lifecycle from design to deployment. It aims to address security vulnerabilities early on. Key aspects include integrating security testing into continuous integration/delivery pipelines, implementing automation, and ensuring collaboration between developers, security teams, and operations from the beginning. Benefits include enhanced collaboration, increased speed and agility, and better quality control and threat detection. Limitations include reliance on open communication and acceptance across teams as well as some security tools not being compatible with continuous integration approaches.

1 of 20
DEVSECOPS PRESENTED BY: VIPIN ROLL NO. 200011029019 MCA 2ND SEM SUBMITTED TO: MR. SUDHIR (ASSISTANT PROFESSOR)
CONTENTS • INTRODUCTION • WHY WE NEED DEVSECOPS • HOW DOES IT WORK • IMPORTANCE OF DEVSECOPS • DEVSECOPS PRACTICES • PROS OF DEVSECOPS • CONS OF DEVSECOPS • LIMITATION OF DEVSECOPS
INTRODUCTION ● DevSecOps stands for development, security, and operations. It is about implementing the security right from the initial stage of the application development until the final product delivery. ● Its purpose is to ensure that every security breach is addressed and vulnerabilities are reduced. During the process, everybody is accountable for the security and actions from the developer to the operation department. Whereas in the traditional practice, security was the least concern of each department.
● Every organization that has DevOps should shift its gears towards the DevSecOps to get a higher level of proficiency and more secure application development experience. Instead of rushing at the last moment of a hazardous situation, DevSecOps ensures security at each level of development.
WHY WE NEED DEVSECOPS? • Every day we come up with the news of data breaching and hacking. Is there any loophole in the application development ? don’t we have any established laws against these breachers ? answer to these questions is a big yes. • A security breach can results in loss of billions, even trillions of personal records, confidential information, and overall effects on the business. The traditional methodology for development is outdated in this tech-savy world. • Today, where countless applications are created and uploaded on the webstore, a security breach is a prime concern for businesses and application developers. To cope with this critical security crises, devsecops is the savior.
EXAMPLE OF DATA BREACH AADHAAR DATA BREACH : • Date: march 2018 • Impact: 1.1 billion people • In march of 2018, it became public that the personal information of more than a billion indian citizens stored in the world’s largest biometric database could be bought online. • This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. • The type of information exposed included the photographs, thumbprints, retina scans and other identifying details of nearly every indian citizen.
HOW DOES IT WORK? • In the first step, a code is created in the version control management system by a developer. • All changes are seen and done in the same system, • After that, another developer takes the code from the same system, analyzes it, and identifies bugs or security breach in the code, • Once the developer rectify the error, the environment is created using infrastructure as the tool,
• Next step is the deployment of the application, here test data automation is carried out including security test, UI, integration & API, • Once the application clears these test, it is suitable for the production step, • Even under the production environment, continuously monitoring is done to identify and rectify security threats.
IMPORTANCE OF DEVSECOPS • The last decade was very crucial and progressive for the IT industry as it has witnessed substantial growth in the terms of cloud computing, storage, and new applications. however, with the entry of DevOps, the speed and functionality took the industry to the next level of success. • but the only concern of DevOps was its security inefficiency. due to this reason, DevSecOps is welcomed warmly. it caters to the need for speed, functionality, security, and scale under a single umbrella.
SOME OF DEVSECOPS PRACTICES With the implementation of DevSecOps, the resources will be utilized in a better and efficient way. Here are some practices that help in operating things in a smooth way:
• 1. SAFE AND SECURE CODING: • It is very important and necessary to practice safe and secure software development to cut down the high risk of vulnerabilities. Unsecure coding is a threat to the breach of confidential information. Hire the service of a highly experienced and skilled developer to avoid high risk. • 2. IMPLEMENT AUTOMATION: • Automation is the key factor for the secure and safe development of an application. Embed the automation with continuous integration and deployment environment to match the speed of your security with the process. It becomes necessary for a larger organization where varied versions of code are pushed in the production environment for multiple times.
• 3. IMPLEMENTATION FROM THE BEGINNING: • Implement security from the first stage of application development. Till now, we have understood why it is necessary to implement a security check from the beginning. This practice may take time, but in the long run, it is handy and safest way for risk-free application development. • 4. PEOPLE + TECHNOLOGY + PROCESS = RISK FREE • The major role for the success of DevSecOps is played by the perfect trio of people, technology, and process. Convincing people about the shift from traditional methods to DevSecOps may need lots of effort, but the result will be worth of those efforts made by you. Just after convincing people, frame a common process to strengthen the security aim. After the merger of people and process, next comes is technology. With practices like automated compliance scan, confirmation management, host hardening, and others devsecops, the aim for the secured and safe application is not far.
PROS OF DEVSECOPS • While there’s no full guarantee that a software product will be free from all possible malicious attacks, DevSecOps can ensure that an application is pretty stable and less vulnerable, upon release or off the shelf. This new approach to software creation is beneficial due to the following reasons: • 1. ENHANCES COLLABORATION AND COMMUNICATION BETWEEN ALL TEAMS • The DevSecOps method encourages IT professionals with different skills to collaborate and work together to achieve one goal. Team integration is one of the main objectives of DevSecOps. • 2. INCREASES THE SPEED AND AGILITY OF DEVELOPMENT TEAMS • The nature of this approach pushes DevSecOps team members to react fast, as well as review and correct vulnerabilities and other software problems as the development process is ongoing. • 3. PROMOTES BETTER QUALITY CONTROL AND THREAT DETECTION • While the DevOps team may consider the security team as a cause of delay, this should not be the case. Problems are identified and corrected immediately before
CONS OF DEVSECOPS • 1. WON’T WORK WITHOUT OPEN COMMUNICATION • For DevSecOps to work properly, communication and collaboration of key teams from the security, software development, and IT departments must be established. If any of these teams keeps important information from each other, it may not work as intended. • 2. SHOULD BE ACCEPTED BY EVERYONE • Not all employees are keen on accepting non-traditional working arrangements. Some live by the mantra, “if it ain’t broke, don’t fix it.” It can be difficult to ditch the old ways of doing things and choose new working methods. Employees with this mindset may be hard to convince about the importance of DevSecOps. Additionally, they need time and few success stories to accept the new workflow. • 3. MAY NOT BE THE MANAGEMENT’S MAIN PRIORITY • Not all executives in a software development agency view security as a priority. As such, a company executive may not be accepting of the proposed changes drafted by a DevSecOps consultant or manager. As such, the company may revert to putting
LIMITATIONS OF DEVSECOPS • As a new approach integrated in the DevSecOps, applications are quite limited at this stage. For instance, it can’t be applied to the following: • DevSecOps don’t work with web application firewalls (WAF) because wafs function by monitoring real user requests. The latter is only applicable in production environments and can’t resolve issues. • DevSecOps are fully reliant on automation. This renders manual penetration testing tools, useless as they can’t be used in DevSecOps. • Simple web vulnerability scanners aren’t meant to work with continuous integration (ci) and continuous delivery (cd) tools. Thus, it follows that it can’t work with security vulnerability assessment under DevSecOps, too.
• • THANK YOU

