Had a session at the "Empowering Digital Trust: Data Security and Beyond" event organized by Thales Data Security. The event was free and open to the public.
This is a recap of the presentation we gave at BSides Las Vegas 2014 and DefCon 22 as part of the Wall of Sheep Presentations. The purpose of this presentation was to underscore common SSL implementation failures in mobile applications, how to avoid them and show how SSL Session Caching can be abused, particularly on Android, to create persistent and nearly undetectable MitM conditions.
This is a recap of the presentation we gave at BSides Las Vegas 2014 and DefCon 22 as part of the Wall of Sheep Presentations. The purpose of this presentation was to underscore common SSL implementation failures in mobile applications, how to avoid them and show how SSL Session Caching can be abused, particularly on Android, to create persistent and nearly undetectable MitM conditions.
You can watch the replay for this Geek Sync webcast, Successfully Migrating Existing Databases to Azure SQL Database, on the IDERA Resource Center, http://ow.ly/k4p050A4rBA.
First impressions have long-lasting effects. When dealing with an architecture change like migrating to Azure SQL Database the last thing you want to do is leave a bad first impression by having an unsuccessful migration. In this session, you will learn the difference between Azure SQL Database, SQL Managed Instances, and Elastic Pools. How to use tools to test migrations for compatibility issues before you start the migration process. You will learn how to successfully migrate your database schema and data to the cloud. Finally, you will learn how to determine which performance tier is a good starting point for your existing workload(s) and how to monitor your workload over time to make sure your users have a great experience while you save as much money as possible.
Speaker: John Sterrett is an MCSE: Data Platform, Principal Consultant and the Founder of Procure SQL LLC. John has presented at many community events, including Microsoft Ignite, PASS Member Summit, SQLRally, 24 Hours of PASS, SQLSaturdays, PASS Chapters, and Virtual Chapter meetings. John is a leader of the Austin SQL Server User Group and the founder of the HADR Virtual Chapter.
Geek Sync | Database People and DevOps: The FundamentalsIDERA Software
You can watch the replay for this Geek Sync webcast, Database People and DevOps: The Fundamentals, in the AquaFold Resource Center, http://ow.ly/XXzt50A4qAz.
DevOps is a software delivery philosophy that focuses on delivering quality, faster. Join IDERA and Stuart Ainsworth to learn about the basic principles of DevOps and how they apply to database development and administration. Everyone's environment is different, but the strategies discussed within can be translated into basic tactical gains that are easy to implement.
Topics covered include:
* a (VERY) brief history of DevOps
* why DBAs make the best DevOps engineers
* what admins can teach developers, and what developers can teach admins
Speaker: Stuart Ainsworth is an IT manager working in financial information security. Over the past 20 years, he's worked as a research analyst, a report writer, a DBA, a programmer, and a public speaking professor. He’s a chapter leader for AtlantaMDF, the SQL Server user group in Atlanta, as well as a speaker at SQLSaturdays, PASS Summit, code camps, and user groups.
What is content marketing?
Why is content marketing important?
What are some good examples of content marketing?
What's different about the iProspect approach to content marketing?
Geek Sync | Azure Cloud & You: First Steps for the DBAIDERA Software
You can watch the replay for this Geek Sync webcast, Azure Cloud & You: First Steps for the DBA, in the IDERA Resource Center, http://ow.ly/68S750A4rtU.
It's not a question of whether or not the landscape for the common DBA is changing. Without a doubt, it is. Azure offers up a new world of possibilities for DBA's and we should all strive to learn it. In this session, we'll cover some basic knowledge and terminology of Azure as well as how easy it is to incorporate Azure into your environment. We will stand up a new Azure virtual machine as well as a setup SQL DB. You will see how easy it is to accomplish this. This new-found knowledge will help propel your career into the new landscape.
Speaker: John Morehouse is currently a Consultant with Denny Cherry & Associates living in Louisville, Kentucky. John led the Omaha SQL Server user group for 7 years and is now a leader of the Louisville SQL Server/Power BI user group. He is a Microsoft Data Platform MVP, 2016 IDERA ACE, blogger, avid tweeter, and a frequent speaker at SQL Saturday's as well as other conferences. In his spare time, you can usually find John on Twitter (@sqlrus) as well as chasing his two young sons around the house.
