SlideShare a Scribd company logo
Join the conversation #devseccon
Extending and securing
Chat-Ops
Arun N
Introduction
• Arun Narayanaswamy
• 14 years in Dev & Ops
• Worked at large enterprises including Fortune 1
• Entrepreneur, Student, Photographer and Traveler…
• Disclaimer:
• “The opinions expressed, software references and any content in this
presentation are solely mine and they do not represent my employer.”
How many of you use Chat @ Work?
techcrunch.com
ChatOps Architecture – How does it work?
© http://nordicapis.com
Chat Apps – Big Players!
• Instant messaging on steroids
• Your ‘whatsapp’ for business!
• Collaboration
• Integrated workspace - Text, audio, video
• All alerting and messaging in one place
• Share, Search & Integrate
• Chat-ops!
• Fun
Bots– Big Players!
• Hubot
Hubot – Why?
• CoffeeScript on Node.js based
• Active development - Github
• Easy integration with third part api’s
• Deployable on Heroku, AWS
• Works with Slack and HipChat (and more)
• What’s chat without Hubot?
Typical CD Workflow
• Revolves around the orchestrator
• Data need to be consolidated into Splunk/ELK/Jenkins etc.
• Now better with
• Containers
• New-gen monitoring
CI-CD – Data Flow Bot Interactions
Chat Notifications
HipChat / Hubot - Workflow
Risk
Potential Loopholes (With and without ChatOps)
Potential Loopholes : Focus today!
Plugging in the loopholes
2FA
Hardware
Tokens
Software
Tokens
Roles
•Custom
Code
•Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
Plugging in the loopholes : Hardware keys
2FA
Hardware
Tokens
Software
Tokens
Roles
•Custom
Code
•Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
Plugging in the loopholes : Hardware keys
• Demo
[ https://devseccon.hipchat.com/chat ]
[ https://id.heroku.com/login ]
[ https://www.yubico.com ]
Plugging in the loopholes : Soft keys
2FA
Hardware
Tokens
Software
Tokens
Roles
•Custom
Code
•Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
Plugging in the loopholes : Roles
2FA
Hardware
Tokens
Software
Tokens
Roles
•Custom
Code
•Hubot Auth
2FA
Multiple
Rooms
AWS IAM
Policies
Plugging in the loopholes : Rooms
2FA
Multiple
Rooms
AWS IAM
Policies
• Restricted Channels
• Private Channels
• Different Instance of Chat
System
• 2FA on Chat system itself
Plugging in the loopholes : IAM (AWS)
2FA
Multiple
Rooms
AWS IAM
Policies
• Policies on what each system can run
• Better control on AWS/Heroku where the bots run
Summary
© http://nordicapis.com
Join the conversation #devseccon
Thank you!
linkedin.com/in/arun-n

More Related Content

What's hot

DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
SUBHENDU KARMAKAR
 
IBGPのコンバージェンスの改善qunog3
IBGPのコンバージェンスの改善qunog3IBGPのコンバージェンスの改善qunog3
IBGPのコンバージェンスの改善qunog3
Noriyuki Yamaguchi
 
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
Edward Kuo
 
ROS/ROS2 Distributed System with Kubernetes
ROS/ROS2 Distributed System with KubernetesROS/ROS2 Distributed System with Kubernetes
ROS/ROS2 Distributed System with Kubernetes
Tomoya Fujita
 
Drone CI/CD Platform
Drone CI/CD PlatformDrone CI/CD Platform
Drone CI/CD Platform
Bo-Yi Wu
 
Scaffolding
ScaffoldingScaffolding
Scaffolding
stooty s
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
Weaveworks
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
NGINX, Inc.
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
Mitchell Pronschinske
 
GitOps w/argocd
GitOps w/argocdGitOps w/argocd
GitOps w/argocd
Jean-Philippe Bélanger
 
7 falsework (temporary works) risk assessment templates
7 falsework (temporary works) risk assessment templates7 falsework (temporary works) risk assessment templates
7 falsework (temporary works) risk assessment templates
Dwarika Bhushan Sharma
 
OpenStackで始めるクラウド環境構築入門
OpenStackで始めるクラウド環境構築入門OpenStackで始めるクラウド環境構築入門
OpenStackで始めるクラウド環境構築入門
VirtualTech Japan Inc.
 
