OWASP Nagpur, profile picture
Uploaded byOWASP Nagpur
PPTX, PDF169 views

DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

This document introduces DevSecOps, which aims to integrate security practices into DevOps workflows. It discusses how traditional security controls from specialists are not scalable for rapid DevOps development cycles. DevSecOps emphasizes building security into the development process from the start rather than adding it later. Engineering teams take ownership of how their applications perform securely in production. The DevSecOps manifesto focuses on principles like building security in, relying on empowered teams, implementing features securely through continuous learning and culture change rather than policy enforcement.

Software
Related topics:
Application Security

Embed presentation

Downloaded 10 times
Introduction to DevSecOps Tushar Joshi Senior Architect @ Persistent Systems 12 May 2019 @ OWASP Nagpur Meetup
Need for DevSecOps • Full StackOverflow Development • DevOps accelerate the speed of development • Security controls from Security Specialists non-scalable • Security must be primary concern of development team
What is DevOps • A new role? • Partnership/communication/empathy between Dev and Ops • CI/CD Tools? • Automation? • Self Service? • Techniques like feature flags or traffic shaping? • Move fast and break things? • Culture change( systems thinking, continuous improvements?)
DevOps IS • Empowered engineering teams • Taking ownership of how the product/application • Performs in Production
Mature DevOps Practices • Develop in TRUNK • No long lived branches • Short branches – code review, release changes, security scanning • Dead end release branch OK • Feature behind flags, toggles, traffic shaping • Automated validation, automated push to prod
What is Dev[Sec]Ops • Thinking of security as a primary concern • Empowered engineering teams • Taking ownership of how their product/application • Performs in production [including security]
Dev[Sec]Ops Manifesto • Build security in • more than bolt it on • Rely on empowered engineering teams • more than security specialists • Implement features securely • more than security features • Rely on continuous learning • more than end-of-phase gates • Build on culture change • more than policy enforcement
DevSecOps Tool Landscape
Thank You! There are no silly questions!
References • https://www.youtube.com/watch?v=BA9DqsgfgRQ • https://linkedIn.com/in/LarryMaccherone • https://www.devsecopsdays.com/articles/devsecops-securing- software-in-a-devops-world • https://christianheilmann.com/2015/07/17/the-full-stackoverflow- developer/ • https://snyk.io/opensourcesecurity-2019/ • https://prezi.com/view/zhn9TQFjQexTQqQk5jwT/ • https://www.devsecopsdays.com/articles/trust-algorithm-applied-to- devsecops

More Related Content

PPTX
DevOps
byRavneetArora
 
PPTX
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
byJorge Hidalgo
 
PPTX
Continuous integration
byAbhay Kumar
 
PPTX
DevOps Introduction
byJagatveer Singh
 
PPTX
DevOps Overview
byOmri Spector
 
PDF
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
byVimal Suba
 
PPTX
DevOps
byAbhay Kumar
 
PPTX
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
bySolidify
 
DevOps
byRavneetArora
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
byJorge Hidalgo
 
Continuous integration
byAbhay Kumar
 
DevOps Introduction
byJagatveer Singh
 
DevOps Overview
byOmri Spector
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
byVimal Suba
 
DevOps
byAbhay Kumar
 
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
bySolidify
 

What's hot

PPTX
DevOps Workshop, DevOps for DoD Professionals
byTonex
 
PPTX
DevOps
byGehad Elsayed
 
PDF
Continuous Testing - What QA means for DevOps
bySeaLights
 
PDF
Super Charge your Product Development via the Use of DevOps
bySpyros Lambrinidis
 
PDF
Devops Intro - Devops for Unicorns & DevOps for Horses
byBoonNam Goh
 
PPTX
DevOps introduction
byChristian F. Nissen
 
PDF
DevOps
byHakan Yüksel
 
ODP
DevOps presentation
byAxsh Co. LTD
 
PPTX
CI/CD Best Practices for Your DevOps Journey
byDevOps.com
 
PDF
Achieving DevOps using Open Source Tools in the Enterprise
byCollabNet
 
PPTX
Deploying more technology to shift from agility to anti-fragility
bySpyros Lambrinidis
 
