Uploaded bypoonawala2303
PPTX, PDF173 views

DevSecOps Powerpoint Presentation for Students

The document discusses DevSecOps, which integrates security practices into the DevOps process to enhance software security while maintaining efficient delivery. It presents a case study of XYZ Inc., illustrating the challenges faced due to security vulnerabilities, and the benefits realized through the implementation of DevSecOps practices, including improved collaboration and automation. Additionally, the document outlines tools and tutorials for effectively implementing DevSecOps in development processes.

Educationโ—ฆ

Embed presentation

Download to read offline
Devsecops development, security, and operations 16010421083 - Mustafa Poonawala 16010421084 - Sharandee
TABLE OF CONTENTS 01 02 03 08 DevSecOps Case Study Breakdown/ Tools Analysis 07 Challenges and pitfalls 06 Tutorial 05 Overview
DevSecOps is a subset of DevOps that focuses on integrating security practices into the development and operations process, ensuring that software is not only delivered quickly but also securely. DevOps VS Devsecops DevOps is a methodology that aims to improve collaboration and communication between development and operations teams, leading to faster and more efficient software delivery.
Due to lack of collaboration between the development, security, and operations teams. lack of integration resulted in a high number of security vulnerabilities in the applications significant amount of money was spent on fixing security vulnerabilities and responding to cyber attacks Case Study Slow development process Security vulnerabilities High costs XYZ Inc. is a software development company that specializes in creating custom applications for businesses in the finance industry. The company has been in operation for over 10 years and has a team of 30 developers, 5 security experts, and 10 operations specialists. Challenges they faced were,
To overcome these challenges, XYZ Inc. decided to implement DevSecOps practices in their development process. Continuous monitoring of their applications and infrastructure to reduce impact of cyberattacks and vulnerabilities Continuous monitoring Security considerations and reduced the risk of vulnerabilities Collaboration and integration This reduced the time and effort required for manual tasks, such as code reviews and testing Automation
The collaboration and integration between the development, security, and operations teams reduced the time required for the development process. The integration of security considerations into the development process reduced the number of vulnerabilities in the applications. Faster development Improved security The Implementation of DevSecOps Practices resulted in
BreakDown of the Tools Static application security testing (SAST). 02 Software composition analysis (SCA). 03 Interactive application security testing (IAST). 04 Dynamic application security testing (DAST) 01
Static application security testing (SAST). 01 SAST tools scan proprietary or custom code for coding errors and design flaws that could lead to exploitable weaknesses. SAST tools, such as Coverityยฎ, are used primarily during the code, build, and development phases of the SDLC.
Software composition analysis (SCA). 02 SCA tools such as Black Duckยฎ scan source code and binaries to identify known vulnerabilities in open-source and third-party components. In addition, they can be integrated seamlessly into a CI/CD process to continuously detect new open-source vulnerabilities, from build integration to preproduction release
Interactive application security testing (IAST). 03 IAST tools work in the background during manual or automated functional tests to analyze web application runtime behavior. For example, the Seekerยฎ IAST tool uses instrumentation to observe application requests/responses. This enables developers to focus their time and effort on critical vulnerabilities.
Dynamic application security testing (DAST) 04 DAST is an automated opaque box testing technology that mimics how a hacker would interact with your web application or API. It tests applications over a network connection and by examining the client-side rendering of the application
Tools OVERVIEW Automation tools โ€ขJenkins โ€ขBamboo โ€ขAnsible โ€ขPuppet Security testing tools Monitoring Solution โ— Burp Suite โ— Nessus โ— WebInspet โ— Checkmarx โ—New Relic โ—Datadog โ—Zabbix โ—Nagios
Tutotrial On Implementation of DevSecOps 01 Identify the current development processes and tools in use, and assess their security capabilities.
Tutotrial On Implementation of DevSecOps 02 Engage with the development team to understand their needs and concerns regarding security. 03 Develop a security strategy that aligns with the development processes and tools, and integrates security controls at every stage of the development lifecycle. 04 Implement automated security testing tools, such as static analysis, dynamic analysis, and penetration testing, to identify and remediate security vulnerabilities in the code.
Tutotrial On Implementation of DevSecOps 05 Collaborate with the development team to integrate security testing into the continuous integration/continuous delivery (CI/CD) pipeline, ensuring that security is considered as part of the development process 06 Monitor and assess the effectiveness of the security controls, and provide feedback to the development team to improve security practices and reduce vulnerabilities. 07 Educate and train the development team on best practices for secure coding, and provide guidance on how to incorporate security into the development process.
Tutotrial On Implementation of DevSecOps 08 Regularly review and update the security strategy to ensure it remains aligned with the changing needs of the development environment. 09 Collaborate with security experts and other stakeholders to ensure that the security controls are effective and aligned with industry standards and best practices. 10 Continuously monitor the development environment for security incidents and vulnerabilities, and respond to them quickly and effectively.
A Jenkins end-to-end DevSecOps pipeline
Future of DevSecOps:
Because companies these days are trying to shift towards the continious integratiuon / monitering, collaboration and automation and for that purpose the Devsecop Engineers are in very high demand throughout the world especially in USA Avg PayScale of DevSecOps in USA DID YOU KNOW...? $119k-$160k $115k- $171k $90k-$100k
CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. THANKS! Do you have any questions?

