SlideShare a Scribd company logo
Dev(Sec)Ops
Architecture for Security and Compliance
曾義峰 (Ant)
yftzeng@gmail.com
2019-07-12
2/90
Introduction & Research interest
13 年互聯網研發經驗, 4 年顧問資歷。
時而編程,時而沉浸於法律領域、倘洋於資訊安全世界中。
Web Security ( 網頁安全 )
Data(base) Security ( 資料安全 )
Agile Way ( 敏捷方法 )
Compliance ( 法遵 / 合規 )
3/90
SDLC & Agile1
Product Owner & Stakeholders2
DevOps & Security3
Agenda
引言
角色
安全
DevOps & Compliance4 法遵
CI/CD & Pipeline5 實踐
4/90
SDLC & Agile1
Product Owner & Stakeholders2
DevOps & Security3
DevOps & Compliance4
Agenda
引言
CI/CD & Pipeline5
5/90
Requirements
Design
Code
Test
Deploy
Software Development Life Cycle (SDLC)
6/90
Requirements
Design
Code
Test
Deploy
Secure Software Development Life Cycle (SSDLC)
Risk Assessment
Design Review
&
Threat Modeling
Static Analysis
Code Review
&
Penetration Testing
Secure Configuration
&
Security Assessment
7/90
Requirements
Design
Code
Test
Deploy
Secure Software Development Life Cycle (SSDLC)
Risk Assessment
Design Review
&
Threat Modeling
Static Analysis
Code Review
&
Penetration Testing
Secure Configuration
&
Security Assessment
Waterfall
EVERYTHING WORK WELL
8/90
Agile
Credit: https://medium.com/innodev/agile-development-for-dummies-dd161da253c7
9/90
Agile
Credit: https://www.kisspng.com/png-scrum-sprint-agile-software-development-systems-de-4949713/
Scrum
10/90
Agile
Credit: https://sanzubusinesstraining.com/how-to-create-a-kanban-board-to-manage-your-to-do-list/
Kanban
11/90
Agile
Credit: https://dilbert.com/strip/2007-11-26
我們將嘗試一種稱為敏捷開發的模式。
意味著不需計畫,不需文檔。只要寫程式和發牢騷就好。
12/90
Agile
Prejudices
推動 Agile 後造成一團混亂 (Chaos) 。
Agile 過於複雜。
Agile 只是把待辦清單 (Todo) 用便利貼或數位的方式貼在牆上。
Agile 會產出不安全的軟體。
Agile 太浪費時間,例如每日站立會議、回顧 (retrospective) 。
13/90
Agile
Prejudices
推動 Agile 後造成一團混亂 (Chaos) 。
Agile 過於複雜。
Agile 只是把待辦清單 (Todo) 用便利貼或數位的方式貼在牆上。
Agile 會產出不安全的軟體。
Agile 太浪費時間,例如每日站立會議、回顧 (retrospective) 。
14/90
Agile
Credit: http://www.commitstrip.com/en/2017/06/19/security-too-expensive-try-a-hack/
15/90
Agile
16/90
Agile
Agile ≠ Fast
17/90
Agile
很多公司都有推動各種敏捷專案管理流程。
例如 Scrum 或 Kanban 。
但其中有具備資安 (Security) 思維的只有一小部分。
18/90
誰說 Agile Coach 不需要懂資安 !?
Agile
Injection
頻繁安插的無理需求、急件
19/90
誰說 Agile Coach 不需要懂資安 !?
Agile
XSSInjection
頻繁安插的無理需求、急件 從其他團隊來的跨組扔包
20/90
誰說 Agile Coach 不需要懂資安 !?
Agile
XSS
StackOverflow
Injection
頻繁安插的無理需求、急件 從其他團隊來的跨組扔包
我是 Full-Stack Developer
指的是如果再給我一個工作
我的工作 (Stack) 就會溢出
21/90
誰說 Agile Coach 不需要懂資安 !?
Agile
God Injection
XSS
StackOverflow
Injection
頻繁安插的無理需求、急件 從其他團隊來的跨組扔包
我是 Full-Stack Developer
指的是如果再給我一個工作
我的工作 (Stack) 就會溢出
老闆一聲令下
搖身變為隕石開發法
22/90
隕石開發法
Credit: http://eiki.hatenablog.jp/entry/meteo_fall
Waterfall
23/90
隕石開發法
Credit: http://eiki.hatenablog.jp/entry/meteo_fall
Agile
24/90
隕石開發法
Credit: http://eiki.hatenablog.jp/entry/meteo_fall
Agile
無論什麼方法,在神面前,
都無用
25/90
DevOps & Security3
DevOps & Compliance4
Agenda
Product Owner & Stakeholders2
SDLC & Agile1
角色
CI/CD & Pipeline5
26/90
Scrum & Product Owner
“The Product Owner is the sole person responsible for managing
the Product Backlog.” (Scrum guide)
“ 產品負責人是負責管理產品待辦清單的唯一人員。”
“The PO role is responsible for working with the customers and
stakeholders to understand their needs.”
“ 產品負責人負責與客戶和利益相關者合作以了解他們的需求。”
Credit: https://www.scrum.org/forum/scrum-forum/7820/product-owner-role-delegated-team
27/90
Scrum & Product Owner
“The Product Owner is the sole person responsible for managing