PPTX
BASTA! 2017 - DevOps by examples
byGiulio Vian
 
PDF
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
byKapil Mohan
 
PDF
Devops Recto-Verso @ DevoxxMA
byArnaud Héritier
 
PPTX
Implementing DevOps In Practice
byZoltán Németh
 
PPTX
Very first introduction to DevOps
byHien Nguyen
 
PPTX
The Coming Earthquake in IIS and SQL Configuration Management
byJules Pierre-Louis
 
PPTX
The Human Side of DevSecOps
byJules Pierre-Louis
 
PPTX
Infragistics uses DevOps to increase customer engagment
byChris Riley ☁
 
PPT
An Overview Of Silverlight 2
byClint Edmonson
 
DevOps Workshop, DevOps for DoD Professionals
byTonex
 
DevOps
byGehad Elsayed
 
Continuous Testing - What QA means for DevOps
bySeaLights
 
Super Charge your Product Development via the Use of DevOps
bySpyros Lambrinidis
 
Devops Intro - Devops for Unicorns & DevOps for Horses
byBoonNam Goh
 
DevOps introduction
byChristian F. Nissen
 
DevOps
byHakan Yüksel
 
DevOps presentation
byAxsh Co. LTD
 
CI/CD Best Practices for Your DevOps Journey
byDevOps.com
 
Achieving DevOps using Open Source Tools in the Enterprise
byCollabNet
 
Deploying more technology to shift from agility to anti-fragility
bySpyros Lambrinidis
 
BASTA! 2017 - DevOps by examples
byGiulio Vian
 
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
byKapil Mohan
 
Devops Recto-Verso @ DevoxxMA
byArnaud Héritier
 
Implementing DevOps In Practice
byZoltán Németh
 
Very first introduction to DevOps
byHien Nguyen
 
The Coming Earthquake in IIS and SQL Configuration Management
byJules Pierre-Louis
 
The Human Side of DevSecOps
byJules Pierre-Louis
 
Infragistics uses DevOps to increase customer engagment
byChris Riley ☁
 
An Overview Of Silverlight 2
byClint Edmonson
 

Similar to DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
PPTX
DevSecOps presentation explaining what is devsecops
byamalsalah25
 
PDF
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
PPTX
What is devsecops and how it works and best practices
byamalsalah25
 
PPTX
Devsec ops
byVipinYadav257
 
PPTX
DevSecOps: Integrating Security Into Your SDLC
byDev Software
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
PPTX
What is devsecops and what is the characteristics of it
byamalsalah25
 
PPTX
DevSecOps with Microsoft Tech
byDarin Morris
 
PPTX
Introduction to DevSecOps
byabhimanyubhogwan
 
PPTX
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
 
PDF
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
PPTX
Secure DevOPS Implementation Guidance
byTej Luthra
 
PPTX
Introduction to DevSecOps OWASP Ahmedabad
bykunwaratul hax0r
 
PDF
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
PDF
Scale security for a dollar or less
byMohammed A. Imran
 
PDF
DevSecOps Implement Making Security Central to Your DevOps Pipeline
byEnov8
 
PPTX
DevSecOps: The Future of Secure Software Development
byDev Software
 
PPTX
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
byDevSecCon
 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
DevSecOps presentation explaining what is devsecops
byamalsalah25
 
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
 
What is devsecops and how it works and best practices
byamalsalah25
 
Devsec ops
byVipinYadav257
 
DevSecOps: Integrating Security Into Your SDLC
byDev Software
 
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
What is devsecops and what is the characteristics of it
byamalsalah25
 
DevSecOps with Microsoft Tech
byDarin Morris
 
Introduction to DevSecOps
byabhimanyubhogwan
 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
 
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
Secure DevOPS Implementation Guidance
byTej Luthra
 
Introduction to DevSecOps OWASP Ahmedabad
bykunwaratul hax0r
 
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
Scale security for a dollar or less
byMohammed A. Imran
 
DevSecOps Implement Making Security Central to Your DevOps Pipeline
byEnov8
 
DevSecOps: The Future of Secure Software Development
byDev Software
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
byDevSecCon
 