Scaffold safety email
Scaffold safety emailScaffold safety email
Scaffold safety email
vtsiri
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
Docker, Inc.
 
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
DevOpsDays Tel Aviv
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCD
Omar Fathy
 
64617773-قلق-الامتحان.ppt قلق الامتحاااااان
64617773-قلق-الامتحان.ppt قلق الامتحاااااان64617773-قلق-الامتحان.ppt قلق الامتحاااااان
64617773-قلق-الامتحان.ppt قلق الامتحاااااان
ihseneberradjel
 
Everything about Blue-Green Deployment Strategy!
Everything about Blue-Green Deployment Strategy!Everything about Blue-Green Deployment Strategy!
Everything about Blue-Green Deployment Strategy!
OpsTree solutions
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and flux
LibbySchulze1
 
Kubernetes Cheatsheet
Kubernetes CheatsheetKubernetes Cheatsheet
Kubernetes Cheatsheet
Alex Hisaka
 

What's hot (20)

DevOps Overview in my own words
DevOps Overview in my own wordsDevOps Overview in my own words
DevOps Overview in my own words
 
IBGPのコンバージェンスの改善qunog3
IBGPのコンバージェンスの改善qunog3IBGPのコンバージェンスの改善qunog3
IBGPのコンバージェンスの改善qunog3
 
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
[2022 DevOpsDays Taipei] 走過 DevOps 風雨的下一步
 
ROS/ROS2 Distributed System with Kubernetes
ROS/ROS2 Distributed System with KubernetesROS/ROS2 Distributed System with Kubernetes
ROS/ROS2 Distributed System with Kubernetes
 
Drone CI/CD Platform
Drone CI/CD PlatformDrone CI/CD Platform
Drone CI/CD Platform
 
Scaffolding
ScaffoldingScaffolding
Scaffolding
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
 
Demystifying Service Mesh
Demystifying Service MeshDemystifying Service Mesh
Demystifying Service Mesh
 
GitOps w/argocd
GitOps w/argocdGitOps w/argocd
GitOps w/argocd
 
7 falsework (temporary works) risk assessment templates
7 falsework (temporary works) risk assessment templates7 falsework (temporary works) risk assessment templates
7 falsework (temporary works) risk assessment templates
 
OpenStackで始めるクラウド環境構築入門
OpenStackで始めるクラウド環境構築入門OpenStackで始めるクラウド環境構築入門
OpenStackで始めるクラウド環境構築入門
 
Scaffold safety email
Scaffold safety emailScaffold safety email
Scaffold safety email
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
 
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
Implementing SRE practices: SLI/SLO deep dive - David Blank-Edelman - DevOpsD...
 
GitOps and ArgoCD
GitOps and ArgoCDGitOps and ArgoCD
GitOps and ArgoCD
 
64617773-قلق-الامتحان.ppt قلق الامتحاااااان
64617773-قلق-الامتحان.ppt قلق الامتحاااااان64617773-قلق-الامتحان.ppt قلق الامتحاااااان
64617773-قلق-الامتحان.ppt قلق الامتحاااااان
 
Everything about Blue-Green Deployment Strategy!
Everything about Blue-Green Deployment Strategy!Everything about Blue-Green Deployment Strategy!
Everything about Blue-Green Deployment Strategy!
 