More Related Content

PPTX
DEVSECOPS.pptx
byMohammadSaif904342
ย 
PPTX
Introduction to DevSecOps
byabhimanyubhogwan
ย 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
ย 
PPTX
Devsec ops
byVipinYadav257
ย 
PDF
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
ย 
PDF
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
ย 
PDF
Devsecops โ€“ Aerin IT Services
byAerin IT Services
ย 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
ย 
DEVSECOPS.pptx
byMohammadSaif904342
ย 
Introduction to DevSecOps
byabhimanyubhogwan
ย 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
ย 
Devsec ops
byVipinYadav257
ย 
DevSecOps Automation for Product Security
byITTSTAR Consulting, LLC.
ย 
From DevOps to DevSecOps: Evolution of Secure Software Development
byScalaCode
ย 
Devsecops โ€“ Aerin IT Services
byAerin IT Services
ย 
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
ย 

Similar to DevSecOps Powerpoint Presentation for Students

PDF
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
bymohitd6
ย 
PPTX
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
ย 
PDF
How To Implement DevSecOps In Your Existing DevOps Workflow
byEnov8
ย 
PDF
The State of DevSecOps
byDevOps Indonesia
ย 
PPTX
State of DevSecOps - DevOpsDays Jakarta 2019
byStefan Streichsbier
ย 
PPTX
State of DevSecOps - DevSecOpsDays 2019
byStefan Streichsbier
ย 
PDF
Security at the Speed of Software Development
byDevOps.com
ย 
PDF
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
ย 
PDF
The Continuous DevSecOps Lifecycle: Security at Every Step
byStreling next pvt ltd
ย 
PPTX
State of DevSecOps - GTACS 2019
byStefan Streichsbier
ย 
PDF
DevOps and Devsecops What are the Differences.pdf
byTechugo
ย 
PPTX
The DevSecOps Advantage: A Comprehensive Guide
byDev Software
ย 
PDF
DevSecOps 101
byNarudom Roongsiriwong, CISSP
ย 
PPTX
Introduction to DevSecOps OWASP Ahmedabad
bykunwaratul hax0r
ย 
PDF
DevOps and Devsecops.pdf
byTechugo
ย 
PDF
August 2018: DevSecOps - London Gathering
byMichael Man
ย 
PDF
๐“๐จ๐ฉ ๐Ÿ๐ŸŽ ๐ƒ๐ž๐ฏ๐’๐ž๐œ๐Ž๐ฉ๐ฌ ๐ˆ๐ง๐ญ๐ž๐ซ๐ฏ๐ข๐ž๐ฐ ๐๐ฎ๐ž๐ฌ๐ญ๐ข๐จ๐ง๐ฌ
byInfosecTrain
ย 
PDF
Top 20 DevSecOps Interview Questions.pdf
byinfosec train
ย 
PDF
๐Ÿšจ ๐€๐ซ๐ž ๐˜๐จ๐ฎ ๐‘๐ž๐š๐๐ฒ ๐ญ๐จ ๐€๐œ๐ž ๐˜๐จ๐ฎ๐ซ ๐ƒ๐ž๐ฏ๐’๐ž๐œ๐Ž๐ฉ๐ฌ ๐ˆ๐ง๐ญ๐ž๐ซ๐ฏ๐ข๐ž๐ฐ? ๐Ÿšจ
byMansi Kandari
ย 
PDF
Top 20 DevsecOps Interview Questions.pdf
byinfosecTrain
ย 
Complete DevSecOps handbook_ Key differences, tools, benefits & best practice...
bymohitd6
ย 
DevSecOps Best Practices-Safeguarding Your Digital Landscape
bystevecooper930744
ย 
How To Implement DevSecOps In Your Existing DevOps Workflow
byEnov8
ย 
The State of DevSecOps
byDevOps Indonesia
ย 
State of DevSecOps - DevOpsDays Jakarta 2019
byStefan Streichsbier
ย 
State of DevSecOps - DevSecOpsDays 2019
byStefan Streichsbier
ย 
Security at the Speed of Software Development
byDevOps.com
ย 
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
ย 
The Continuous DevSecOps Lifecycle: Security at Every Step
byStreling next pvt ltd
ย 
State of DevSecOps - GTACS 2019
byStefan Streichsbier
ย 
DevOps and Devsecops What are the Differences.pdf
byTechugo
ย 
The DevSecOps Advantage: A Comprehensive Guide
byDev Software
ย 
DevSecOps 101
byNarudom Roongsiriwong, CISSP
ย 
Introduction to DevSecOps OWASP Ahmedabad
bykunwaratul hax0r
ย 
DevOps and Devsecops.pdf
byTechugo
ย 
August 2018: DevSecOps - London Gathering
byMichael Man
ย 
๐“๐จ๐ฉ ๐Ÿ๐ŸŽ ๐ƒ๐ž๐ฏ๐’๐ž๐œ๐Ž๐ฉ๐ฌ ๐ˆ๐ง๐ญ๐ž๐ซ๐ฏ๐ข๐ž๐ฐ ๐๐ฎ๐ž๐ฌ๐ญ๐ข๐จ๐ง๐ฌ
byInfosecTrain
ย 
Top 20 DevSecOps Interview Questions.pdf
byinfosec train
ย 
๐Ÿšจ ๐€๐ซ๐ž ๐˜๐จ๐ฎ ๐‘๐ž๐š๐๐ฒ ๐ญ๐จ ๐€๐œ๐ž ๐˜๐จ๐ฎ๐ซ ๐ƒ๐ž๐ฏ๐’๐ž๐œ๐Ž๐ฉ๐ฌ ๐ˆ๐ง๐ญ๐ž๐ซ๐ฏ๐ข๐ž๐ฐ? ๐Ÿšจ
byMansi Kandari
ย 
Top 20 DevsecOps Interview Questions.pdf
byinfosecTrain
ย 