More from OWASP Nagpur

PDF
Fortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
byOWASP Nagpur
 
PPTX
SSRF For Bug Bounties
byOWASP Nagpur
 
PPTX
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
byOWASP Nagpur
 
PPTX
OWASP Nagpur Meet #4
byOWASP Nagpur
 
PPTX
OWASP Nagpur Meet #3 Android RE
byOWASP Nagpur
 
PPTX
Open Source Everything
byOWASP Nagpur
 
PPTX
OWASP Nagpur Meet #3 RF Hacking 101
byOWASP Nagpur
 
Fortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
byOWASP Nagpur
 
SSRF For Bug Bounties
byOWASP Nagpur
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
byOWASP Nagpur
 
OWASP Nagpur Meet #4
byOWASP Nagpur
 
OWASP Nagpur Meet #3 Android RE
byOWASP Nagpur
 
Open Source Everything
byOWASP Nagpur
 
OWASP Nagpur Meet #3 RF Hacking 101
byOWASP Nagpur
 

Recently uploaded

PPTX
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
PDF
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
PDF
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
PPTX
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
PDF
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
PDF
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
PDF
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
PDF
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
PDF
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PDF
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
PDF
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PPTX
GDS Integration Solution | GDS Integration Service
byyugababu033
 
PDF
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
PDF
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
PDF
KoderXpert – Odoo, Web & AI Solutions for Growing Businesses
byDhvanil Trivedi
 
PPTX
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
application security presentation 2 by harman
byharmanideapad
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
Transforming Compliance Through Policy & Procedure Management
byInsurance Tech Services
 
Week 7 Introduction to HTML PowerPoint Notes.pptx
bylesandawelgens
 
Imed Eddine Bouchoucha | computer engineer | software Architect
byImed Bouchoucha
 
Virtual Study Circles Innovative Ways to Collaborate Online.pdf
byExplain Learning
 
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
Resource-Levelled Critical-Path Analysis Balancing Time, Cost and Constraints
byOrangescrum
 
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
GDS Integration Solution | GDS Integration Service
byyugababu033
 
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
KoderXpert – Odoo, Web & AI Solutions for Growing Businesses
byDhvanil Trivedi
 
1_MIL_Introduction_Influence-of-Media-and-Information-on-Communication (1).pptx
byDeltaDomsMamas1
 

DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

  • 1.
    Introduction to DevSecOps Tushar Joshi SeniorArchitect @ Persistent Systems 12 May 2019 @ OWASP Nagpur Meetup
  • 2.
    Need for DevSecOps •Full StackOverflow Development • DevOps accelerate the speed of development • Security controls from Security Specialists non-scalable • Security must be primary concern of development team
  • 3.
    What is DevOps •A new role? • Partnership/communication/empathy between Dev and Ops • CI/CD Tools? • Automation? • Self Service? • Techniques like feature flags or traffic shaping? • Move fast and break things? • Culture change( systems thinking, continuous improvements?)
  • 4.
    DevOps IS • Empoweredengineering teams • Taking ownership of how the product/application • Performs in Production
  • 5.
    Mature DevOps Practices •Develop in TRUNK • No long lived branches • Short branches – code review, release changes, security scanning • Dead end release branch OK • Feature behind flags, toggles, traffic shaping • Automated validation, automated push to prod
  • 6.
    What is Dev[Sec]Ops •Thinking of security as a primary concern • Empowered engineering teams • Taking ownership of how their product/application • Performs in production [including security]
  • 7.
    Dev[Sec]Ops Manifesto • Buildsecurity in • more than bolt it on • Rely on empowered engineering teams • more than security specialists • Implement features securely • more than security features • Rely on continuous learning • more than end-of-phase gates • Build on culture change • more than policy enforcement
  • 8.
  • 9.
    Thank You! There areno silly questions!
  • 10.
    References • https://www.youtube.com/watch?v=BA9DqsgfgRQ • https://linkedIn.com/in/LarryMaccherone •https://www.devsecopsdays.com/articles/devsecops-securing- software-in-a-devops-world • https://christianheilmann.com/2015/07/17/the-full-stackoverflow- developer/ • https://snyk.io/opensourcesecurity-2019/ • https://prezi.com/view/zhn9TQFjQexTQqQk5jwT/ • https://www.devsecopsdays.com/articles/trust-algorithm-applied-to- devsecops