Get started with gitops and flux
Get started with gitops and fluxGet started with gitops and flux
Get started with gitops and flux
 
Kubernetes Cheatsheet
Kubernetes CheatsheetKubernetes Cheatsheet
Kubernetes Cheatsheet
 

Viewers also liked

DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
DevSecCon
 
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon
 
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragileDevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
Sriram Narayanan
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
Shannon Lietz
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application delivery
DevSecCon
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wild
DevSecCon
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecCon
Stephen de Vries
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
Shannon Lietz
 
Security as Code owasp
Security as  Code owaspSecurity as  Code owasp
Security as Code owasp
Shannon Lietz
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
Shannon Lietz
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSA
Shannon Lietz
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
Shannon Lietz
 

Viewers also liked (20)

DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragileDevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application delivery
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wild
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecCon
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Security as Code owasp
Security as  Code owaspSecurity as  Code owasp
Security as Code owasp
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSA
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 

Similar to DevSecCon Asia 2017 Arun N: Securing chatops

Sharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureSharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps Culture
Harm Boertien
 
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergHow to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
Atlassian
 
How Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectHow Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your Project
Wan Leung Wong
 
WORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designWORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive design
Usability Matters
 
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMicrosoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
MSHOWTO Bilisim Toplulugu
 
User Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamUser Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development Upstream
XBOSoft
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and Competency
Krishna-Kumar
 
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
Gergő Ertli
 
Agile and UX
Agile and UXAgile and UX
Agile and UX
Haunani Pao
 
How to write a web framework
How to write a web frameworkHow to write a web framework
How to write a web framework
Ngoc Dao
 
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentBUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
Klooff
 
How to Integrate UX and Agile
How to Integrate UX and AgileHow to Integrate UX and Agile
How to Integrate UX and Agile
UserZoom
 
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryImplementing Modernization by Trevor Perry
Implementing Modernization by Trevor Perry
Fresche Solutions
 
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeRabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Avtex
 
Integrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleIntegrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product Lifecycle
ICS
 
Chris Covell Collaboration for distributed teams
Chris Covell   Collaboration for distributed teamsChris Covell   Collaboration for distributed teams
Chris Covell Collaboration for distributed teams
Agile Lietuva
 
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
Ju Lim
 
Mix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesMix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes Distribuées
Alexis Monville
 
Mobile Usability Research in a Pinch
Mobile Usability Research in a PinchMobile Usability Research in a Pinch
Mobile Usability Research in a Pinch
Erin Young
 
What is share point sps_denver_final
What is share point sps_denver_finalWhat is share point sps_denver_final
What is share point sps_denver_final
M Allmond
 

Similar to DevSecCon Asia 2017 Arun N: Securing chatops (20)

Sharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureSharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps Culture
 
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergHow to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
 
How Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectHow Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your Project
 
WORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designWORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive design
 
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMicrosoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
 
User Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamUser Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development Upstream
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and Competency
 
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
 
Agile and UX
Agile and UXAgile and UX
Agile and UX
 
How to write a web framework
How to write a web frameworkHow to write a web framework
How to write a web framework
 
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentBUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
 
How to Integrate UX and Agile
How to Integrate UX and AgileHow to Integrate UX and Agile
How to Integrate UX and Agile
 
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryImplementing Modernization by Trevor Perry
Implementing Modernization by Trevor Perry
 
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeRabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
 
Integrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleIntegrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product Lifecycle
 
Chris Covell Collaboration for distributed teams
Chris Covell   Collaboration for distributed teamsChris Covell   Collaboration for distributed teams
Chris Covell Collaboration for distributed teams
 
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
 
Mix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesMix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes Distribuées
 
Mobile Usability Research in a Pinch
Mobile Usability Research in a PinchMobile Usability Research in a Pinch
Mobile Usability Research in a Pinch
 
What is share point sps_denver_final
What is share point sps_denver_finalWhat is share point sps_denver_final
What is share point sps_denver_final
 

More from DevSecCon

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon
 
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon
 
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon
 
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon
 
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon
 
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOps
DevSecCon
 

More from DevSecCon (20)

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
 
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
 
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
 
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
 
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
 
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heel
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOps
 

Recently uploaded

calcaneal fracture seminar by dr vishu.pptx
calcaneal fracture seminar by dr vishu.pptxcalcaneal fracture seminar by dr vishu.pptx
calcaneal fracture seminar by dr vishu.pptx
Skmch
 
Haldia Dock Complex - A Gateway To India's East Coast
Haldia Dock Complex - A Gateway To India's East CoastHaldia Dock Complex - A Gateway To India's East Coast
Haldia Dock Complex - A Gateway To India's East Coast
Amity University Kolkata
 
