How to build security into the DevOps environment. Introduction to DevSecOps for DevOps / Agile enthusiasts and practitioners. Presented on Czech DevOps meet-up.
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
This document discusses DevSecOps, which involves infusing security practices into the development lifecycle to enable faster release cycles while maintaining security. It notes that over 53,000 cybersecurity incidents occurred in India in 2017. Implementing DevSecOps requires changes across an organization's people, processes, tools, and governance to embed security responsibilities across all teams. The typical DevSecOps pipeline shifts security left through activities like threat modeling, security testing, and monitoring throughout the development lifecycle.
The document discusses adopting a DevSecOps approach to security by starting small with baby steps. It recommends making security part of the development team's job, hardening the development toolchain, planning security-focused epics and user stories, and implementing them in sprints to continuously improve security.
Yohanes Syailendra discusses DevSecOps implementation at DKATALIS, an Indonesian company. Some key points:
1. DevSecOps shifts security left to earlier stages of development to find and fix vulnerabilities sooner. This allows for faster development times and more secure applications.
2. At DKATALIS, DevSecOps includes threat modeling, static application security testing (SAST), dynamic application security testing (DAST), infrastructure as code scanning, and container security throughout the development pipeline.
3. A successful DevSecOps implementation requires changing culture, processes, and architecture to establish security as a shared responsibility across development and security teams. Automation is also important to scale practices
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future.
Agenda:
-DevSecOps Introduction
-Key Challenges, Recommendations
-DevSecOps Analysis
-DevSecOps Core Practices
-DevSecOps pipeline for Application & Infrastructure Security
-DevSecOps Security Tools Selection Tips
-DevSecOps Implementation Strategy
-DevSecOps Final Checklist
Link to Youtube video: https://youtu.be/-awH_CC4DLo
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Basic Introduction to DevSecOps concept
Why What and How for DevSecOps
Basic intro for Threat Modeling
Basic Intro for Security Champions
3 pillars of DevSecOps
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
How to integrate security in CI/CD pipeline
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
This document discusses DevSecOps, which involves infusing security practices into the development lifecycle to enable faster release cycles while maintaining security. It notes that over 53,000 cybersecurity incidents occurred in India in 2017. Implementing DevSecOps requires changes across an organization's people, processes, tools, and governance to embed security responsibilities across all teams. The typical DevSecOps pipeline shifts security left through activities like threat modeling, security testing, and monitoring throughout the development lifecycle.
The document discusses adopting a DevSecOps approach to security by starting small with baby steps. It recommends making security part of the development team's job, hardening the development toolchain, planning security-focused epics and user stories, and implementing them in sprints to continuously improve security.
Yohanes Syailendra discusses DevSecOps implementation at DKATALIS, an Indonesian company. Some key points:
1. DevSecOps shifts security left to earlier stages of development to find and fix vulnerabilities sooner. This allows for faster development times and more secure applications.
2. At DKATALIS, DevSecOps includes threat modeling, static application security testing (SAST), dynamic application security testing (DAST), infrastructure as code scanning, and container security throughout the development pipeline.
3. A successful DevSecOps implementation requires changing culture, processes, and architecture to establish security as a shared responsibility across development and security teams. Automation is also important to scale practices
40 DevSecOps Reference Architectures for you. See what tools your peers are using to scale DevSecOps and how enterprises are automating security into their DevOps pipeline. Learn what DevSecOps tools and integrations others are deploying in 2019 and where your choices stack up as you consider shifting security left.
An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future.