Recommended

Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
centralohioissa
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
The Teams Behind DevSecOps
The Teams Behind DevSecOps The Teams Behind DevSecOps
The Teams Behind DevSecOps
Uleska
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
Michael Scovetta
 

Recommended

Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
Timothy Wright & Stephen Halwes - Finding the Needle in the Hardware – Identi...
centralohioissa
 
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
Kevin Glavin - Continuous Integration, Continuous Delivery, and Deployment (C...
centralohioissa
 
Preventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from CodePreventing Code Leaks & Other Critical Security Risks from Code
Preventing Code Leaks & Other Critical Security Risks from Code
DevOps.com
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
The Teams Behind DevSecOps
The Teams Behind DevSecOps The Teams Behind DevSecOps
The Teams Behind DevSecOps
Uleska
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Sam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload SecuritySam Herath - Six Critical Criteria for Cloud Workload Security
Sam Herath - Six Critical Criteria for Cloud Workload Security
centralohioissa
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
Michael Scovetta
 
Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
MarcoTechnologies
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Cloud Native Day Tel Aviv
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
Cyber Security Alliance
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factory
scoopnewsgroup
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
Stefan Streichsbier
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
Stefan Streichsbier
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech Contracts
Black Duck by Synopsys
 
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Black Duck by Synopsys
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingCipherCloud
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
Codefresh
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Denim Group
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
Adrian Sanabria
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Black Duck by Synopsys
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
Black Duck by Synopsys
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Black Duck by Synopsys
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 
Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?
Enov8
 

