ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

•

0 likes•65 views

Free Online DevOps Conference 2020 ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» Сайт: www.devopsconf.org Ми в www.facebook.com/godevopsevent www.t.me/GoDevOpsEvent www.linkedin.com/showcase/go-devops

Technology

Security is important
• Average data breach cost – 4$ millions
• Attacks rose in 2020 – 600%
• Ukraine government is on 5th place of target attacks
• 70% of small business can’t deal with cyber attack
• 16% of healthcare providers are ready to prevent attack

DevSecOps
• Collective Responsibility
• Collaboration and Integration
• Pragmatic Implementation
• Bridging Compliance and Development
• Automation
• Measure, Monitor, Report and Action

Github security tooling
• Code scanning
• Dependabot
• Vulnerability management

Code scaning
• SonarQube
• WhiteSource
• Github
• Code scanning
• Dependabot
• Vulnerability management
• Coverity
• BlackDuck

Threat modeling
• Microsoft Threat Modeling Tool
• Threat Modeler
• Threat Dragon

Dynamic Application Security Testing
• Checkmarx
• Fortify
• ZAP

Infrastructure security tools
• Nessus
• Azure Security Center
• AWS Cloud Security

Illia Lubenets
• Solution architect
• Microsoft Azure MVP
• https://twitter.com/L0ndra_
• https://t.me/procrastinationselfflagellation

ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed. You’ll learn how to: - Build Playbooks that automatically run based on events in your network. - Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS. - Ingest and send data from any tool (including tools not yet integrated with ThreatConnect). - Use Playbooks to get disconnected tools to all talk to each other. We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.

Outpost24 webinar - Mastering the art of multicloud security

Outpost24

Outpost24 webinar - Implications when migrating to a Zero Trust model

Outpost24

As zero trust moves higher up on the CISOs security agenda we’re hosting a webinar to discuss the pros and cons of adopting this new approach and how it can impact your team’s ability to remain agile, whilst protecting your business. As a recent study demonstrates, 34% of security breaches involved insiders in 2019 meaning CISOs are becoming more likely to consider zero trust and it should come as no surprise that many organizations are now eager to adopt a zero-trust security policy.

Whether people admit or not, everyone is moving to the cloud and all future business will run somewhere on the internet. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. CISOs and CIOs need to think differently and set new Cloud Security Architecture. This session will try to draw the main areas of concern from Security perspective while moving to the cloud.

Outpost24 webinar: Security Analytics: what's in a risk score

Outpost24

The Cyber Attack Risk

Skyport Systems

AWS User Group August EditionAndreas Wasita

David Tweedale - The Evolving Threat Landscape #midscybersecurity18

Pro Mrkt

Top 5 Cloud Security Predictions for 2016

Alert Logic

Join Alert Logic Chief Strategy Officer and Co-Founder Misha Govshteyn as he presents his predictions for the state of cloud security in 2016, including: -The rise of cloud adoption and how businesses will approach the cloud -What the threat landscape for cloud environments will look like -How data and analytics will evolve to meet cloud adoption ...and more. You’ll get a clear view of what expert security researchers are expecting in the coming year for organizations like yours who are leveraging the power of cloud infrastructure. See the accompanying webinar here: https://www.alertlogic.com/resources/webinars/top-5-cloud-security-predictions-for-2016/

Outpost24 Webinar - Creating a sustainable application security program to dr...

Outpost24

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy

North Texas Chapter of the ISSA

Jon Murphy, National Practice Lead, AOS Top 10 Trends for 2015 in Information Tech Risk Management ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.

Ransomware: Why Are Backup Vendors Trying To Scare You?

marketingunitrends

Ransomware. The very word strikes fear into the hearts of admins, backup specialists, and security pros. Backup software vendors know if all your data is not protected, there is a good chance that if (when?) ransomware hits, you will most likely lose data. But, what should scare you more is less than half of ransomware victims fully recover their data, even with backup. What can you do to make sure you are not on the wrong side of a statistic?

Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas

Acronis

Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World

Pro Mrkt

Introduction to Threat Modeling

InMobi Technology

This is the presentation from Null/OWASP/g4h November Bangalore MeetUp by Shivendra Saxena. technology.inmobi.com/events/null-owasp-g4h-november-meetup This topic would deal with the introduction to threat modeling. We'll discuss about the process of brainstorming about the issues which might appear when the product gets built. Will discuss about the STRIDE model and about the importance of the eraky detection of the security issues.

Azure for Education Ktadeka UCL Cloud Event 2013

Lee Stott

Jul outlook malware18

Setia Juli Irzal Ismail

The Case for EDR: What's In Your Toolkit

Dawn Yankeelov

Outpost24 webinar: Risk-based approach to security assessments

Outpost24

Outpost24 webinar - Enhance user security to stop the cyber-attack cycle

Outpost24

The Top 7 Causes of Major Security Breaches

Kaseya

In these times where North American companies are under constant cyber-attack, can you afford to underestimate the disaster that a security breach could cause on your organization? Your organization's leadership has entrusted your team with the company's cyber security, and this includes ensuring that user data is safe and their productivity isn't compromised. Join our panel of experts (Alex Brandt, who brings 19 years of hands-on expertise in the IT space, and Cynthia James, a security expert with over 25 years in the industry) as they discuss the 7 biggest reasons that business security gets compromised (and what you can do about it). These include: The threat of increased employee mobility Managing BYOD Perimeter-less networks The best way to reduce human error And MUCH more... Stick around until the end and gain the visibility you need to uncover security holes before they become major disasters and put your organization and (even worse) your job at risk.