Agenda:
-DevSecOps Introduction
-Key Challenges, Recommendations
-DevSecOps Analysis
-DevSecOps Core Practices
-DevSecOps pipeline for Application & Infrastructure Security
-DevSecOps Security Tools Selection Tips
-DevSecOps Implementation Strategy
-DevSecOps Final Checklist
Link to Youtube video: https://youtu.be/-awH_CC4DLo
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Basic Introduction to DevSecOps concept
Why What and How for DevSecOps
Basic intro for Threat Modeling
Basic Intro for Security Champions
3 pillars of DevSecOps
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
How to integrate security in CI/CD pipeline
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
The document announces events from DevSecOps Singapore to bring together developers, operations, and security professionals. It describes monthly meetups for talks and networking, workshops over 4 months on integrating security testing into the SDLC, and an annual conference in 2017. It provides announcements for the workshops and conference and calls for speakers, office space, and volunteers to help build the community.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
The document discusses the rise of DevSecOps and its importance for software development. It notes that existing security solutions are no longer adequate due to the speed of modern development, and that security has become a bottleneck. DevSecOps aims to integrate security practices into development workflows to enable continuous and real-time security. It outlines how security responsibilities have evolved from separate teams to being shared among developers, and how tools have progressed from periodic testing to continuous monitoring and automation. The document argues that DevSecOps is necessary now given the costs of data breaches and risks of vulnerabilities in open source components.
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
CI/CD Best Practices for Your DevOps JourneyDevOps.com
The journey to realizing DevOps in any organization is fraught with a number of obstacles for developers and other stakeholders. These challenges are often caused by key CI/CD practices being misunderstood, partially implemented or even completely skipped. Now, as the industry positions itself to build on DevOps practices with a Software Delivery Management strategy, it’s more important than ever that we implement CI/CD best practices, and prepare for the future.
Join host Mitchell Ashely, and CloudBees’ Brian Dawson, DevOps evangelist, and Doug Tidwell, technical marketing director, as they explore and review the CI/CD best practices which serve as your stepping stones to DevOps and a successful Software Delivery Management strategy.
The webinar will cover CI/CD best practices including:
Containers and environment management
Continuous delivery or deployment
Movement from Dev to Ops
By the end of the webinar, you’ll understand the key steps for implementing CI/CD and powering your journey to DevOps and beyond.
This document discusses practical DevSecOps. It begins with an agenda and introduction of the presenter. It then describes the presenter's work background and organization. The document outlines the development lifecycle, from no versioning or automation to introducing versioning, continuous integration, and automated security analysis. It discusses competing priorities between business, development, security, and operations. The rest of the document covers why automation is important, what DevOps and DevSecOps are, an example GitLab CI configuration, lessons learned, and concludes by thanking the audience.
Are you looking to build Cloud-based application using DevOps methodlogy but worried that the traditional security methods may not adapt to the modern development techniques? Azure Secure DevOps Kit
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
*** DevSecOps: The Evolution of DevOps ***
Have you ever asked yourself the following questions:
What does DevSecOps means?
How is this different from DevOps?
What can we learn from the DevOps movement?
Presentation by James Betteley who shares his experience of shaping DevOps and what he foresees will happen with DevSecOps.
This document discusses DevSecOps, including what it is, why it is needed, and how to implement it. DevSecOps aims to integrate security into development tools and processes to promote a "secure by default" culture. It is needed because traditional security approaches cannot keep up with the rapid pace of DevOps. Implementing DevSecOps involves automating security checks and tests into the development pipeline and promoting collaboration between development, security, and operations teams. The document provides examples of tools that can be used and case studies of DevSecOps implementations.
This document discusses the concepts of DevSecOps at a high level. It begins with a brief history of development methodologies, from Waterfall to Agile, and how Ops became a bottleneck. This led to trends in Agile Operations and collaboration between Dev and Ops, known as DevOps. DevSecOps expands this to incorporate security. It discusses the importance of culture, processes, and technologies for effective communication, automation, and collaboration across Dev, Ops, and Security. The goal is to enable organizations to deliver inherently secure software at DevOps speed through a high-trust environment and automated security pipelines integrated into the software development lifecycle.