A study on drug utilization evaluation of bronchodilators using DDD method
A study on drug utilization evaluation of bronchodilators using DDD methodA study on drug utilization evaluation of bronchodilators using DDD method
A study on drug utilization evaluation of bronchodilators using DDD method
Dr. Chihiro
 
TEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITY
TEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITYTEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITY
TEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITY
AaSs197122
 
Building Digital Products & Content Leadership
Building Digital Products & Content LeadershipBuilding Digital Products & Content Leadership
Building Digital Products & Content Leadership
Rajesh Math
 
@ℂall Lucknow @Girls Chinhat 08630512678
@ℂall Lucknow  @Girls Chinhat 08630512678 @ℂall Lucknow  @Girls Chinhat 08630512678
@ℂall Lucknow @Girls Chinhat 08630512678
veenita788
 
Call India - AmanTel on the App Store.ppt
Call India - AmanTel on the App Store.pptCall India - AmanTel on the App Store.ppt
Call India - AmanTel on the App Store.ppt
Best International calling app on the market
 
HERO.pdf hero company working cap management project
HERO.pdf hero company working cap management projectHERO.pdf hero company working cap management project
HERO.pdf hero company working cap management project
SambalpurTokaSatyaji
 
@ℂall Lucknow @Girls Fazullaganj 08630512678 @Girls Service @ℂall
@ℂall Lucknow @Girls Fazullaganj 08630512678  @Girls Service @ℂall@ℂall Lucknow @Girls Fazullaganj 08630512678  @Girls Service @ℂall
@ℂall Lucknow @Girls Fazullaganj 08630512678 @Girls Service @ℂall
veenita788
 
Lucknow @Girls @ℂall Gomti Nagar 08630512678 @Girls @ℂall Service
Lucknow @Girls @ℂall  Gomti Nagar 08630512678  @Girls @ℂall ServiceLucknow @Girls @ℂall  Gomti Nagar 08630512678  @Girls @ℂall Service
Lucknow @Girls @ℂall Gomti Nagar 08630512678 @Girls @ℂall Service
veenita788
 
Risks & Business Risks Reduce - investment.pdf
Risks & Business Risks Reduce  - investment.pdfRisks & Business Risks Reduce  - investment.pdf
Risks & Business Risks Reduce - investment.pdf
Home
 
Pengukuran berat badan anak dan tinggi badan anak
Pengukuran berat badan anak dan tinggi badan anakPengukuran berat badan anak dan tinggi badan anak
Pengukuran berat badan anak dan tinggi badan anak
DeviDamayanti53
 
At the intersection of SEO & Product - Vanda Pokecz presentation
At the intersection of SEO & Product - Vanda Pokecz presentationAt the intersection of SEO & Product - Vanda Pokecz presentation
At the intersection of SEO & Product - Vanda Pokecz presentation
Vanda Pokecz
 
the sparks foundation JOB READINESS- how to be job ready. task 2
the sparks foundation JOB READINESS- how to be job ready. task 2the sparks foundation JOB READINESS- how to be job ready. task 2
the sparks foundation JOB READINESS- how to be job ready. task 2
Rashi427200
 
Biography of the late Mrs. Stella Atsupui Eddah.pdf
Biography of the late Mrs. Stella Atsupui Eddah.pdfBiography of the late Mrs. Stella Atsupui Eddah.pdf
Biography of the late Mrs. Stella Atsupui Eddah.pdf
AbdulSadickZutah
 
Marketing Articles and ppt on how to do marketing ..Challenges faced during M...
Marketing Articles and ppt on how to do marketing ..Challenges faced during M...Marketing Articles and ppt on how to do marketing ..Challenges faced during M...
Marketing Articles and ppt on how to do marketing ..Challenges faced during M...
ankitamarik05
 
Recruitment articles and posts- different & effective ways of recruitment
Recruitment articles and posts- different & effective ways of recruitmentRecruitment articles and posts- different & effective ways of recruitment
Recruitment articles and posts- different & effective ways of recruitment
Rashi427200
 
stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...
stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...
stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...
NETWAYS
 