Recently uploaded

PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
ย 
PDF
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
ย 
PDF
A Study of W. H. Audenโ€™s September 1, 1939
bypriyarathod315
ย 
PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
ย 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
ย 
PDF
3-ACES-Hyderabad-Vs-Municipal-Corporation-Hyderabad-on-2-Sep-1994.pdf
byssuser9d8e4e
ย 
PPTX
Return For Exchange in Odoo 18 Inventory
byCeline George
ย 
PDF
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
ย 
PPTX
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
ย 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
ย 
PPTX
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
ย 
PDF
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
ย 
PDF
The Sheep and the Goat: Beckettโ€™s Subversion of Divine Justice in Waiting for...
bysejadchokiya
ย 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
ย 
PDF
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
ย 
PPTX
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
ย 
PDF
BP502T Industrial Pharmacy I (Theory) UNITโ€“ I (Part 1)
byRushi Mandali
ย 
PPTX
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
ย 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
ย 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
ย 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
ย 
BP809ET COSMETIC SCIENCE (Theory) Unit 1
byRushi Mandali
ย 
A Study of W. H. Audenโ€™s September 1, 1939
bypriyarathod315
ย 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
ย 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
ย 
3-ACES-Hyderabad-Vs-Municipal-Corporation-Hyderabad-on-2-Sep-1994.pdf
byssuser9d8e4e
ย 
Return For Exchange in Odoo 18 Inventory
byCeline George
ย 
Four Stars Of Destiny By General Manoj Mukund Naravane
byAman744562
ย 
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
ย 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
ย 
PRE TERM LABOR ( PREMATURE LABOUR IN PREGNANCY)
byMuthu Kumar
ย 
Intellectual Property Rights III Types (IPR)
byAmit Gangwal
ย 
The Sheep and the Goat: Beckettโ€™s Subversion of Divine Justice in Waiting for...
bysejadchokiya
ย 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
ย 
BP801T BIOSTATISITCS AND RESEARCH METHODOLOGY (Theory) Unit 2 Part 1
byRushi Mandali
ย 
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
ย 
BP502T Industrial Pharmacy I (Theory) UNITโ€“ I (Part 1)
byRushi Mandali
ย 
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
ย 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
ย 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
ย 