Shift Left Security - The What, Why and HowDevOps.com
This document discusses shift-left security, which involves moving security practices earlier into the software development lifecycle to proactively address risks rather than reactively. It notes that only 20% of organizations consistently integrate security early in DevOps processes. Shift-left security is important because traditional security teams cannot keep up with development speeds. The document outlines how to implement shift-left security through automating security practices, using control gates, and learning from production environments. It argues containers help shift security left through their minimal, declarative, and predictable nature which simplifies security requirements and policy automation.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
What does a Maturity Curve for Enterprise Adoption of Agile and DevOps look like? Where would an organization like yours rank on the curve? Are there specific areas of improvement you might want to consider?
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
The document discusses best practices for implementing DevSecOps for microservices architectures. It begins by defining microservices and explaining their advantages over monolithic architectures. It then covers challenges of microservices including communication between services, databases, testing, and deployment. The document recommends using a choreography pattern for asynchronous communication between loosely coupled services. It provides examples of event-driven architectures and deploying to Kubernetes. It also discusses technologies like Jenkins, Docker, Kubernetes, SonarQube, and Trivy that can help support continuous integration, deployment, and security in DevSecOps pipelines.
We already seen the important and start to transform our organization to DevSecOps Culture to prepare response for quickly change in business.
This session will explain how you can scale DevSecOps on Enterprise Organization from pilot team and project to org-wide adoption with 5 techniques.
Youtube Recorded: https://youtu.be/7s-evWxFSIQ
TechTalkThai Conference 2021: Enterprise Software Development on July 16, 2021
This document summarizes ABN AMRO's DevSecOps journey and initiatives. It discusses their implementation of continuous integration and delivery pipelines to improve software quality, reduce lead times, and increase developer productivity. It also covers their work to incorporate security practices like open source software management, container security, and credentials management into the development lifecycle through techniques like dependency scanning, security profiling, and a centralized secrets store. The presentation provides status updates on these efforts and outlines next steps to further mature ABN AMRO's DevSecOps capabilities.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
The document announces events from DevSecOps Singapore to bring together developers, operations, and security professionals. It describes monthly meetups for talks and networking, workshops over 4 months on integrating security testing into the SDLC, and an annual conference in 2017. It provides announcements for the workshops and conference and calls for speakers, office space, and volunteers to help build the community.
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
The document discusses the rise of DevSecOps and its importance for software development. It notes that existing security solutions are no longer adequate due to the speed of modern development, and that security has become a bottleneck. DevSecOps aims to integrate security practices into development workflows to enable continuous and real-time security. It outlines how security responsibilities have evolved from separate teams to being shared among developers, and how tools have progressed from periodic testing to continuous monitoring and automation. The document argues that DevSecOps is necessary now given the costs of data breaches and risks of vulnerabilities in open source components.
DevSecOps: Taking a DevOps Approach to SecurityAlert Logic
More organisations are embracing DevOps and automation to realise compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, many security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery.
CI/CD Best Practices for Your DevOps JourneyDevOps.com
The journey to realizing DevOps in any organization is fraught with a number of obstacles for developers and other stakeholders. These challenges are often caused by key CI/CD practices being misunderstood, partially implemented or even completely skipped. Now, as the industry positions itself to build on DevOps practices with a Software Delivery Management strategy, it’s more important than ever that we implement CI/CD best practices, and prepare for the future.
Join host Mitchell Ashely, and CloudBees’ Brian Dawson, DevOps evangelist, and Doug Tidwell, technical marketing director, as they explore and review the CI/CD best practices which serve as your stepping stones to DevOps and a successful Software Delivery Management strategy.
The webinar will cover CI/CD best practices including:
Containers and environment management
Continuous delivery or deployment
Movement from Dev to Ops
By the end of the webinar, you’ll understand the key steps for implementing CI/CD and powering your journey to DevOps and beyond.
This document discusses practical DevSecOps. It begins with an agenda and introduction of the presenter. It then describes the presenter's work background and organization. The document outlines the development lifecycle, from no versioning or automation to introducing versioning, continuous integration, and automated security analysis. It discusses competing priorities between business, development, security, and operations. The rest of the document covers why automation is important, what DevOps and DevSecOps are, an example GitLab CI configuration, lessons learned, and concludes by thanking the audience.