Workshop Wednesday with SaaStr CEO Jason Lemkin - VC Workshop
Workshop Wednesday with SaaStr CEO Jason Lemkin - VC WorkshopWorkshop Wednesday with SaaStr CEO Jason Lemkin - VC Workshop
Workshop Wednesday with SaaStr CEO Jason Lemkin - VC Workshop
saastr
 
Effective-Recruitment-Strategies and leveraging linkedin
Effective-Recruitment-Strategies and leveraging linkedinEffective-Recruitment-Strategies and leveraging linkedin
Effective-Recruitment-Strategies and leveraging linkedin
DivyaMehta193660
 

Recently uploaded (20)

calcaneal fracture seminar by dr vishu.pptx
calcaneal fracture seminar by dr vishu.pptxcalcaneal fracture seminar by dr vishu.pptx
calcaneal fracture seminar by dr vishu.pptx
 
Haldia Dock Complex - A Gateway To India's East Coast
Haldia Dock Complex - A Gateway To India's East CoastHaldia Dock Complex - A Gateway To India's East Coast
Haldia Dock Complex - A Gateway To India's East Coast
 
A study on drug utilization evaluation of bronchodilators using DDD method
A study on drug utilization evaluation of bronchodilators using DDD methodA study on drug utilization evaluation of bronchodilators using DDD method
A study on drug utilization evaluation of bronchodilators using DDD method
 
TEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITY
TEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITYTEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITY
TEST WORTHINESS: VALIDITY, RELIABILITY, PRACTICALITY
 
Building Digital Products & Content Leadership
Building Digital Products & Content LeadershipBuilding Digital Products & Content Leadership
Building Digital Products & Content Leadership
 
@ℂall Lucknow @Girls Chinhat 08630512678
@ℂall Lucknow  @Girls Chinhat 08630512678 @ℂall Lucknow  @Girls Chinhat 08630512678
@ℂall Lucknow @Girls Chinhat 08630512678
 
Call India - AmanTel on the App Store.ppt
Call India - AmanTel on the App Store.pptCall India - AmanTel on the App Store.ppt
Call India - AmanTel on the App Store.ppt
 
HERO.pdf hero company working cap management project
HERO.pdf hero company working cap management projectHERO.pdf hero company working cap management project
HERO.pdf hero company working cap management project
 
@ℂall Lucknow @Girls Fazullaganj 08630512678 @Girls Service @ℂall
@ℂall Lucknow @Girls Fazullaganj 08630512678  @Girls Service @ℂall@ℂall Lucknow @Girls Fazullaganj 08630512678  @Girls Service @ℂall
@ℂall Lucknow @Girls Fazullaganj 08630512678 @Girls Service @ℂall
 
Lucknow @Girls @ℂall Gomti Nagar 08630512678 @Girls @ℂall Service
Lucknow @Girls @ℂall  Gomti Nagar 08630512678  @Girls @ℂall ServiceLucknow @Girls @ℂall  Gomti Nagar 08630512678  @Girls @ℂall Service
Lucknow @Girls @ℂall Gomti Nagar 08630512678 @Girls @ℂall Service
 
Risks & Business Risks Reduce - investment.pdf
Risks & Business Risks Reduce  - investment.pdfRisks & Business Risks Reduce  - investment.pdf
Risks & Business Risks Reduce - investment.pdf
 
Pengukuran berat badan anak dan tinggi badan anak
Pengukuran berat badan anak dan tinggi badan anakPengukuran berat badan anak dan tinggi badan anak
Pengukuran berat badan anak dan tinggi badan anak
 
At the intersection of SEO & Product - Vanda Pokecz presentation
At the intersection of SEO & Product - Vanda Pokecz presentationAt the intersection of SEO & Product - Vanda Pokecz presentation
At the intersection of SEO & Product - Vanda Pokecz presentation
 
the sparks foundation JOB READINESS- how to be job ready. task 2
the sparks foundation JOB READINESS- how to be job ready. task 2the sparks foundation JOB READINESS- how to be job ready. task 2
the sparks foundation JOB READINESS- how to be job ready. task 2
 