• How Software Development Methodologies may increase the security level
• Detecting and handling vulnerabilities in dependencies in a pragmatic way
• High-level principles that ~always increase the security level
-Microsoft Security Development Lifecycle practices
-What is Dev SecOps
-Static and Dynamic Application Security Testing
Given as part of the panel, "Planning is Hard, Change is Harder: Migrating Digital Collections" at the PLAN Digitization Conference, Panama City Beach, August 13, 2015.
Winning Strategies for a Successful ERP ImplementationJonathan Gross
Is your company running an ERP selection project? Has it turned its mind to ERP implementation? In this presentation, we breakdown critical organizational readiness tasks that should be undertaken early, including team building. Learn the keys to building an effective ERP organization, including steering committee, project management, and core team.
Five Enterprise Development Best Practices That EVERY Salesforce Org Can UseSalesforce Developers
In any environment, non-existent or ad-hoc standards greatly contribute to technical debt. Join us as we explain why Salesforce's multi-tenant architecture and its platform and governor limits make managing technical debt in the App Cloud so critical. You'll discover five best-practices that can make an immediate impact on the maintainability and scalability of your org.
Security issues, dependency vulnerabilities, misconfigurations... All of those can make or break your Open Source projects. Also, you want to make sure you adhere to the best practices, especially when you use more complex tools like Kubernetes.
Let's see how we can use the tools that GitHub and Datree provide (most are Open Source too!) to secure your project and make sure that no misconfiguration ever reaches the deployment targets!
Microsoft Skills Bootcamp - The power of GitHub and AzureDavide Benvegnù
In this session, part of the Microsoft Skills Bootcamp, I go through Digital Transformation in the DevOps era, and how to use Azure DevOps and GitHub together to achieve that.
More Related Content
Similar to DevSecOps Done Right - Strategies and Tools.pptx
You can watch the replay for this Geek Sync webcast, Successfully Migrating Existing Databases to Azure SQL Database, on the IDERA Resource Center, http://ow.ly/k4p050A4rBA.
First impressions have long-lasting effects. When dealing with an architecture change like migrating to Azure SQL Database the last thing you want to do is leave a bad first impression by having an unsuccessful migration. In this session, you will learn the difference between Azure SQL Database, SQL Managed Instances, and Elastic Pools. How to use tools to test migrations for compatibility issues before you start the migration process. You will learn how to successfully migrate your database schema and data to the cloud. Finally, you will learn how to determine which performance tier is a good starting point for your existing workload(s) and how to monitor your workload over time to make sure your users have a great experience while you save as much money as possible.
Speaker: John Sterrett is an MCSE: Data Platform, Principal Consultant and the Founder of Procure SQL LLC. John has presented at many community events, including Microsoft Ignite, PASS Member Summit, SQLRally, 24 Hours of PASS, SQLSaturdays, PASS Chapters, and Virtual Chapter meetings. John is a leader of the Austin SQL Server User Group and the founder of the HADR Virtual Chapter.
Geek Sync | Database People and DevOps: The FundamentalsIDERA Software
You can watch the replay for this Geek Sync webcast, Database People and DevOps: The Fundamentals, in the AquaFold Resource Center, http://ow.ly/XXzt50A4qAz.
DevOps is a software delivery philosophy that focuses on delivering quality, faster. Join IDERA and Stuart Ainsworth to learn about the basic principles of DevOps and how they apply to database development and administration. Everyone's environment is different, but the strategies discussed within can be translated into basic tactical gains that are easy to implement.
Topics covered include:
* a (VERY) brief history of DevOps
* why DBAs make the best DevOps engineers
* what admins can teach developers, and what developers can teach admins
Speaker: Stuart Ainsworth is an IT manager working in financial information security. Over the past 20 years, he's worked as a research analyst, a report writer, a DBA, a programmer, and a public speaking professor. He’s a chapter leader for AtlantaMDF, the SQL Server user group in Atlanta, as well as a speaker at SQLSaturdays, PASS Summit, code camps, and user groups.
What is content marketing?
Why is content marketing important?
What are some good examples of content marketing?
What's different about the iProspect approach to content marketing?
Geek Sync | Azure Cloud & You: First Steps for the DBAIDERA Software
You can watch the replay for this Geek Sync webcast, Azure Cloud & You: First Steps for the DBA, in the IDERA Resource Center, http://ow.ly/68S750A4rtU.