Are you looking to build Cloud-based application using DevOps methodlogy but worried that the traditional security methods may not adapt to the modern development techniques? Azure Secure DevOps Kit
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
*** DevSecOps: The Evolution of DevOps ***
Have you ever asked yourself the following questions:
What does DevSecOps means?
How is this different from DevOps?
What can we learn from the DevOps movement?
Presentation by James Betteley who shares his experience of shaping DevOps and what he foresees will happen with DevSecOps.
This document discusses DevSecOps, including what it is, why it is needed, and how to implement it. DevSecOps aims to integrate security into development tools and processes to promote a "secure by default" culture. It is needed because traditional security approaches cannot keep up with the rapid pace of DevOps. Implementing DevSecOps involves automating security checks and tests into the development pipeline and promoting collaboration between development, security, and operations teams. The document provides examples of tools that can be used and case studies of DevSecOps implementations.
This document discusses the concepts of DevSecOps at a high level. It begins with a brief history of development methodologies, from Waterfall to Agile, and how Ops became a bottleneck. This led to trends in Agile Operations and collaboration between Dev and Ops, known as DevOps. DevSecOps expands this to incorporate security. It discusses the importance of culture, processes, and technologies for effective communication, automation, and collaboration across Dev, Ops, and Security. The goal is to enable organizations to deliver inherently secure software at DevOps speed through a high-trust environment and automated security pipelines integrated into the software development lifecycle.
Shift Left Security - The What, Why and HowDevOps.com
This document discusses shift-left security, which involves moving security practices earlier into the software development lifecycle to proactively address risks rather than reactively. It notes that only 20% of organizations consistently integrate security early in DevOps processes. Shift-left security is important because traditional security teams cannot keep up with development speeds. The document outlines how to implement shift-left security through automating security practices, using control gates, and learning from production environments. It argues containers help shift security left through their minimal, declarative, and predictable nature which simplifies security requirements and policy automation.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
What does a Maturity Curve for Enterprise Adoption of Agile and DevOps look like? Where would an organization like yours rank on the curve? Are there specific areas of improvement you might want to consider?
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
The document discusses best practices for implementing DevSecOps for microservices architectures. It begins by defining microservices and explaining their advantages over monolithic architectures. It then covers challenges of microservices including communication between services, databases, testing, and deployment. The document recommends using a choreography pattern for asynchronous communication between loosely coupled services. It provides examples of event-driven architectures and deploying to Kubernetes. It also discusses technologies like Jenkins, Docker, Kubernetes, SonarQube, and Trivy that can help support continuous integration, deployment, and security in DevSecOps pipelines.
We already seen the important and start to transform our organization to DevSecOps Culture to prepare response for quickly change in business.
This session will explain how you can scale DevSecOps on Enterprise Organization from pilot team and project to org-wide adoption with 5 techniques.
Youtube Recorded: https://youtu.be/7s-evWxFSIQ
TechTalkThai Conference 2021: Enterprise Software Development on July 16, 2021
This document summarizes ABN AMRO's DevSecOps journey and initiatives. It discusses their implementation of continuous integration and delivery pipelines to improve software quality, reduce lead times, and increase developer productivity. It also covers their work to incorporate security practices like open source software management, container security, and credentials management into the development lifecycle through techniques like dependency scanning, security profiling, and a centralized secrets store. The presentation provides status updates on these efforts and outlines next steps to further mature ABN AMRO's DevSecOps capabilities.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
30. TOMAS HONZAK / DEVSECOPS
BUT HOW WILL IT END UP?
Release Plan
7
31. TOMAS HONZAK / DEVSECOPS
BUT HOW WILL IT END UP?
Release Plan Change Control Board Approval
7
32. TOMAS HONZAK / DEVSECOPS
BUT HOW WILL IT END UP?
Release Plan Change Control Board Approval
Release Manager
Approval
7
33. TOMAS HONZAK / DEVSECOPS
BUT HOW WILL IT END UP?