More Related Content

What's hot

Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
MarcoTechnologies
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended CutMike Spaulding
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Cloud Native Day Tel Aviv
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
Cyber Security Alliance
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factory
scoopnewsgroup
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
Stefan Streichsbier
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
Stefan Streichsbier
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
Stefan Streichsbier
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech Contracts
Black Duck by Synopsys
 
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Black Duck by Synopsys
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingCipherCloud
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
Codefresh
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Denim Group
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
Adrian Sanabria
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Black Duck by Synopsys
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
Black Duck by Synopsys
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Black Duck by Synopsys
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
Tim Mackey
 

What's hot (20)

Stay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check PointStay One Step Ahead of Cyber Threats - Check Point
Stay One Step Ahead of Cyber Threats - Check Point
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
Why cloud native envs deserve better security - Dima Stopel, Twistlock - Clou...
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
 
DevSecOps: The DoD Software Factory
DevSecOps: The DoD Software FactoryDevSecOps: The DoD Software Factory
DevSecOps: The DoD Software Factory
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
 
The Future of DevSecOps
The Future of DevSecOpsThe Future of DevSecOps
The Future of DevSecOps
 
State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019State of DevSecOps - DevSecOpsDays 2019
State of DevSecOps - DevSecOpsDays 2019
 
Buyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech ContractsBuyer and Seller Perspectives on Open Source in Tech Contracts
Buyer and Seller Perspectives on Open Source in Tech Contracts
 
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
Open Source Insight: Black Duck Announces OpsSight for DevOps Open Source Sec...
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOps
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File Sharing
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
 
Security Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationSecurity Champions: Pushing Security Expertise to the Edges of Your Organization
Security Champions: Pushing Security Expertise to the Edges of Your Organization
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
Leveraging Black Duck Hub to Maximize Focus - Entersekt’s Approach to Empower...
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
Open Source Insight: Container Tech, Data Centre Security & 2018's Biggest Se...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Secure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous deliverySecure application deployment in the age of continuous delivery
Secure application deployment in the age of continuous delivery
 

Similar to Devsec ops

Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
Nadira Bajrei
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?
Enov8
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
Techugo
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
Techugo
 
DevOps and Devsecops.pdf
DevOps and Devsecops.pdfDevOps and Devsecops.pdf
DevOps and Devsecops.pdf
Techugo
 
Enterprise Devsecops
Enterprise DevsecopsEnterprise Devsecops
Enterprise Devsecops
Enov8
 
What is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxWhat is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptx
ShantanuApurva1
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
Turja Narayan Chaudhuri
 
DevSecOps Security: Is it Necessary?
DevSecOps Security: Is it Necessary?DevSecOps Security: Is it Necessary?
DevSecOps Security: Is it Necessary?
Enov8
 
_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdf_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdf
Enov8
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
MobibizIndia1
 
The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOps
Dev Software
 
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
Turja Narayan Chaudhuri
 
DevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdfDevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdf
Techugo
 
DevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLCDevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLC
Dev Software
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
DevOps Indonesia
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
Xavor Corporation - Redefining Health Technology
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
Xavor Corporation - Redefining Health Technology
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
Enov8
 

Similar to Devsec ops (20)

Dev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien HarisenDev secops indonesia-devsecops as a service-Amien Harisen
Dev secops indonesia-devsecops as a service-Amien Harisen
 
Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?Why is The IT industry moving towards a DevSecOps approach?
Why is The IT industry moving towards a DevSecOps approach?
 
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
 
DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.DevOps and Devsecops- What are the Differences.
DevOps and Devsecops- What are the Differences.
 
DevOps and Devsecops.pdf
DevOps and Devsecops.pdfDevOps and Devsecops.pdf
DevOps and Devsecops.pdf
 
Enterprise Devsecops
Enterprise DevsecopsEnterprise Devsecops
Enterprise Devsecops
 
What is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptxWhat is the role of DevSecOps in securing software development.pptx
What is the role of DevSecOps in securing software development.pptx
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
2022 DOI SKILup Days_Your Developers Decide Your Security Posture_Not Your Se...
 
DevSecOps Security: Is it Necessary?
DevSecOps Security: Is it Necessary?DevSecOps Security: Is it Necessary?
DevSecOps Security: Is it Necessary?
 