DevSecOps Powerpoint Presentation for Students

  • 1.
    Devsecops development, security, andoperations 16010421083 - Mustafa Poonawala 16010421084 - Sharandee
  • 2.
    TABLE OF CONTENTS 01 02 0308 DevSecOps Case Study Breakdown/ Tools Analysis 07 Challenges and pitfalls 06 Tutorial 05 Overview
  • 3.
    DevSecOps is asubset of DevOps that focuses on integrating security practices into the development and operations process, ensuring that software is not only delivered quickly but also securely. DevOps VS Devsecops DevOps is a methodology that aims to improve collaboration and communication between development and operations teams, leading to faster and more efficient software delivery.
  • 4.
    Due to lackof collaboration between the development, security, and operations teams. lack of integration resulted in a high number of security vulnerabilities in the applications significant amount of money was spent on fixing security vulnerabilities and responding to cyber attacks Case Study Slow development process Security vulnerabilities High costs XYZ Inc. is a software development company that specializes in creating custom applications for businesses in the finance industry. The company has been in operation for over 10 years and has a team of 30 developers, 5 security experts, and 10 operations specialists. Challenges they faced were,
  • 5.
    To overcome these challenges,XYZ Inc. decided to implement DevSecOps practices in their development process. Continuous monitoring of their applications and infrastructure to reduce impact of cyberattacks and vulnerabilities Continuous monitoring Security considerations and reduced the risk of vulnerabilities Collaboration and integration This reduced the time and effort required for manual tasks, such as code reviews and testing Automation
  • 6.
    The collaboration and integrationbetween the development, security, and operations teams reduced the time required for the development process. The integration of security considerations into the development process reduced the number of vulnerabilities in the applications. Faster development Improved security The Implementation of DevSecOps Practices resulted in
  • 7.
    BreakDown of theTools Static application security testing (SAST). 02 Software composition analysis (SCA). 03 Interactive application security testing (IAST). 04 Dynamic application security testing (DAST) 01
  • 8.
    Static application securitytesting (SAST). 01 SAST tools scan proprietary or custom code for coding errors and design flaws that could lead to exploitable weaknesses. SAST tools, such as Coverityยฎ, are used primarily during the code, build, and development phases of the SDLC.
  • 9.
    Software composition analysis(SCA). 02 SCA tools such as Black Duckยฎ scan source code and binaries to identify known vulnerabilities in open-source and third-party components. In addition, they can be integrated seamlessly into a CI/CD process to continuously detect new open-source vulnerabilities, from build integration to preproduction release
  • 10.
    Interactive application security testing(IAST). 03 IAST tools work in the background during manual or automated functional tests to analyze web application runtime behavior. For example, the Seekerยฎ IAST tool uses instrumentation to observe application requests/responses. This enables developers to focus their time and effort on critical vulnerabilities.
  • 11.
    Dynamic application securitytesting (DAST) 04 DAST is an automated opaque box testing technology that mimics how a hacker would interact with your web application or API. It tests applications over a network connection and by examining the client-side rendering of the application
  • 12.
    Tools OVERVIEW Automation tools โ€ขJenkins โ€ขBamboo โ€ขAnsible โ€ขPuppet Securitytesting tools Monitoring Solution โ— Burp Suite โ— Nessus โ— WebInspet โ— Checkmarx โ—New Relic โ—Datadog โ—Zabbix โ—Nagios
  • 13.
    Tutotrial On Implementationof DevSecOps 01 Identify the current development processes and tools in use, and assess their security capabilities.
  • 14.
    Tutotrial On Implementationof DevSecOps 02 Engage with the development team to understand their needs and concerns regarding security. 03 Develop a security strategy that aligns with the development processes and tools, and integrates security controls at every stage of the development lifecycle. 04 Implement automated security testing tools, such as static analysis, dynamic analysis, and penetration testing, to identify and remediate security vulnerabilities in the code.
  • 15.
    Tutotrial On Implementationof DevSecOps 05 Collaborate with the development team to integrate security testing into the continuous integration/continuous delivery (CI/CD) pipeline, ensuring that security is considered as part of the development process 06 Monitor and assess the effectiveness of the security controls, and provide feedback to the development team to improve security practices and reduce vulnerabilities. 07 Educate and train the development team on best practices for secure coding, and provide guidance on how to incorporate security into the development process.
  • 16.
    Tutotrial On Implementationof DevSecOps 08 Regularly review and update the security strategy to ensure it remains aligned with the changing needs of the development environment. 09 Collaborate with security experts and other stakeholders to ensure that the security controls are effective and aligned with industry standards and best practices. 10 Continuously monitor the development environment for security incidents and vulnerabilities, and respond to them quickly and effectively.
  • 17.
    A Jenkins end-to-endDevSecOps pipeline
  • 18.
  • 19.
    Because companies thesedays are trying to shift towards the continious integratiuon / monitering, collaboration and automation and for that purpose the Devsecop Engineers are in very high demand throughout the world especially in USA Avg PayScale of DevSecOps in USA DID YOU KNOW...? $119k-$160k $115k- $171k $90k-$100k
  • 20.
    CREDITS: This presentationtemplate was created by Slidesgo, including icons by Flaticon, and infographics & images by Freepik. THANKS! Do you have any questions?