SlideShare a Scribd company logo

DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

Download as PPTX, PDF
OWASP Nagpur
OWASP Nagpur

This document introduces DevSecOps, which aims to integrate security practices into DevOps workflows. It discusses how traditional security controls from specialists are not scalable for rapid DevOps development cycles. DevSecOps emphasizes building security into the development process from the start rather than adding it later. Engineering teams take ownership of how their applications perform securely in production. The DevSecOps manifesto focuses on principles like building security in, relying on empowered teams, implementing features securely through continuous learning and culture change rather than policy enforcement.

Software
1 of 10
Introduction to DevSecOps Tushar Joshi Senior Architect @ Persistent Systems 12 May 2019 @ OWASP Nagpur Meetup
Need for DevSecOps • Full StackOverflow Development • DevOps accelerate the speed of development • Security controls from Security Specialists non-scalable • Security must be primary concern of development team
What is DevOps • A new role? • Partnership/communication/empathy between Dev and Ops • CI/CD Tools? • Automation? • Self Service? • Techniques like feature flags or traffic shaping? • Move fast and break things? • Culture change( systems thinking, continuous improvements?)
DevOps IS • Empowered engineering teams • Taking ownership of how the product/application • Performs in Production
Mature DevOps Practices • Develop in TRUNK • No long lived branches • Short branches – code review, release changes, security scanning • Dead end release branch OK • Feature behind flags, toggles, traffic shaping • Automated validation, automated push to prod
What is Dev[Sec]Ops • Thinking of security as a primary concern • Empowered engineering teams • Taking ownership of how their product/application • Performs in production [including security]
Dev[Sec]Ops Manifesto • Build security in • more than bolt it on • Rely on empowered engineering teams • more than security specialists • Implement features securely • more than security features • Rely on continuous learning • more than end-of-phase gates • Build on culture change • more than policy enforcement
DevSecOps Tool Landscape
Thank You! There are no silly questions!
References • https://www.youtube.com/watch?v=BA9DqsgfgRQ • https://linkedIn.com/in/LarryMaccherone • https://www.devsecopsdays.com/articles/devsecops-securing- software-in-a-devops-world • https://christianheilmann.com/2015/07/17/the-full-stackoverflow- developer/ • https://snyk.io/opensourcesecurity-2019/ • https://prezi.com/view/zhn9TQFjQexTQqQk5jwT/ • https://www.devsecopsdays.com/articles/trust-algorithm-applied-to- devsecops

Recommended

DevOps
DevOpsDevOps
DevOps
RavneetArora
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
Jorge Hidalgo
 
DevOps
DevOpsDevOps
DevOps
Abhay Kumar
 
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTSDevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
Solidify
 
Continuous integration
Continuous integrationContinuous integration
Continuous integration
Abhay Kumar
 
DevOps Overview
DevOps OverviewDevOps Overview
DevOps Overview
Omri Spector
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps Introduction
Jagatveer Singh
 

Recommended

DevOps
DevOpsDevOps
DevOps
RavneetArora
 
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
OpenSouthCode 2016 - Accenture DevOps Platform 2016-05-07
Jorge Hidalgo
 
DevOps
DevOpsDevOps
DevOps
Abhay Kumar
 
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTSDevOps and Continuous Delivery with Visual Studio 2015 and VSTS
DevOps and Continuous Delivery with Visual Studio 2015 and VSTS
Solidify
 
Continuous integration
Continuous integrationContinuous integration
Continuous integration
Abhay Kumar
 
DevOps Overview
DevOps OverviewDevOps Overview
DevOps Overview
Omri Spector
 
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Cloud and Network Transformation using DevOps methodology : Cisco Live 2015
Vimal Suba
 
DevOps Introduction
DevOps IntroductionDevOps Introduction
DevOps Introduction
Jagatveer Singh
 
DevOps presentation
DevOps presentationDevOps presentation
DevOps presentation
Axsh Co. LTD
 
DevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsDevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD Professionals
Tonex
 
DevOps
DevOps DevOps
DevOps
Hakan Yüksel
 
Devops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMADevops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMA
Arnaud Héritier
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps Journey
DevOps.com
 
An Overview Of Silverlight 2
An Overview Of Silverlight 2An Overview Of Silverlight 2
An Overview Of Silverlight 2
Clint Edmonson
 
Implementing DevOps In Practice
Implementing DevOps In PracticeImplementing DevOps In Practice
Implementing DevOps In Practice
Zoltán Németh
 
Super Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOpsSuper Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOps
Spyros Lambrinidis
 
Deploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilityDeploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragility
Spyros Lambrinidis
 
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Kapil Mohan
 
Devops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for HorsesDevops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for Horses
BoonNam Goh
 
Achieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the EnterpriseAchieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the Enterprise
CollabNet
 
BASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examplesBASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examples
Giulio Vian
 
Infragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagmentInfragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagment
Chris Riley ☁
 
The Human Side of DevSecOps
The Human Side of DevSecOpsThe Human Side of DevSecOps
The Human Side of DevSecOps
Jules Pierre-Louis
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
Christian F. Nissen
 
DevOps
DevOpsDevOps
DevOps
Gehad Elsayed
 
Very first introduction to DevOps
Very first introduction to DevOps Very first introduction to DevOps
Very first introduction to DevOps
Hien Nguyen
 
The Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration ManagementThe Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration Management
Jules Pierre-Louis
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOps
SeaLights
 
Testing in DevOps world
Testing in DevOps worldTesting in DevOps world
Testing in DevOps world
Moataz Nabil
 
Dev ops concept
Dev ops conceptDev ops concept
Dev ops concept
Professional Guru
 

More Related Content

What's hot

DevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsDevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD Professionals
Tonex
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps Journey
DevOps.com
 
An Overview Of Silverlight 2
An Overview Of Silverlight 2An Overview Of Silverlight 2
An Overview Of Silverlight 2
Clint Edmonson
 

What's hot (20)

DevOps presentation
DevOps presentationDevOps presentation
DevOps presentation
 
DevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD ProfessionalsDevOps Workshop, DevOps for DoD Professionals
DevOps Workshop, DevOps for DoD Professionals
 
DevOps
DevOps DevOps
DevOps
 
Devops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMADevops Recto-Verso @ DevoxxMA
Devops Recto-Verso @ DevoxxMA
 
CI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps JourneyCI/CD Best Practices for Your DevOps Journey
CI/CD Best Practices for Your DevOps Journey
 
An Overview Of Silverlight 2
An Overview Of Silverlight 2An Overview Of Silverlight 2
An Overview Of Silverlight 2
 
Implementing DevOps In Practice
Implementing DevOps In PracticeImplementing DevOps In Practice
Implementing DevOps In Practice
 
Super Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOpsSuper Charge your Product Development via the Use of DevOps
Super Charge your Product Development via the Use of DevOps
 
Deploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragilityDeploying more technology to shift from agility to anti-fragility
Deploying more technology to shift from agility to anti-fragility
 
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011Devops at SlideShare: Talk at Devopsdays Bangalore 2011
Devops at SlideShare: Talk at Devopsdays Bangalore 2011
 
Devops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for HorsesDevops Intro - Devops for Unicorns & DevOps for Horses
Devops Intro - Devops for Unicorns & DevOps for Horses
 
Achieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the EnterpriseAchieving DevOps using Open Source Tools in the Enterprise
Achieving DevOps using Open Source Tools in the Enterprise
 
BASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examplesBASTA! 2017 - DevOps by examples
BASTA! 2017 - DevOps by examples
 
Infragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagmentInfragistics uses DevOps to increase customer engagment
Infragistics uses DevOps to increase customer engagment
 
The Human Side of DevSecOps
The Human Side of DevSecOpsThe Human Side of DevSecOps
The Human Side of DevSecOps
 
DevOps introduction
DevOps introductionDevOps introduction
DevOps introduction
 
DevOps
DevOpsDevOps
DevOps
 
Very first introduction to DevOps
Very first introduction to DevOps Very first introduction to DevOps
Very first introduction to DevOps
 
The Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration ManagementThe Coming Earthquake in IIS and SQL Configuration Management
The Coming Earthquake in IIS and SQL Configuration Management
 
Continuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOpsContinuous Testing - What QA means for DevOps
Continuous Testing - What QA means for DevOps
 

Similar to DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
DevOps, from inception to conclusion
DevOps, from inception to conclusionDevOps, from inception to conclusion
DevOps, from inception to conclusion
Abhishek Gaurav
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
Cprime
 
Portfolio
PortfolioPortfolio
Portfolio
Shrey Sangal
 

Similar to DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019 (20)

Testing in DevOps world
Testing in DevOps worldTesting in DevOps world
Testing in DevOps world
 
Dev ops concept
Dev ops conceptDev ops concept
Dev ops concept
 
Dev ops
Dev opsDev ops
Dev ops
 
Continuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and WhatContinuous Security / DevSecOps- Why How and What
Continuous Security / DevSecOps- Why How and What
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
 
DevOps, from inception to conclusion
DevOps, from inception to conclusionDevOps, from inception to conclusion
DevOps, from inception to conclusion
 
Introduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP AhmedabadIntroduction to DevSecOps OWASP Ahmedabad
Introduction to DevSecOps OWASP Ahmedabad
 
Dev ops
Dev opsDev ops
Dev ops
 
Best Practices & Tools for DevOps Testing Strategy.pdf
Best Practices & Tools for DevOps Testing Strategy.pdfBest Practices & Tools for DevOps Testing Strategy.pdf
Best Practices & Tools for DevOps Testing Strategy.pdf
 
Dg-DevOps_seminar.pptx
Dg-DevOps_seminar.pptxDg-DevOps_seminar.pptx
Dg-DevOps_seminar.pptx
 
The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?The Unlikely Couple, DevOps and Security. Can it work?
The Unlikely Couple, DevOps and Security. Can it work?
 