It's not a question of whether or not the landscape for the common DBA is changing. Without a doubt, it is. Azure offers up a new world of possibilities for DBA's and we should all strive to learn it. In this session, we'll cover some basic knowledge and terminology of Azure as well as how easy it is to incorporate Azure into your environment. We will stand up a new Azure virtual machine as well as a setup SQL DB. You will see how easy it is to accomplish this. This new-found knowledge will help propel your career into the new landscape.
Speaker: John Morehouse is currently a Consultant with Denny Cherry & Associates living in Louisville, Kentucky. John led the Omaha SQL Server user group for 7 years and is now a leader of the Louisville SQL Server/Power BI user group. He is a Microsoft Data Platform MVP, 2016 IDERA ACE, blogger, avid tweeter, and a frequent speaker at SQL Saturday's as well as other conferences. In his spare time, you can usually find John on Twitter (@sqlrus) as well as chasing his two young sons around the house.
• How Software Development Methodologies may increase the security level
• Detecting and handling vulnerabilities in dependencies in a pragmatic way
• High-level principles that ~always increase the security level
-Microsoft Security Development Lifecycle practices
-What is Dev SecOps
-Static and Dynamic Application Security Testing
Given as part of the panel, "Planning is Hard, Change is Harder: Migrating Digital Collections" at the PLAN Digitization Conference, Panama City Beach, August 13, 2015.
Winning Strategies for a Successful ERP ImplementationJonathan Gross
Is your company running an ERP selection project? Has it turned its mind to ERP implementation? In this presentation, we breakdown critical organizational readiness tasks that should be undertaken early, including team building. Learn the keys to building an effective ERP organization, including steering committee, project management, and core team.
Five Enterprise Development Best Practices That EVERY Salesforce Org Can UseSalesforce Developers
In any environment, non-existent or ad-hoc standards greatly contribute to technical debt. Join us as we explain why Salesforce's multi-tenant architecture and its platform and governor limits make managing technical debt in the App Cloud so critical. You'll discover five best-practices that can make an immediate impact on the maintainability and scalability of your org.
Security issues, dependency vulnerabilities, misconfigurations... All of those can make or break your Open Source projects. Also, you want to make sure you adhere to the best practices, especially when you use more complex tools like Kubernetes.
Let's see how we can use the tools that GitHub and Datree provide (most are Open Source too!) to secure your project and make sure that no misconfiguration ever reaches the deployment targets!
Microsoft Skills Bootcamp - The power of GitHub and AzureDavide Benvegnù
In this session, part of the Microsoft Skills Bootcamp, I go through Digital Transformation in the DevOps era, and how to use Azure DevOps and GitHub together to achieve that.
All Around Azure: DevOps with GitHub - Managing the Flow of WorkDavide Benvegnù
Let's see how to use GitHub and Azure DevOps together to manage the flow of work.
DevOps is all about continuously delivering value. Before we can even begin thinking about CI/CD, we need to make sure we do the right work. Sprint after sprint, iteration after iteration, we need to plan our work and manage our workflows.
This includes planning and tracking all units of work for the project. With frequent small iterations, there is no time to waste. Careful planning needs to happen to ensure the correct work gets done for each iteration. With the compressed time frame for each iteration, team members must work and coordinate their activities. Thus cross (functional) team visibility of work becomes vital for that coordination and allocation of resources. Visibility also ensures problems or bottlenecks get surfaced and addressed quickly.
CI CD per .Net 5? Facile con Azure Pipelines e GitHub Actions Davide Benvegnù
.Net 5 e' appena diventato GA ma e' gia supportato sia da GitHub che da Azure DevOps. In questa sessione vedremo come fare CI CD per le nostre applicazioni .Net 5 e Asp.net Core 5 usando Azure Pipelines e GitHub Actions
GitHub Actions: your free CI engine (and much more)Davide Benvegnù
SLIDES FROM THE HONG KONG OPENSOURCE CONFERENCE 2020
--------------
GitHub Actions is now the second most popular Build Platform on GitHub.
But it is also much more than than a CI system: it is a very powerful automation engine.
Let's take a look at how we can do CI with Actions, and how we can automate operations on our GitHub projects.
Life of a Remote Developer - Productivity tips (MSBuild 2020)Davide Benvegnù
[These are the slides from my session at Microsoft Build 2020]
Working remotely is not easy, even if you are a developer.