Release Plan Change Control Board Approval
Release Manager
Approval
Documented
Meeting
Minutes
7
34. TOMAS HONZAK / DEVSECOPS
BUT HOW WILL IT END UP?
Release Plan Change Control Board Approval
Release Manager
Approval
Documented
Meeting
Minutes
Project
Manager
7
35. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
8
36. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
8
37. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
Dynamic code analysis
8
38. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
Dynamic code analysis
8
39. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
Dynamic code analysis
Secure Code Review
8
40. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
Dynamic code analysis
Secure Code Review
8
41. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
Dynamic code analysis
Secure Code Review
8
42. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
Dynamic code analysis
Secure Code Review
8
43. TOMAS HONZAK / DEVSECOPS
AND WE STILL DID NOT ADD ANY “REAL” SECURITY …
Dynamic code analysis
Secure Code Review
8
44. TOMAS HONZAK / DEVSECOPS
IF ONLY THERE WAS A BETTER WAY…
9
45. TOMAS HONZAK / DEVSECOPS
IF ONLY THERE WAS A BETTER WAY…
9
46. TOMAS HONZAK / DEVSECOPS
IF ONLY THERE WAS A BETTER WAY…
9
47. TOMAS HONZAK / DEVSECOPS
IF ONLY THERE WAS A BETTER WAY…
9
49. TOMAS HONZAK / DEVSECOPS
KEY DEVSECOPS PRINCIPLES
▸ Embrace the cultural and practical changes
▸ Integrate security in the whole lifecycle, from requirements,
design and analysis to testing, deployment and operations
10
50. TOMAS HONZAK / DEVSECOPS
KEY DEVSECOPS PRINCIPLES
▸ Embrace the cultural and practical changes
▸ Integrate security in the whole lifecycle, from requirements,
design and analysis to testing, deployment and operations
▸ Automate your critical processes
▸ Automation helps prevent errors and omissions and provides
reliable assurance both for you and your auditors
10
51. TOMAS HONZAK / DEVSECOPS
KEY DEVSECOPS PRINCIPLES
▸ Embrace the cultural and practical changes
▸ Integrate security in the whole lifecycle, from requirements,
design and analysis to testing, deployment and operations
▸ Automate your critical processes
▸ Automation helps prevent errors and omissions and provides
reliable assurance both for you and your auditors
▸ Empower your teams
▸ Like all things Agile, the teams must know what they are doing
10
52. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
11
53. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
11
54. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
11
55. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
SAST
11
56. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
SIGN THE PACKAGE
SAST
11
57. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
SIGN THE PACKAGE
BURP SUITE
OWASP ZAP
SAST
11
58. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
SIGN THE PACKAGE VERIFY THE SIGNATURE
BURP SUITE
OWASP ZAP
SAST
11
59. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
SIGN THE PACKAGE VERIFY THE SIGNATURE
APPLY CONFIGURATION AS A CODE
BURP SUITE
OWASP ZAP
SAST
11
60. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
SIGN THE PACKAGE VERIFY THE SIGNATURE
APPLY CONFIGURATION AS A CODE
BURP SUITE
OWASP ZAP
SAST
SECURE AND AUTOMATED
11
61. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC
JIRA # TO COMMIT
MESSAGE
“COMPLIANCE
CHECK”
SIGN THE PACKAGE VERIFY THE SIGNATURE
APPLY CONFIGURATION AS A CODE
BURP SUITE
OWASP ZAP
SAST
SECURE AND AUTOMATED
LOGGED
ALERTED
REVIEWED
11
62. TOMAS HONZAK / DEVSECOPS
DEVSEC SUMMARY
▸ Move security as much to the left as possible
▸ Enhance your CI/CD pipeline with security testing tools
▸ Static Code Analysis (SonarQube)
▸ Lightweight penetration testing (Burp / OWASP ZAP)
▸ Enforce change control, approvals and SoD by gating (Zuul)
▸ “JIRA ticket = approval, peer review = SoD”
▸ Secure the environment and log everything
▸ (traceability and accountability)
12
63. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
64. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
65. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
66. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
APPLICATION
LOGS
67. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
APPLICATION
LOGS
68. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
LOGGED
ALERTED
APPLICATION
LOGS
69. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
LOGGED
ALERTED
APPLICATION
LOGS
REVIEWED AND RESOLVED
70. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
LOGGED
ALERTED
APPLICATION
LOGS
REVIEWED AND RESOLVED
ESCALATED
71. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
LOGGED
ALERTED
APPLICATION
LOGS
FEEDBACK
REVIEWED AND RESOLVED
ESCALATED
72. TOMAS HONZAK / DEVSECOPS
ADDING THE “SEC” INTO DEVOPS PART 2 - SECOPS
13
LOGGED
ALERTED
APPLICATION
LOGS
FEEDBACK
REVIEWED AND RESOLVED
ESCALATED
73. TOMAS HONZAK / DEVSECOPS
SECOPS SUMMARY
▸ Security Built-in on all levels
▸ Not only “DevSec”, but also non-functional requirement — secrets management, logging, encryption, …
▸ Images / Containers / Infrastructure / Network Hardening
▸ No unnecessary SW, no default passwords, firewalls in deny-all mode, monitored bastion hosts in DMZ
with session logging and strong authentication/authorization …
▸ Configuration management, automated compliance
▸ Orchestrated CM, anything-as-a-code (including fw rules, access control etc.), code reviews + alerts
▸ Automated threat intelligence, scans, detection, alerting and response
▸ Vulnerability scans, HIDS/NIDS, log monitoring and analysis, SIEM, …
▸ Combination of Operations and Security in the same on-call team
▸ Not everyone can be top-class security expert — keep these in a virtual CSIRT, not in Ops
14
74. TOMAS HONZAK / DEVSECOPS
OH, AND BY THE WAY … WERE YOU WORRIED ABOUT
15
75. TOMAS HONZAK / DEVSECOPS
OH, AND BY THE WAY … WERE YOU WORRIED ABOUT
15
76. TOMAS HONZAK / DEVSECOPS
OH, AND BY THE WAY … WERE YOU WORRIED ABOUT
15
SECURE
BY
(DESIGN)
DEVSECOPS
77. TOMAS HONZAK / DEVSECOPS
OK, WE DID THAT ALL. ARE WE 100 % SECURE NOW?
16
78. TOMAS HONZAK / DEVSECOPS
OK, WE DID THAT ALL. ARE WE 100 % SECURE NOW?
Of course not :) :(, but you decreased the risks a lot:
16
79. TOMAS HONZAK / DEVSECOPS
OK, WE DID THAT ALL. ARE WE 100 % SECURE NOW?
Of course not :) :(, but you decreased the risks a lot:
▸ Increased prevention and detection capabilities
16
80. TOMAS HONZAK / DEVSECOPS
OK, WE DID THAT ALL. ARE WE 100 % SECURE NOW?
Of course not :) :(, but you decreased the risks a lot:
▸ Increased prevention and detection capabilities
▸ Faster response, no handover between Security and Ops
16
81. TOMAS HONZAK / DEVSECOPS
OK, WE DID THAT ALL. ARE WE 100 % SECURE NOW?
Of course not :) :(, but you decreased the risks a lot:
▸ Increased prevention and detection capabilities
▸ Faster response, no handover between Security and Ops
▸ Faster recovery thanks to automation and *-as-a-code
16
82. TOMAS HONZAK / DEVSECOPS
OK, WE DID THAT ALL. ARE WE 100 % SECURE NOW?
Of course not :) :(, but you decreased the risks a lot:
▸ Increased prevention and detection capabilities
▸ Faster response, no handover between Security and Ops
▸ Faster recovery thanks to automation and *-as-a-code
▸ Cultural change, better communication and
straightforward feedback
16