Biography of the late Mrs. Stella Atsupui Eddah.pdf
Biography of the late Mrs. Stella Atsupui Eddah.pdfBiography of the late Mrs. Stella Atsupui Eddah.pdf
Biography of the late Mrs. Stella Atsupui Eddah.pdf
 
Marketing Articles and ppt on how to do marketing ..Challenges faced during M...
Marketing Articles and ppt on how to do marketing ..Challenges faced during M...Marketing Articles and ppt on how to do marketing ..Challenges faced during M...
Marketing Articles and ppt on how to do marketing ..Challenges faced during M...
 
Recruitment articles and posts- different & effective ways of recruitment
Recruitment articles and posts- different & effective ways of recruitmentRecruitment articles and posts- different & effective ways of recruitment
Recruitment articles and posts- different & effective ways of recruitment
 
stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...
stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...
stackconf 2024 | Using European Open Source to build a Sovereign Multi-Cloud ...
 
Workshop Wednesday with SaaStr CEO Jason Lemkin - VC Workshop
Workshop Wednesday with SaaStr CEO Jason Lemkin - VC WorkshopWorkshop Wednesday with SaaStr CEO Jason Lemkin - VC Workshop
Workshop Wednesday with SaaStr CEO Jason Lemkin - VC Workshop
 
Effective-Recruitment-Strategies and leveraging linkedin
Effective-Recruitment-Strategies and leveraging linkedinEffective-Recruitment-Strategies and leveraging linkedin
Effective-Recruitment-Strategies and leveraging linkedin
 

DevSecCon Asia 2017 Arun N: Securing chatops

  • 1. Join the conversation #devseccon Extending and securing Chat-Ops Arun N
  • 2. Introduction • Arun Narayanaswamy • 14 years in Dev & Ops • Worked at large enterprises including Fortune 1 • Entrepreneur, Student, Photographer and Traveler… • Disclaimer: • “The opinions expressed, software references and any content in this presentation are solely mine and they do not represent my employer.”
  • 3. How many of you use Chat @ Work? techcrunch.com
  • 4. ChatOps Architecture – How does it work? © http://nordicapis.com
  • 5. Chat Apps – Big Players! • Instant messaging on steroids • Your ‘whatsapp’ for business! • Collaboration • Integrated workspace - Text, audio, video • All alerting and messaging in one place • Share, Search & Integrate • Chat-ops! • Fun
  • 7. Hubot – Why? • CoffeeScript on Node.js based • Active development - Github • Easy integration with third part api’s • Deployable on Heroku, AWS • Works with Slack and HipChat (and more) • What’s chat without Hubot?
  • 8. Typical CD Workflow • Revolves around the orchestrator • Data need to be consolidated into Splunk/ELK/Jenkins etc. • Now better with • Containers • New-gen monitoring
  • 9. CI-CD – Data Flow Bot Interactions Chat Notifications HipChat / Hubot - Workflow
  • 10. Risk Potential Loopholes (With and without ChatOps)
  • 11. Potential Loopholes : Focus today!
  • 12. Plugging in the loopholes 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 13. Plugging in the loopholes : Hardware keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 14. Plugging in the loopholes : Hardware keys • Demo [ https://devseccon.hipchat.com/chat ] [ https://id.heroku.com/login ] [ https://www.yubico.com ]
  • 15. Plugging in the loopholes : Soft keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 16. Plugging in the loopholes : Roles 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 17. Plugging in the loopholes : Rooms 2FA Multiple Rooms AWS IAM Policies • Restricted Channels • Private Channels • Different Instance of Chat System • 2FA on Chat system itself
  • 18. Plugging in the loopholes : IAM (AWS) 2FA Multiple Rooms AWS IAM Policies • Policies on what each system can run • Better control on AWS/Heroku where the bots run
  • 20. Join the conversation #devseccon Thank you! linkedin.com/in/arun-n

Editor's Notes

  1. AB Deployment / Canary Deployment // Jenkins – CA RA – Automic // Urban Code Deploy