Let’s take a look at some techniques and tools to improve our productivity when working remotely (and that works as well if you’re working in office!)
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Davide Benvegnù
[SLIDES FROM MICROSOFT ONLINE TECH FORUM SESSION]
Kubernetes is the open source container orchestration system that supercharges applications with scaling and reliability and unlocks advanced features, like A/B testing, Blue/Green deployments, canary builds, and dead-simple rollbacks.
In this session, see how Tailwind Traders took a containerized application and deployed it to Azure Kubernetes Service (AKS).
You’ll walk away with a deep understanding of major Kubernetes concepts and how to put it all to use with industry standard tooling.
Debugging and Interacting with Production Applications - MS Online Tech ForumDavide Benvegnù
[SLIDE FROM MICROSOFT ONLINE TECH FORUM SESSION]
Now that the applications are in the Cloud, developers must find ways to debug and interact with the production applications with minimal impact and maximal efficiency.
Azure comes with a full set of tools and utilities that can be used to manage and monitor your applications.
In this session, see how streaming logs work to monitor the production application in real time. We also show how Snapshot Debugging can be used to live debug applications.
Architect your app modernization journey with containers on Microsoft AzureDavide Benvegnù
Modernize your application with containers has never been easier! Discover how Azure helps providing all the services you need.
This slides deck has been created for the Microsoft Azure Developer Camp in HK
Secure your applications with Azure AD and Key VaultDavide Benvegnù
Developers like the productivity of the Azure Platform, and now with Azure KeyVault and AAD we can easily secure secrets like DocumentDB, Media Services or Azure Batch keys in Azure KeyVault and apply granular policies to define who can access the secrets.
In this session we will see how to adopt a secure approach to manage application secrets by using Azure KeyVault, Azure Active Directory and Principals based on Certificates.
Microservices have become a trendy development strategy. Hosting and running such services used to be pretty painful… but here it comes Service Fabric! Let's take a closer look at this platform, it's different development models and all the features it offers. And not only for microservices!
Develop a Serverless Integration Platform for the EnterpriseDavide Benvegnù
Integrating different systems is usually important, but in the Enterprise it is critical. And managing the integration platform is often even more critical.
But what if we can design an integration architecture and pattern which can be applied to most of the systems, which doesn't require much management and which can scale on the fly?
In this session we will see how we can achieve that using the serveless offering we have on Azure: Functions, LogicApp and Service Bus.
“Microservices” have become a trendy development strategy. Hosting and running such services used to be pretty painful... but here comes Service Fabric! Let’s take a closer look at this platform, its different development models and all the features it offers, and not only for microservices!
SharePoint Disaster Recovery in Microsoft AzureDavide Benvegnù
When disaster strikes your SharePoint environment, your top priority is to get the system running again quickly. Disaster recovery with SharePoint is quicker and easier with Microsoft Azure.
This covers everything from ground up to compliment a customers SharePoint farm with its DR on Azure.
Microsoft TechSummit - Deploy your Solution to IaaS and PaaS with VSTS and Az...Davide Benvegnù
Azure offers exciting possibilities for hosting your application, whether you choose the IaaS or the PaaS offering. Using Visual Studio Team Services, we can deploy to any of them and leverage on their features easily. Let's see how.
VS2017PI - Le novità di visual studio team servicesDavide Benvegnù
Vediamo insieme tutte le principali novità di Visual Studio Team Services presentate a Connect() o introdotte nell'ultimo mese.
Novità per sviluppatori, DevOps e generali.
Even if very few people know it, Microsof thas a long story in the Open Source software.