the Product Backlog.” (Scrum guide)
“ 產品負責人是負責管理產品待辦清單的唯一人員。”
“The PO role is responsible for working with the customers and
stakeholders to understand their needs.”
“ 產品負責人負責與客戶和利益相關者合作以了解他們的需求。”
Credit: https://www.scrum.org/forum/scrum-forum/7820/product-owner-role-delegated-team
Who are your stakeholders ?
誰是你們的利益相關者
28/90
Scrum & Product Owner
“The Product Owner is the sole person responsible for managing
the Product Backlog.” (Scrum guide)
“ 產品負責人是負責管理產品待辦清單的唯一人員。”
“The PO role is responsible for working with the customers and
stakeholders to understand their needs.”
“ 產品負責人負責與客戶和利益相關者合作以了解他們的需求。”
Credit: https://www.scrum.org/forum/scrum-forum/7820/product-owner-role-delegated-team
Security officer should start taking up
the role of security stakeholders
資安官應該開始擔任利益相關者的角色
29/90
Product Backlog
Product Backlog Item (PBI) :
● Features
● Bugs
● Refactoring
● Spike
● …
● Security Features
● Security Stories
● Attacker Stories
● Ab-Use User Stories
30/90
Product Backlog
Scenario: User are able to register
Given the user is on “/users/register”
When the user types the email “yftzeng@gmail.com”
When the user types the password “xxx”
When the user clicks the register button
Then the response should contains “Password must be at least 8 characters long”
...
BDD
31/90
Product Backlog
Scenario: The application should not contain SQL injection vulnerabilities
And the SQL-Injection policy is enabled
And the attack strength is set to High
And the alert threshold is set to Low
When the scanner is run
And the following false positives are removed
| url | parameter | cweId | wascId |
And the XML report is written to the file output/security/sql_injection.xml
Then no Medium or Higher risk vulnerabilities should be present
Credit: https://continuumsecurity.net/bdd-security/
BDD
32/90
Product Backlog
Scenario: Present the login form itself over an HTTPS connection
Given a new browser instance
And the client/browser is configured to use an intercepting proxy
And the proxy logs are cleared
And the login page is displayed
And the HTTP request-response containing the login form
Then the protocol should be HTTPS
And ...
Credit: https://continuumsecurity.net/bdd-security/
BDD
33/90
Tools
● SpecFlow (.NET)
● Cucumber (Ruby)
● JBehave (Java)
● Behat (PHP)
● Jest (JavaScript)
● Godog (Go)
● …
BDD
34/90
DevOps & Compliance4
Agenda
SDLC & Agile1
DevOps & Security3
Product Owner & Stakeholders2
安全
CI/CD & Pipeline5
35/90
DevOps & Security
《 Dev Ops⋅ 》
同 Agile / Lean ,具備自身核心,更快的執行速度和更快的學習速度。
這就是為什麼它經常被描述為一種文化。
從 DevOps 視角,探討 Security
36/90
DevOps & Security
《 Dev Ops⋅ 》
同 Agile / Lean ,具備自身核心,更快的執行速度和更快的學習速度。
這就是為什麼它經常被描述為一種文化。
37/90
DevOps & Security
38/90
DevOps & Security
SecDevOps—sometimes called “Rugged DevOps” or “security at
speed”—as a set of best practices designed to help
organizations implant secure coding deep in the heart of
their DevOps development and deployment processes. The goal
is to automate secure coding and security tests and fixes
within the workflow, making secure software an inherent
outcome of DevOps approaches.
Credit: https://blog.newrelic.com/2015/08/27/secdevops-rugged-devops/
39/90
DevOps & Security
SecDevOps—sometimes called “Rugged DevOps” or “security at
speed”—as a set of best practices designed to help
organizations implant secure coding deep in the heart of
their DevOps development and deployment processes. The goal