_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdf_Best practices towards a well-polished DevSecOps environment (1).pdf
_Best practices towards a well-polished DevSecOps environment (1).pdf
 
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdfResolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
Resolving the Security Bottleneck Why DevSecOps is Better compared to DevOps.pdf
 
The Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOpsThe Importance of DevOps Security and the Emergence of DevSecOps
The Importance of DevOps Security and the Emergence of DevSecOps
 
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
DOIS22 Why you need Cloud-agnostic practices to fuel your DevSecOps adoption ...
 
DevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdfDevOps and Devsecops What are the Differences.pdf
DevOps and Devsecops What are the Differences.pdf
 
DevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLCDevSecOps: Integrating Security Into Your SDLC
DevSecOps: Integrating Security Into Your SDLC
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
DevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docxDevSecOps – The Importance of DevOps Security in 2023.docx
DevSecOps – The Importance of DevOps Security in 2023.docx
 
The Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docxThe Importance of DevOps Security in 2023.docx
The Importance of DevOps Security in 2023.docx
 
Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?Why You Should Implement DevSecOps Approach?
Why You Should Implement DevSecOps Approach?
 

Recently uploaded

Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
Aftab Hussain
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 

Recently uploaded (20)

Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeA Study of Variable-Role-based Feature Enrichment in Neural Models of Code
A Study of Variable-Role-based Feature Enrichment in Neural Models of Code
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Vitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdfVitthal Shirke Java Microservices Resume.pdf
Vitthal Shirke Java Microservices Resume.pdf
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 