Let's take a look at the current situation as well as all the major steps taken during the last 15 years
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
DevSecOps Done Right - Strategies and Tools.pptx
1. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
DevSecOps Done
Right:
Strategies and Tools
Davide Benvegnu
2. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Who is me…
Davide Benvegnu
DevOps and Infra Lead, PlayStudios
2
3. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Who is me…
Davide Benvegnu
DevOps and Infra Lead, PlayStudios
3
Microsoft MVP
Allegedly Famous YouTuber
Landscape photographer
Former MMA fighter
4. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Applied Security
5. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Development
& Branching
Change
Management
Quality
Assurance
Processes
Infrastructure
Automation
SECURITY
Release
Engineering
Performance
Monitoring
6. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Bad – No Security
7. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Bad – Security as an afterthought
8. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Still Bad - Detached
9. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Good – Security everywhere, at any moment
10. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Shift Left
11. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Shift Left on Security
12. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Shift Left on Security
13. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
The earlier we remediate, the better
Development Build Test/QA Production Breach
Remediation
Costs
SDLC
Stages
Develop Build Test Deploy Breach
$80 $240
$960
$7,600
$ Millions
Sources: NIST, Polemon Institute
14. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Shift Left on Security
15. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Shift Left on Security
16. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Security as Responsibility
17. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Security for everyone
PO
Security
in Epics
PM
Security
in Features
DEV
Secure(d)
Development
TESTER
Security
Testing
OPS
Security
Monitoring
…
…
…
18. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Security teams reinvented
19. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Security for everyone
20. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Security for everyone
21. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Just everyone
22. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
DevSecOps Practices
23. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Security Work in the Backlog
24. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Security through the whole process
Sprint
• Security work taken into Sprint
Active
• Topic branch linked to item for traceability
Pull
Request
• PR changes must pass security scanning and policies
Merge
• Continuous Integration Build from Main
Pre-Prod
• Security and Vulnerability tests must pass 100%
Release
• Progressive deploy across stages with release gates
25. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Assume Breach
Initially double-blind test
Over time, eliminated blue team
vs.
Shifted left to prevent top risks
Credential theft
Secret leakage
OSS vulnerabilities
26. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
DevSecOps for each pillar
27. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Definition of DevOps
DevOps is the union of
people, processes, and
products to enable
continuous delivery of
value to your end users.
“
”
Donovan Brown
28. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
People
• Education
• Security first mindset
• Assumed breach
• Protect Credentials
Processes
• Secure Development Lifecycle
• Threat Modeling
• Security Assessments
• Red-Blue Team Exercises (War Games)
• Code Reviews
• Limited Production Access
• Immutable Infrastructure
• Progressive Exposure
Products (Technologies, Tools)
• Release automation
• Infrastructure/Config as Code
• Static Code Analysis /
Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Credential Scanning
• Secrets Management
• Known Vulnerabilities
DevSecOps for the three DevOps Pillars
29. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
About Tools
30. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
How to Select Tools
• Developer-friendly
• Fast yet reliable
• Local
• CI
• CD
• Minimal false positive rate
31. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
How and What
32. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Integrated
Cloud Provider
IDE & VCS
Examples:
GitHub Advanced Security
• Secret Scanning
• Code Scanning
• Dependency Scanning
• SARIF Support
GitLab Application Security
• Same as GHAS
• IaC Scanning
VSCode Extensions
…
Examples:
Azure Security Center
Azure Monitor
AWS Cloud Security
AWS Cloudwatch
GCP Security Command Center
GCP Chronicle Security Ops.
…
33. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Integrated or Integratable
Cloud Provider
IDE & VCS 3rd-party
Examples:
GitHub Advanced Security
• Secret Scanning
• Code Scanning
• Dependency Scanning
• SARIF Support
GitLab Application Security
• Same as GHAS
• IaC Scanning
VSCode Extensions
…
Examples:
Azure Security Center
Azure Monitor
AWS Cloud Security
AWS Cloudwatch
GCP Security Command Center
GCP Chronicle Security Ops.
…
Examples:
Well…
As long as we can have a
Single Pane of Glass solution
34. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Keep Your Secrets… Secret!
Use an KMS, HSM
• Secrets, Keys, Certificates
Prefer Native Ones
• Unless you’re going MultiCloud
• or hybrid
• or regulations
Live Applications
CI/CD
Live Systems
• TDE, SSL Certs, Encryption at Rest, …
35. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Container Image Scan
36. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Prevent K8S Misconfigurations From Reaching
Production
Manual code review is time-consuming and
error-prone
Automate:
• Schema Validation
• Best Practices Validation
• Policy Enforcement
37. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
Summary
38. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
• Security is not just for security people
• Security everywhere, at every time
• Apply DevSecOps to People, Processes, and Products
• Choose tools that people would want to use
• It is just DevOps… make it so
Recap
39. Click to edit Master title style
• Click to edit Master text styles
– Second level
• Third level
– Fourth level
» Fifth level
youtube.com/CoderDave
@DavideBenvegnu
github.com/n3wt0n
linkedin.com/in/davidebenvegnu
davide.ph
📷