is to automate secure coding and security tests and fixes
within the workflow, making secure software an inherent
outcome of DevOps approaches.
Credit: https://blog.newrelic.com/2015/08/27/secdevops-rugged-devops/
“SecDevOps seeks to embed security inside the development process
as deeply as DevOps has done with operations”
(SecDevOps 旨在將開發過程中的資訊安全深入到 DevOps 的操作中 )
40/90
DevOps & Security
The hinge to success for DevOps security lies in changing
the underlying DevOps culture to embrace security—with no
exceptions. As with any other methodology, security must be
built into DevOps.
Credit: https://techbeacon.com/devsecops-foundations
41/90
DevOps & Security
The hinge to success for DevOps security lies in changing
the underlying DevOps culture to embrace security—with no
exceptions. As with any other methodology, security must be
built into DevOps.
Credit: https://techbeacon.com/devsecops-foundations
DevOps 資訊安全成功的關鍵仰賴改變潛在的 DevOps 文化以擁抱安全性
- 沒有例外 -
42/90
DevOps & Security
43/90
DevOps & Security
44/90
DevOps & Security
45/90Credit: https://www.owasp.org/index.php/OWASP_AppSec_Pipeline#tab=Pipeline_Design_Patterns
46/90Credit: https://www.linkedin.com/in/LarryMaccherone/
47/90
Agenda
SDLC & Agile1
Product Owner & Stakeholders2
DevOps & Compliance4
DevOps & Security3
法遵
CI/CD & Pipeline5
48/90
DevOps & Compliance
Compliance
Security
License
Standards
Regulations
Law Policies
49/90
DevOps & Compliance
很多公司都有推動各種敏捷專案管理流程。
例如 Scrum 或 Kanban 。
但其中有具備資安 (Security) 思維的只有一小部分。
更不用論更大範圍的法遵 / 合規 (Compliance) ,例如 GDPR 等。
50/90
DevOps & Compliance
歐盟《通用資料保護規則》 (General Data Protection Regulation, GDPR)
2018-05-25 正式生效
Credit: https://www.clearvertical.co.uk/is-your-website-gdpr-compliant/
51/90
DevOps & Compliance
歐盟《通用資料保護規則》 (General Data Protection Regulation, GDPR)
2018-05-25 正式生效
史上最嚴的個人資料保護法
Credit: https://www.clearvertical.co.uk/is-your-website-gdpr-compliant/
52/90
DevOps & Compliance
美國加州通過最嚴格的資料隱私法
Credit: https://www.theverge.com/2018/6/28/17509720/california-consumer-privacy-act-legislation-law-vote
53/90
DevOps & Compliance
CLOUD Act (Clarifying Lawful Overseas Use of Data Act)
2018-03-24 正式生效
Credit: https://restoreprivacy.com/cloud-act/
54/90
DevOps & Compliance
Compliance
Security
License
Standards
Regulations
Law Policies
Open source
55/90
DevOps & Compliance
《法律訴訟》美國 (1/2)
2002
MySQL vs. Progress Software
2002
MySQL vs. Progress Software
2006-03
Jacobson vs. Katzer
2006-03
Jacobson vs. Katzer
2007-10
BusyBox vs. Monsoon
2007-10
BusyBox vs. Monsoon
2007-11
BusyBox vs. Xterasys
2007-11
BusyBox vs. Xterasys
2007-11
BusyBox vs. High-Gain
Antennas
2007-11
BusyBox vs. High-Gain
Antennas
2007-12
BusyBox vs. Verizon
2007-12
BusyBox vs. Verizon
2008-01
Trend vs. Barracuda
2008-01
Trend vs. Barracuda
2008-06
BusyBox vs. Bell Microproduct
2008-06
BusyBox vs. Bell Microproduct
56/90
DevOps & Compliance
《法律訴訟》美國 (2/2)
2008-06
BusyBox vs. Super Micro
Computer
2008-06
BusyBox vs. Super Micro
Computer
2008-07
BusyBox vs. Extreme Networks
2008-07
BusyBox vs. Extreme Networks
2008-12
FSF vs. Cisco
2008-12
FSF vs. Cisco
2009-02
Microsoft vs. TomTom
2009-02
Microsoft vs. TomTom
2009-12
BusyBox vs. Best Buy 等 14 間
企業
2009-12
BusyBox vs. Best Buy 等 14 間
企業 2014-12
Ximpleware vs. Versata
2014-12
Ximpleware vs. Versata
57/90
Agenda
SDLC & Agile1
Product Owner & Stakeholders2
DevOps & Security3
CI/CD & Pipeline5
DevOps & Compliance4
實踐
58/90
CI/CD & Pipeline
《 Dev Ops⋅ & CI ⋅ CD 》
DevOps 非商業口號,是以工具為中心的哲學,支持持續交付價值鏈。
持續交付採用自動部署流水線,以便可靠、快速地將軟體發佈的方法。
持續交付和 DevOps 擁有敏捷和精益的共同背景:小而快速的變化。
DevOps 關乎文化、開發和運營之間、明確的流程。關乎敏捷。
你可以在不實施持續交付的情況下接受並實踐 DevOps 理念。
從 CI/CD & Pipeline 視角,探討 Security
59/90
CI/CD & Pipeline
《 Dev Ops⋅ & CI ⋅ CD 》
DevOps 非商業口號,是以工具為中心的哲學,支持持續交付價值鏈。
持續交付採用自動部署流水線,以便可靠、快速地將軟體發佈的方法。
持續交付和 DevOps 擁有敏捷和精益的共同背景:小而快速的變化。
DevOps 關乎文化、開發和運營之間、明確的流程。關乎敏捷。
你可以在不實施持續交付的情況下接受並實踐 DevOps 理念。
60/90Credit: https://www.linkedin.com/in/LarryMaccherone/
61/90Credit: https://www.linkedin.com/in/LarryMaccherone/
實踐上的困難點?
62/90
CI/CD & Pipeline
《 Pen testing 》
滲透測試 (Penetration testing) 有時長達兩個月。
每一次的提交與改變,是否會影響之前滲透測試的結果?
《 Compliance validation 》
如果發布需要通過外部審核機構 ( 法務 / 會計 / 稽核 ) ,
如何能實現快速循環實驗?
63/90Credit: https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700
64/90Credit: https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700
65/90
CI/CD & Pipeline
Credit: https://www.linkedin.com/pulse/transformation-pmo-jack-caine/
以 SAFe 的 Continuous Delivery( 持續交付 ) 模型為例
The Scaled Agile Framework (abbreviated as SAFe)
66/90
CI/CD & Pipeline
Credit: https://www.scaledagileframework.com/release-on-demand/
Develop on Cadence. Release on Demand.
- A SAFe mantra
67/90
CI/CD & Pipeline
Credit: https://www.scaledagileframework.com/release-on-demand/
Develop on Cadence. Release on Demand.
- A SAFe mantra按節奏開發,按所需發布
-SAFe 的口號 -
68/90
CI/CD & Pipeline
Credit: https://twitter.com/deanleffingwell/status/612425925515317248
69/90
CI/CD & Pipeline
Credit: https://www.scaledagileframework.com/release-on-demand/
Develop on Cadence. Release on Demand.
- A SAFe mantra
Develop on Cadence
( 技術流程 )
Release on Demand
( 商業決策 )
70/90
CI/CD & Pipeline
Credit: https://www.scaledagileframework.com/release-on-demand/
Develop on Cadence. Release on Demand.
- A SAFe mantra
Develop on Cadence
( 技術流程 )
Release on Demand
( 商業決策 )
解耦
(decoupling)
71/90
CI/CD & Pipeline
Credit: https://martinfowler.com/books/continuousDelivery.html
Continuous delivery is about putting the release
schedule in the hands of the business, not in the
hands of IT.
72/90
CI/CD & Pipeline
Credit: https://martinfowler.com/books/continuousDelivery.html
Continuous delivery is about putting the release
schedule in the hands of the business, not in the
hands of IT.持續交付是指將發布時程放在業務手中,而不是掌握在 IT 手中
73/90
CI/CD & Pipeline
Credit: https://martinfowler.com/bliki/ContinuousDelivery.html
Continuous Delivery is sometimes confused with
Continuous Deployment. Continuous Deployment
means that every change goes through the pipeline
and automatically gets put into production, resulting
in many production deployments every day. Continuous
Delivery just means that you are able to do frequent
deployments but may choose not to do it, usually due to
businesses preferring a slower rate of deployment. In
order to do Continuous Deployment you must be doing
Continuous Delivery.
Martin Fowler
74/90
CI/CD & Pipeline
Credit: https://martinfowler.com/bliki/ContinuousDelivery.html
Continuous Delivery is sometimes confused with
Continuous Deployment. Continuous Deployment
means that every change goes through the pipeline
and automatically gets put into production, resulting
in many production deployments every day. Continuous
Delivery just means that you are able to do frequent
deployments but may choose not to do it, usually due to
businesses preferring a slower rate of deployment. In
order to do Continuous Deployment you must be doing
Continuous Delivery.
Martin Fowler
持續交付只是意味著你可以進行頻繁部署 , 但可以選擇不這樣做,
通常是因為企業更喜歡較慢的部署速度
75/90
CI/CD & Pipeline
Credit: https://www.scaledagileframework.com/release-on-demand/
Develop on Cadence. Release on Demand.
- A SAFe mantra
Develop on Cadence
( 技術流程 )
Release on Demand
( 商業決策 )
解耦
(decoupling)
76/90
CI/CD & Pipeline
Credit: https://www.linkedin.com/pulse/transformation-pmo-jack-caine/
以 SAFe 的 Continuous Delivery( 持續交付 ) 模型為例
The Scaled Agile Framework (abbreviated as SAFe)
77/90
CI/CD & Pipeline
Credit: https://www.linkedin.com/pulse/transformation-pmo-jack-caine/
以 SAFe 的 Continuous Delivery( 持續交付 ) 模型為例
The Scaled Agile Framework (abbreviated as SAFe)
解耦
(decoupling)
78/90
CI/CD & Pipeline
Credit: https://www.linkedin.com/pulse/transformation-pmo-jack-caine/
以 SAFe 的 Continuous Delivery( 持續交付 ) 模型為例
The Scaled Agile Framework (abbreviated as SAFe)
商業決策 技術流程 商業決策
79/90
CI/CD & Pipeline
Credit: https://www.linkedin.com/pulse/transformation-pmo-jack-caine/
商業決策 技術流程 商業決策
ComplianceSecurity
滲透測試 (Penetration testing) / 紅隊演練 (Red Team Assessment) 。
外部審核機構 ( 法務 / 會計 / 稽核 ) 。
80/90
Security
Marketing
Compliance
needs
pen testing red team
regulations controlsstandards
unit / integration / performance test
unit / integration / performance test
scheduling
unit / integration / performance test
scheduling
schedule
pipeline
Develop
81/90
Security
Marketing
Compliance
Develop
needs
pen testing red team
regulations controlsstandards
unit / integration / performance test
unit / integration / performance test
scheduling
unit / integration / performance test
scheduling
schedule
pipeline
82/90Credit: https://www.linkedin.com/pulse/agile-scrum-gdpr-ruud-van-driel-cissp/
83/90Credit: https://www.linkedin.com/pulse/agile-scrum-gdpr-ruud-van-driel-cissp/
84/90Credit: https://www.linkedin.com/pulse/agile-scrum-gdpr-ruud-van-driel-cissp/
85/90Credit: https://www.linkedin.com/pulse/agile-scrum-gdpr-ruud-van-driel-cissp/
86/90
Security
Marketing
Compliance
Develop
needs
pen testing red team
regulations controlsstandards
unit / integration / performance test
unit / integration / performance test
scheduling
unit / integration / performance test
scheduling
schedule
pipeline
87/90
程式提交程式提交 ………… 授權分析授權分析 授權白名單授權白名單 授權黑名單授權黑名單 授權灰名單授權灰名單 程式通過程式通過
靜態分析靜態分析
動態分析動態分析
註解分析註解分析
相容分析相容分析
X
問題清單問題清單
MIT
Apache-2.0
BSD-2-Clause
BSD-3-Clause
……
AGPL-3.0
CPAL
OSL
SSPL
……
LGPL-2.1 / 動態連結 → OK
LGPL-2.1 / 靜態連結 → NO
LGPL-3.0 / 動態連結 → OK
LGPL-3.0 / 靜態連結 → NO
……
X Xhttps://github.com/fossology/fossology
https://github.com/google/licenseclassifier
https://github.com/github/licensed
https://github.com/dmgerman/ninka
https://github.com/jslicense/licensee.js [npm]
https://github.com/davglass/license-checker [npm]
https://github.com/pmezard/licenses [Go]
https://github.com/Comcast/php-legal-licenses [PHP]
https://github.com/composer/spdx-licenses [SPDX]
88/90
Password Policy
XSS
Insider Threat
Information Disclosure
SQL Injection
GDPR Policy
89/90
Agile ≠ Fast
產品負責人必須將資安官納入主要利益相關人
借鏡 DevOps/SAFe ,引入 DevSecOps 文化
利用軟體工程的手法 , 將複雜的流程解耦、分段
階段性實施 DevSecOps ( 小跑步法 )
確認團隊所有成員認同資安對於客戶的價值
持續投入資安訓練及演練
90/90
yftzeng@gmail.com
https://www.facebook.com/yftzeng.tw
https://twitter.com/yftzeng
曾義峰 (Ant)