The Current ICS Threat Landscape

Dragos, Inc.

Presentation from Cyber Security for Critical Assets conference (CS4CA ) in Houston, March 26-28 2019 presented by Sergio Caltagirone, Vice President of Threat Intelligence. Covers: - overview of the OT threat landscape - new OT threats Dragos has uncovered through its industrial cybersecurity technology platform, array of services, and industrial threat intelligence. - details on major industrial threat activity groups and root causes of many recent OT compromises Learn more here: https://dragos.com/year-in-review/ More info: www.dragos.com Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./ Follow us on Twitter: https://twitter.com/dragosinc

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...

Outpost24

Moving Security to the Left

Javier Godinez

What's hot

Alex Michael - 2017/2018 Cyber Threat Report in an Enterprise Mobile World

Pro Mrkt

Cloud Security Architecture - a different approach

EC-Council

Outpost24 webinar: Security Analytics: what's in a risk score

Outpost24

The Cyber Attack Risk

Skyport Systems

AWS User Group August EditionAndreas Wasita

David Tweedale - The Evolving Threat Landscape #midscybersecurity18

Pro Mrkt

Top 5 Cloud Security Predictions for 2016

Alert Logic

Outpost24 Webinar - Creating a sustainable application security program to dr...

Outpost24

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy

North Texas Chapter of the ISSA

Ransomware: Why Are Backup Vendors Trying To Scare You?

marketingunitrends

Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas

Acronis

Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World

Pro Mrkt

Introduction to Threat Modeling

InMobi Technology

Azure for Education Ktadeka UCL Cloud Event 2013

Lee Stott

Jul outlook malware18

Setia Juli Irzal Ismail

The Case for EDR: What's In Your Toolkit

Dawn Yankeelov

Outpost24 webinar: Risk-based approach to security assessments

Outpost24

Outpost24 webinar - Enhance user security to stop the cyber-attack cycle

Outpost24

The Top 7 Causes of Major Security Breaches

Kaseya

The Current ICS Threat Landscape

Dragos, Inc.

What's hot (20)

Alex Michael - 2017/2018 Cyber Threat Report in an Enterprise Mobile World

Cloud Security Architecture - a different approach

Outpost24 webinar: Security Analytics: what's in a risk score

The Cyber Attack Risk

AWS User Group August Edition

David Tweedale - The Evolving Threat Landscape #midscybersecurity18

Top 5 Cloud Security Predictions for 2016

Outpost24 Webinar - Creating a sustainable application security program to dr...

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy

Ransomware: Why Are Backup Vendors Trying To Scare You?

Acronis True Image 3rd Party Speed & Ransomware Tests, Apr 2017 from MRG Effitas

Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile World

Introduction to Threat Modeling

Azure for Education Ktadeka UCL Cloud Event 2013

Jul outlook malware18

The Case for EDR: What's In Your Toolkit

Outpost24 webinar: Risk-based approach to security assessments

Outpost24 webinar - Enhance user security to stop the cyber-attack cycle

The Top 7 Causes of Major Security Breaches

The Current ICS Threat Landscape

Similar to ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...

Outpost24

Moving Security to the Left

Javier Godinez

The Changing Landscape of Information Security

DevSecOpsSg

The state of web applications (in)security @ ITDays 2016

Tudor Damian

The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.

Application Hackers Have A Handbook. Why Shouldn't You?London School of Cyber Security

EISA Considerations for Web Application SecurityLarry Ball

Solnet dev secops meetup

pbink

DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...

DevSecCon

Top Application Security Trends of 2012

DaveEdwards12

Learn about the major risks to Cloud and Web-based Applications. What are their weaknesses? How can you deploy them in a more confident fashion and avoid the risks? What can you do to protect these applications without creating a major burden on your end-users and customers. Application Security has become one of the top most priorities of CIOs, CSOs and IT Staff in 2012. Cloud has created a paradigm shift in how we leverage technology. Learn about the power of the Cloud to Secure your applications.