Devsec ops

  • 1. DEVSECOPS PRESENTED BY: VIPIN ROLL NO. 200011029019 MCA 2ND SEM SUBMITTED TO: MR. SUDHIR (ASSISTANT PROFESSOR)
  • 2. CONTENTS • INTRODUCTION • WHY WE NEED DEVSECOPS • HOW DOES IT WORK • IMPORTANCE OF DEVSECOPS • DEVSECOPS PRACTICES • PROS OF DEVSECOPS • CONS OF DEVSECOPS • LIMITATION OF DEVSECOPS
  • 3. INTRODUCTION ● DevSecOps stands for development, security, and operations. It is about implementing the security right from the initial stage of the application development until the final product delivery. ● Its purpose is to ensure that every security breach is addressed and vulnerabilities are reduced. During the process, everybody is accountable for the security and actions from the developer to the operation department. Whereas in the traditional practice, security was the least concern of each department.
  • 4. ● Every organization that has DevOps should shift its gears towards the DevSecOps to get a higher level of proficiency and more secure application development experience. Instead of rushing at the last moment of a hazardous situation, DevSecOps ensures security at each level of development.
  • 5.
  • 6. WHY WE NEED DEVSECOPS? • Every day we come up with the news of data breaching and hacking. Is there any loophole in the application development ? don’t we have any established laws against these breachers ? answer to these questions is a big yes. • A security breach can results in loss of billions, even trillions of personal records, confidential information, and overall effects on the business. The traditional methodology for development is outdated in this tech-savy world. • Today, where countless applications are created and uploaded on the webstore, a security breach is a prime concern for businesses and application developers. To cope with this critical security crises, devsecops is the savior.
  • 7. EXAMPLE OF DATA BREACH AADHAAR DATA BREACH : • Date: march 2018 • Impact: 1.1 billion people • In march of 2018, it became public that the personal information of more than a billion indian citizens stored in the world’s largest biometric database could be bought online. • This massive data breach was the result of a data leak on a system run by a state-owned utility company. The breach allowed access to private information of aadhaar holders, exposing their names, their unique 12-digit identity numbers, and their bank details. • The type of information exposed included the photographs, thumbprints, retina scans and other identifying details of nearly every indian citizen.
  • 8.
  • 9. HOW DOES IT WORK? • In the first step, a code is created in the version control management system by a developer. • All changes are seen and done in the same system, • After that, another developer takes the code from the same system, analyzes it, and identifies bugs or security breach in the code, • Once the developer rectify the error, the environment is created using infrastructure as the tool,
  • 10. • Next step is the deployment of the application, here test data automation is carried out including security test, UI, integration & API, • Once the application clears these test, it is suitable for the production step, • Even under the production environment, continuously monitoring is done to identify and rectify security threats.
  • 11.
  • 12. IMPORTANCE OF DEVSECOPS • The last decade was very crucial and progressive for the IT industry as it has witnessed substantial growth in the terms of cloud computing, storage, and new applications. however, with the entry of DevOps, the speed and functionality took the industry to the next level of success. • but the only concern of DevOps was its security inefficiency. due to this reason, DevSecOps is welcomed warmly. it caters to the need for speed, functionality, security, and scale under a single umbrella.
  • 13. SOME OF DEVSECOPS PRACTICES With the implementation of DevSecOps, the resources will be utilized in a better and efficient way. Here are some practices that help in operating things in a smooth way:
  • 14. • 1. SAFE AND SECURE CODING: • It is very important and necessary to practice safe and secure software development to cut down the high risk of vulnerabilities. Unsecure coding is a threat to the breach of confidential information. Hire the service of a highly experienced and skilled developer to avoid high risk. • 2. IMPLEMENT AUTOMATION: • Automation is the key factor for the secure and safe development of an application. Embed the automation with continuous integration and deployment environment to match the speed of your security with the process. It becomes necessary for a larger organization where varied versions of code are pushed in the production environment for multiple times.
  • 15. • 3. IMPLEMENTATION FROM THE BEGINNING: • Implement security from the first stage of application development. Till now, we have understood why it is necessary to implement a security check from the beginning. This practice may take time, but in the long run, it is handy and safest way for risk-free application development. • 4. PEOPLE + TECHNOLOGY + PROCESS = RISK FREE • The major role for the success of DevSecOps is played by the perfect trio of people, technology, and process. Convincing people about the shift from traditional methods to DevSecOps may need lots of effort, but the result will be worth of those efforts made by you. Just after convincing people, frame a common process to strengthen the security aim. After the merger of people and process, next comes is technology. With practices like automated compliance scan, confirmation management, host hardening, and others devsecops, the aim for the secured and safe application is not far.
  • 16.
  • 17. PROS OF DEVSECOPS • While there’s no full guarantee that a software product will be free from all possible malicious attacks, DevSecOps can ensure that an application is pretty stable and less vulnerable, upon release or off the shelf. This new approach to software creation is beneficial due to the following reasons: • 1. ENHANCES COLLABORATION AND COMMUNICATION BETWEEN ALL TEAMS • The DevSecOps method encourages IT professionals with different skills to collaborate and work together to achieve one goal. Team integration is one of the main objectives of DevSecOps. • 2. INCREASES THE SPEED AND AGILITY OF DEVELOPMENT TEAMS • The nature of this approach pushes DevSecOps team members to react fast, as well as review and correct vulnerabilities and other software problems as the development process is ongoing. • 3. PROMOTES BETTER QUALITY CONTROL AND THREAT DETECTION • While the DevOps team may consider the security team as a cause of delay, this should not be the case. Problems are identified and corrected immediately before
  • 18. CONS OF DEVSECOPS • 1. WON’T WORK WITHOUT OPEN COMMUNICATION • For DevSecOps to work properly, communication and collaboration of key teams from the security, software development, and IT departments must be established. If any of these teams keeps important information from each other, it may not work as intended. • 2. SHOULD BE ACCEPTED BY EVERYONE • Not all employees are keen on accepting non-traditional working arrangements. Some live by the mantra, “if it ain’t broke, don’t fix it.” It can be difficult to ditch the old ways of doing things and choose new working methods. Employees with this mindset may be hard to convince about the importance of DevSecOps. Additionally, they need time and few success stories to accept the new workflow. • 3. MAY NOT BE THE MANAGEMENT’S MAIN PRIORITY • Not all executives in a software development agency view security as a priority. As such, a company executive may not be accepting of the proposed changes drafted by a DevSecOps consultant or manager. As such, the company may revert to putting
  • 19. LIMITATIONS OF DEVSECOPS • As a new approach integrated in the DevSecOps, applications are quite limited at this stage. For instance, it can’t be applied to the following: • DevSecOps don’t work with web application firewalls (WAF) because wafs function by monitoring real user requests. The latter is only applicable in production environments and can’t resolve issues. • DevSecOps are fully reliant on automation. This renders manual penetration testing tools, useless as they can’t be used in DevSecOps. • Simple web vulnerability scanners aren’t meant to work with continuous integration (ci) and continuous delivery (cd) tools. Thus, it follows that it can’t work with security vulnerability assessment under DevSecOps, too.