More Related Content

What's hot

[DevSecOps 工作坊] 強化基礎設施安全性
[DevSecOps 工作坊] 強化基礎設施安全性[DevSecOps 工作坊] 強化基礎設施安全性
[DevSecOps 工作坊] 強化基礎設施安全性
CPHT
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspective
Colin Domoney
 
はじめての JFrog Pipelines
はじめての JFrog Pipelinesはじめての JFrog Pipelines
はじめての JFrog Pipelines
Tsuyoshi Miyake
 
KITE Network Instrumentation: Advanced WebRTC Testing
KITE Network Instrumentation: Advanced WebRTC TestingKITE Network Instrumentation: Advanced WebRTC Testing
KITE Network Instrumentation: Advanced WebRTC Testing
Alexandre Gouaillard
 
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security
DevOps.com
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
Take a step forward from user to maintainer or developer in open source secur...
Take a step forward from user to maintainer or developer in open source secur...Take a step forward from user to maintainer or developer in open source secur...
Take a step forward from user to maintainer or developer in open source secur...
SZ Lin
 
はじめての JFrog Distribution
はじめての JFrog Distributionはじめての JFrog Distribution
はじめての JFrog Distribution
Tsuyoshi Miyake
 
OpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshellOpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshell
SZ Lin
 
Not Only Reactive - Data Access with Spring Data
Not Only Reactive - Data Access with Spring DataNot Only Reactive - Data Access with Spring Data
Not Only Reactive - Data Access with Spring Data
VMware Tanzu
 
OpenChain - The Industry Standard for Open Source Compliance
OpenChain - The Industry Standard for Open Source ComplianceOpenChain - The Industry Standard for Open Source Compliance
OpenChain - The Industry Standard for Open Source Compliance
SZ Lin
 
Explore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShift
Explore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShiftExplore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShift
Explore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShift
Graham Charters
 
Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!
ichikaway
 
DevSecOps for Developers: How To Start
DevSecOps for Developers: How To StartDevSecOps for Developers: How To Start
DevSecOps for Developers: How To Start
Patricia Aas
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
James Wickett
 
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Cisco DevNet
 
Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?
Cisco DevNet
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming service
Alexandre Gouaillard
 
Marcin Grzejszczak - Contract Tests in the Enterprise
Marcin Grzejszczak - Contract Tests in the EnterpriseMarcin Grzejszczak - Contract Tests in the Enterprise
Marcin Grzejszczak - Contract Tests in the Enterprise
SegFaultConf
 

What's hot (20)

[DevSecOps 工作坊] 強化基礎設施安全性
[DevSecOps 工作坊] 強化基礎設施安全性[DevSecOps 工作坊] 強化基礎設施安全性
[DevSecOps 工作坊] 強化基礎設施安全性
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
How to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspectiveHow to get the best out of DevSecOps - an operations perspective
How to get the best out of DevSecOps - an operations perspective
 
はじめての JFrog Pipelines
はじめての JFrog Pipelinesはじめての JFrog Pipelines
はじめての JFrog Pipelines
 
KITE Network Instrumentation: Advanced WebRTC Testing
KITE Network Instrumentation: Advanced WebRTC TestingKITE Network Instrumentation: Advanced WebRTC Testing
KITE Network Instrumentation: Advanced WebRTC Testing
 
360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security360° Kubernetes Security: From Source Code to K8s Configuration Security
360° Kubernetes Security: From Source Code to K8s Configuration Security
 
DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Take a step forward from user to maintainer or developer in open source secur...
Take a step forward from user to maintainer or developer in open source secur...Take a step forward from user to maintainer or developer in open source secur...
Take a step forward from user to maintainer or developer in open source secur...
 
はじめての JFrog Distribution
はじめての JFrog Distributionはじめての JFrog Distribution
はじめての JFrog Distribution
 
OpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshellOpenChain 2.0 specification in a nutshell
OpenChain 2.0 specification in a nutshell
 
Not Only Reactive - Data Access with Spring Data
Not Only Reactive - Data Access with Spring DataNot Only Reactive - Data Access with Spring Data
Not Only Reactive - Data Access with Spring Data
 
OpenChain - The Industry Standard for Open Source Compliance
OpenChain - The Industry Standard for Open Source ComplianceOpenChain - The Industry Standard for Open Source Compliance
OpenChain - The Industry Standard for Open Source Compliance
 
Explore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShift
Explore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShiftExplore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShift
Explore Jakarta EE and MicroProfile on Azure with Open Liberty & OpenShift
 
Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!
 
DevSecOps for Developers: How To Start
DevSecOps for Developers: How To StartDevSecOps for Developers: How To Start
DevSecOps for Developers: How To Start
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
 
Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming service
 
Marcin Grzejszczak - Contract Tests in the Enterprise
Marcin Grzejszczak - Contract Tests in the EnterpriseMarcin Grzejszczak - Contract Tests in the Enterprise
Marcin Grzejszczak - Contract Tests in the Enterprise
 

Similar to Dev(Sec)Ops - Architecture for Security and Compliance

Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
Enterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetEnterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up Budget
DevOps.com
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
Michele Chubirka
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
Mohammed A. Imran
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
LibbySchulze
 
DevOpsDays Jakarta Igites
DevOpsDays Jakarta IgitesDevOpsDays Jakarta Igites
DevOpsDays Jakarta Igites
DevOpsDaysJKT
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Best Practices In Software Development Life Cycle (SDLC)
Best Practices In Software Development Life Cycle (SDLC)Best Practices In Software Development Life Cycle (SDLC)
Best Practices In Software Development Life Cycle (SDLC)
GrapesTech Solutions
 
Top10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome AppsTop10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome Apps
Casey Lee
 
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael DenipottiSecure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Raphael Denipotti
 
What is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdfWhat is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdf
komalmanu87
 
What is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdfWhat is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdf
komalmanu87
 
Improve Developer Experience with Developer Portal
Improve Developer Experience with Developer PortalImprove Developer Experience with Developer Portal
Improve Developer Experience with Developer Portal
Kumton Suttiraksiri
 
Working on DevSecOps culture - a team centric view
Working on DevSecOps culture - a team centric viewWorking on DevSecOps culture - a team centric view
Working on DevSecOps culture - a team centric view
Patrick Debois
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
Why DevSecOps Is Necessary For Your SDLC Pipeline?
Why DevSecOps Is Necessary For Your SDLC Pipeline?Why DevSecOps Is Necessary For Your SDLC Pipeline?
Why DevSecOps Is Necessary For Your SDLC Pipeline?
Enov8
 
Implementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud PlatformsImplementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud Platforms
Gaurav "GP" Pal
 

Similar to Dev(Sec)Ops - Architecture for Security and Compliance (20)

Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
Enterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up BudgetEnterprise-Grade DevOps Solutions for a Start Up Budget
Enterprise-Grade DevOps Solutions for a Start Up Budget
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Security's DevOps Transformation
Security's DevOps TransformationSecurity's DevOps Transformation
Security's DevOps Transformation
 
Strengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or lessStrengthen and Scale Security for a dollar or less
Strengthen and Scale Security for a dollar or less
 
Scale security for a dollar or less
Scale security for a dollar or lessScale security for a dollar or less
Scale security for a dollar or less
 
Cncf checkov and bridgecrew
Cncf checkov and bridgecrewCncf checkov and bridgecrew
Cncf checkov and bridgecrew
 
DevOpsDays Jakarta Igites
DevOpsDays Jakarta IgitesDevOpsDays Jakarta Igites
DevOpsDays Jakarta Igites
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Best Practices In Software Development Life Cycle (SDLC)
Best Practices In Software Development Life Cycle (SDLC)Best Practices In Software Development Life Cycle (SDLC)
Best Practices In Software Development Life Cycle (SDLC)
 
Top10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome AppsTop10 Characteristics of Awesome Apps
Top10 Characteristics of Awesome Apps
 
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael DenipottiSecure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
Secure Agile SDLC BSides 14 - 2017 - Raphael Denipotti
 
What is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdfWhat is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdf
 
What is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdfWhat is DevOps Services_ Tools and Benefits.pdf
What is DevOps Services_ Tools and Benefits.pdf
 
Improve Developer Experience with Developer Portal
Improve Developer Experience with Developer PortalImprove Developer Experience with Developer Portal
Improve Developer Experience with Developer Portal
 
Working on DevSecOps culture - a team centric view
Working on DevSecOps culture - a team centric viewWorking on DevSecOps culture - a team centric view
Working on DevSecOps culture - a team centric view
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
Why DevSecOps Is Necessary For Your SDLC Pipeline?
Why DevSecOps Is Necessary For Your SDLC Pipeline?Why DevSecOps Is Necessary For Your SDLC Pipeline?
Why DevSecOps Is Necessary For Your SDLC Pipeline?
 
Implementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud PlatformsImplementing Secure DevOps on Public Cloud Platforms
Implementing Secure DevOps on Public Cloud Platforms
 

More from Yi-Feng Tzeng

重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical Decision重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical Decision
Yi-Feng Tzeng
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
Yi-Feng Tzeng
 
Testing in Production, Deploy on Fridays
Testing in Production, Deploy on FridaysTesting in Production, Deploy on Fridays
Testing in Production, Deploy on Fridays
Yi-Feng Tzeng
 
COSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening KeynoteCOSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening Keynote
Yi-Feng Tzeng
 
COSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening KeynoteCOSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening Keynote
Yi-Feng Tzeng
 
給資安工程師開源授權觀念
給資安工程師開源授權觀念給資安工程師開源授權觀念
給資安工程師開源授權觀念
Yi-Feng Tzeng
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
Yi-Feng Tzeng
 
淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算
Yi-Feng Tzeng
 
A Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) ComplianceA Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) Compliance
Yi-Feng Tzeng
 
量子技術 (2018 03-31)
量子技術 (2018 03-31)量子技術 (2018 03-31)
量子技術 (2018 03-31)
Yi-Feng Tzeng
 
Swoole Love PHP
Swoole Love PHPSwoole Love PHP
Swoole Love PHP
Yi-Feng Tzeng
 
邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)
邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)
邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)
Yi-Feng Tzeng
 
Modern Web Architecture Design Journey
Modern Web Architecture Design JourneyModern Web Architecture Design Journey
Modern Web Architecture Design Journey
Yi-Feng Tzeng
 
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
Yi-Feng Tzeng
 
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
Yi-Feng Tzeng
 
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
Yi-Feng Tzeng
 
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
Yi-Feng Tzeng
 
軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險
Yi-Feng Tzeng
 
Redis, another step on the road
Redis, another step on the roadRedis, another step on the road
Redis, another step on the road
Yi-Feng Tzeng
 
淺入淺出 MySQL & PostgreSQL
淺入淺出 MySQL & PostgreSQL淺入淺出 MySQL & PostgreSQL
淺入淺出 MySQL & PostgreSQL
Yi-Feng Tzeng
 

More from Yi-Feng Tzeng (20)

重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical Decision重新想像:如何做技術選型決策 / Rethinking : Technical Decision
重新想像:如何做技術選型決策 / Rethinking : Technical Decision
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊-加強版
 
Testing in Production, Deploy on Fridays
Testing in Production, Deploy on FridaysTesting in Production, Deploy on Fridays
Testing in Production, Deploy on Fridays
 
COSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening KeynoteCOSCUP 2020 Day 2 - Opening Keynote
COSCUP 2020 Day 2 - Opening Keynote
 
COSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening KeynoteCOSCUP 2020 Day 1 - Opening Keynote
COSCUP 2020 Day 1 - Opening Keynote
 
給資安工程師開源授權觀念
給資安工程師開源授權觀念給資安工程師開源授權觀念
給資安工程師開源授權觀念
 
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
擁抱開源:企業應如何善用開源技術,才能得其利而防其弊
 
淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算淺談量子機器學習 - 當機器學習遇見量子計算
淺談量子機器學習 - 當機器學習遇見量子計算
 
A Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) ComplianceA Modern Web Architecture for (GDPR) Compliance
A Modern Web Architecture for (GDPR) Compliance
 
量子技術 (2018 03-31)
量子技術 (2018 03-31)量子技術 (2018 03-31)
量子技術 (2018 03-31)
 
Swoole Love PHP
Swoole Love PHPSwoole Love PHP
Swoole Love PHP
 
邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)
邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)
邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)
 
Modern Web Architecture Design Journey
Modern Web Architecture Design JourneyModern Web Architecture Design Journey
Modern Web Architecture Design Journey
 
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
善用 MySQL 及 PostgreSQL - RDBMS 的逆襲 - part1
 
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]恰如其分的 MySQL 設計技巧 [Modern Web 2016]
恰如其分的 MySQL 設計技巧 [Modern Web 2016]
 
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
談 Uber 從 PostgreSQL 轉用 MySQL 的技術爭議
 
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)資料庫索引數據結構及主鍵設計(b+tree)(part 1)
資料庫索引數據結構及主鍵設計(b+tree)(part 1)
 
軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險軟體接案自由職業者 (Freelancer) 意想不到的風險
軟體接案自由職業者 (Freelancer) 意想不到的風險
 
Redis, another step on the road
Redis, another step on the roadRedis, another step on the road
Redis, another step on the road
 
淺入淺出 MySQL & PostgreSQL
淺入淺出 MySQL & PostgreSQL淺入淺出 MySQL & PostgreSQL
淺入淺出 MySQL & PostgreSQL
 

Recently uploaded

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
LizaNolte
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
Sunil Jagani
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
Safe Software
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 

Recently uploaded (20)

Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillinQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxAI in the Workplace Reskilling, Upskilling, and Future Work.pptx
AI in the Workplace Reskilling, Upskilling, and Future Work.pptx
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Essentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation ParametersEssentials of Automations: Exploring Attributes & Automation Parameters
Essentials of Automations: Exploring Attributes & Automation Parameters
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 

Dev(Sec)Ops - Architecture for Security and Compliance