Introduction to DevOps
Introduction to DevOpsIntroduction to DevOps
Introduction to DevOps
 
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
 
DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!DevOps Dilemma - Make Dev work with Ops!
DevOps Dilemma - Make Dev work with Ops!
 
The Road to DevOps V3
The Road to DevOps V3The Road to DevOps V3
The Road to DevOps V3
 
Portfolio
PortfolioPortfolio
Portfolio
 
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptxGCP DevOps Training | GCP DevOps Online Training 16-10.pptx
GCP DevOps Training | GCP DevOps Online Training 16-10.pptx
 
DevOps and Tools
DevOps and ToolsDevOps and Tools
DevOps and Tools
 
intro to DevOps
intro to DevOpsintro to DevOps
intro to DevOps
 
DevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software DeliveryDevOps Culture transformation in Modern Software Delivery
DevOps Culture transformation in Modern Software Delivery
 

More from OWASP Nagpur

More from OWASP Nagpur (7)

Fortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
Fortifying Ruby on Rails Web Application Framework Security by Sahil TembhareFortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
Fortifying Ruby on Rails Web Application Framework Security by Sahil Tembhare
 
Open Source Everything
Open Source EverythingOpen Source Everything
Open Source Everything
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
 
OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101
 
OWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android RE
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
 

Recently uploaded

Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
Alluxio, Inc.
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysis
Neo4j
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
Alluxio, Inc.
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 

Recently uploaded (20)

De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Advanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should KnowAdvanced Flow Concepts Every Developer Should Know
Advanced Flow Concepts Every Developer Should Know
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Agnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in KrakówAgnieszka Andrzejewska - BIM School Course in Kraków
Agnieszka Andrzejewska - BIM School Course in Kraków
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?
 
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAGAI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
AI/ML Infra Meetup | Reducing Prefill for LLM Serving in RAG
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
GraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysisGraphAware - Transforming policing with graph-based intelligence analysis
GraphAware - Transforming policing with graph-based intelligence analysis
 
AI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in MichelangeloAI/ML Infra Meetup | ML explainability in Michelangelo
AI/ML Infra Meetup | ML explainability in Michelangelo
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Breaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfBreaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdf
 

DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019

  • 1. Introduction to DevSecOps Tushar Joshi Senior Architect @ Persistent Systems 12 May 2019 @ OWASP Nagpur Meetup
  • 2. Need for DevSecOps • Full StackOverflow Development • DevOps accelerate the speed of development • Security controls from Security Specialists non-scalable • Security must be primary concern of development team
  • 3. What is DevOps • A new role? • Partnership/communication/empathy between Dev and Ops • CI/CD Tools? • Automation? • Self Service? • Techniques like feature flags or traffic shaping? • Move fast and break things? • Culture change( systems thinking, continuous improvements?)
  • 4. DevOps IS • Empowered engineering teams • Taking ownership of how the product/application • Performs in Production
  • 5. Mature DevOps Practices • Develop in TRUNK • No long lived branches • Short branches – code review, release changes, security scanning • Dead end release branch OK • Feature behind flags, toggles, traffic shaping • Automated validation, automated push to prod
  • 6. What is Dev[Sec]Ops • Thinking of security as a primary concern • Empowered engineering teams • Taking ownership of how their product/application • Performs in production [including security]
  • 7. Dev[Sec]Ops Manifesto • Build security in • more than bolt it on • Rely on empowered engineering teams • more than security specialists • Implement features securely • more than security features • Rely on continuous learning • more than end-of-phase gates • Build on culture change • more than policy enforcement
  • 9. Thank You! There are no silly questions!
  • 10. References • https://www.youtube.com/watch?v=BA9DqsgfgRQ • https://linkedIn.com/in/LarryMaccherone • https://www.devsecopsdays.com/articles/devsecops-securing- software-in-a-devops-world • https://christianheilmann.com/2015/07/17/the-full-stackoverflow- developer/ • https://snyk.io/opensourcesecurity-2019/ • https://prezi.com/view/zhn9TQFjQexTQqQk5jwT/ • https://www.devsecopsdays.com/articles/trust-algorithm-applied-to- devsecops