Security in an Interconnected and Complex World of Software

Michael Coates

2013 michael coates-javaoneMichael Coates

SCS DevSecOps Seminar - State of DevSecOps

Stefan Streichsbier

Secure application deployment in the age of continuous delivery

Black Duck by Synopsys

As presented by Tim Mackey, Senior Technical Evangelist at Black Duck Software, at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious. Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: - How known vulnerabilities can make their way into production deployments - How vulnerability impact is maximized - A methodology for ensuring deployment of vulnerable code can be minimized - A methodology to minimize the potential for vulnerable code to be redistributed

Secure application deployment in the age of continuous delivery

Tim Mackey

As presented at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious. Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: - How known vulnerabilities can make their way into production deployments - How vulnerability impact is maximized - A methodology for ensuring deployment of vulnerable code can be minimized - A methodology to minimize the potential for vulnerable code to be redistributed

Journey to the Cloud: Securing Your AWS Applications - April 2015

Alert Logic

James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers: • The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS. • Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections) • Best practices for how to protect your environment from the latest threats

Keeping Secrets on the Internet of Things - Mobile Web Application Security

Kelly Robertson

Have you ever wondered why our web apps, and mobile web apps in particular, are hard to secure? Be sure to read the speakers notes in this presentation In this lengthy presentation, you will observe where researchers and hackers corrupt the developer's intentions...then, you will look at the Good, the Bad and the Ugly of Secure Software Development, WAF considerations, and Mobile Device Management...

Security in the age of open source - Myths and misperceptions

Tim Mackey

As delivered at Interop ITX 2017. The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.

Started In Security Now I'm Here

Christopher Grayson

Secure the modern Enterprise

Microsoft Österreich

Security+ SY0-701 CERTIFICATION TRAINING.pdf

infosecTrain

Learn all about the Latest CompTIA Security+ SYO-701 Exam in 2 minutes! Swipe through the slides to discover the new updates in this latest version, its course content, target audience, exam details, career scope, and more. 𝐒𝐭𝐚𝐫𝐭 𝐲𝐨𝐮𝐫 𝐥𝐞𝐚𝐫𝐧𝐢𝐧𝐠 𝐣𝐨𝐮𝐫𝐧𝐞𝐲 𝐧𝐨𝐰! 👉 https://www.infosectrain.com/courses/comptia-security/

Similar to ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps (20)

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...

Moving Security to the Left

The Changing Landscape of Information Security

The state of web applications (in)security @ ITDays 2016

Application Hackers Have A Handbook. Why Shouldn't You?

EISA Considerations for Web Application Security

Solnet dev secops meetup

DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...

Top Application Security Trends of 2012

Security in an Interconnected and Complex World of Software

2013 michael coates-javaone

SCS DevSecOps Seminar - State of DevSecOps

Secure application deployment in the age of continuous delivery

Journey to the Cloud: Securing Your AWS Applications - April 2015

Keeping Secrets on the Internet of Things - Mobile Web Application Security

Security in the age of open source - Myths and misperceptions

Started In Security Now I'm Here

Secure the modern Enterprise

Security+ SY0-701 CERTIFICATION TRAINING.pdf

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

UiPathCommunity

In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni. 📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath: Autopilot per Studio Web Autopilot per Studio Autopilot per Apps Clipboard AI GenAI applicata alla Document Understanding 👨‍🏫👨‍💻 Speakers: Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath Andrei Tasca, RPA Solutions Team Lead @NTT Data

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Free Complete Python - A step towards Data Science

RinaMondal9

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

The Future of Platform Engineering

Jemma Hussein Allen

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 4

Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Free Complete Python - A step towards Data Science

Introduction to CHERI technology - Cybersecurity

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Key Trends Shaping the Future of Infrastructure.pdf

Essentials of Automations: Optimizing FME Workflows with Parameters

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

PHP Frameworks: I want to break free (IPC Berlin 2024)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

The Future of Platform Engineering

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

How world-class product teams are winning in the AI era by CEO and Founder, P...

The Art of the Pitch: WordPress Relationships and Sales

Monitoring Java Application Security with JDK Tools and JFR Events

Accelerate your Kubernetes clusters with Varnish Caching

ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

1. DevSecOops Illia Lubenets

2. What is common?

3. Security is important

4. Security is important • Average data breach cost – 4$ millions • Attacks rose in 2020 – 600% • Ukraine government is on 5th place of target attacks • 70% of small business can’t deal with cyber attack • 16% of healthcare providers are ready to prevent attack

5. DevSecOps

6. DevSecOps • Collective Responsibility • Collaboration and Integration • Pragmatic Implementation • Bridging Compliance and Development • Automation • Measure, Monitor, Report and Action

7. DevSecOps architecture sample

8. Tooling

9. Github security tooling • Code scanning • Dependabot • Vulnerability management

10. Code scaning • SonarQube • WhiteSource • Github • Code scanning • Dependabot • Vulnerability management • Coverity • BlackDuck

11. Threat modeling • Microsoft Threat Modeling Tool • Threat Modeler • Threat Dragon

12. Dynamic Application Security Testing • Checkmarx • Fortify • ZAP

13. Infrastructure security tools • Nessus • Azure Security Center • AWS Cloud Security

14. Conclusion

15. Security should be proper

16. Illia Lubenets • Solution architect • Microsoft Azure MVP • https://twitter.com/L0ndra_ • https://t.me/procrastinationselfflagellation

ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

Similar to ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps (20)

More from UA DevOps Conference

More from UA DevOps Conference (10)

Recently uploaded

Recently uploaded (20)

ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps