SlideShare a Scribd company logo

DevSecOps - Security in DevOps

Aarno Aukia
Aarno Aukia

Talk held October 5th 2020 at the WeAreDevelopers.com Live week Recording: https://youtu.be/_4rXBsp6K1I?t=7527

Software
1 of 43
Download to read offline
VSHN - The DevOps Company DevSecOps Security in DevOps Aarno Aukia, CTO @ VSHN - The DevOps Company 05.10.2020 WeAreDevelopers Live Week
VSHN - The DevOps Company ● About Aarno & VSHN.ch ● Why? From Dev to DevOps to DevSecOps ● What? DevSecOps principles ● How? Concrete measures ● Who? Customer Example: Finnova AG Bankware ● Because? Resulting IT Governance & security benefits 22 Agenda
VSHN - The DevOps Company @aarnoaukia a@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company @vshn_ch Since 2014, currently 45 VSHNeers in Zürich, Switzerland Helping developers run online businesses without having to worry about operations 33 About Aarno & VSHN.ch
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
VSHN - The DevOps Company Software Project Management Requirements Design Implementation Testing Release Biz
VSHN - The DevOps Company Software Project Management: Dev vs. Ops Requirements Design Implementation Testing Release Ops Biz
VSHN - The DevOps Company 9 OPS = Firefighting-as-a-Service ? 9
VSHN - The DevOps Company Collaboration between software developers and operations: ● Teamwork ● Continuous improvement ● Efficient and lean ● Agile: being able to react to new requirements ● Automate as much as possible (“Infrastructure as code”) 1212 DevOps: People, Processes & Tools
VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor
VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor SECURITY
VSHN - The DevOps Company Software Project Management: DevSecOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor Todo-List Data & Risks Secure Practices Validation traceabilityauditabilityAnomalies Availability
VSHN - The DevOps Company ● Developer education, requirements engineering, design review -> AppSec/DevSec ● Software Build/Deployment/Operations -> DevSecOps ● Incident detection & management -> SecOps 1616 Areas of security improvement
VSHN - The DevOps Company DevSecOps principles 1717
VSHN - The DevOps Company ● static code analysis automatically for each commit (DevSecOps principle 4) ● Dependency Management (DevSecOps principle 5) ● (base) container image scanning (DevSecOps principle 5) 1818 Build
VSHN - The DevOps Company Code analysis: sonarqube 1919
VSHN - The DevOps Company 2020 Dependency updates: https://dependabot.com
VSHN - The DevOps Company Container scanning: aquasec 2121
VSHN - The DevOps Company ● smoke tests (DevSecOps principle 4) ● As many test environments as necessary (DevSecOps principle 4) ● atomic container deployment (DevSecOps principle 6) ● every deployment (and rollback) is a “normal deployment” (DevSecOps principle 6) ● deployment automation removes need for (all) devs root prod access and/or waiting for ops to deploy new dev version (DevSecOps principle 6) 2222 Test & Deployment
VSHN - The DevOps Company ● standardization on (minimal, hardened) OS and container orchestrator ● immutable (application) infrastructure using containers ● process/storage/network separation of applications/environments ● detect/prevent configuration drift between dev/test/stage/prod envs ● documentation & automatic backup of all volumes ● documentation & monitoring of routes/loadbalancers/ingresspoints with enforcing SSL/TLS ● AAI for admin & application ● key & secrets management ● audit logging of control & application planes 2323 Ops (DevSecOps principle 1)
VSHN - The DevOps Company Container isolation 2424 ● Kernel namespacing (process & network) ● Control groups (resource quota to prevent DoS) ● SELinux (additional syscall filter) ● prevent running as root inside container, no user-provided privileged containers (enforce best practice) ● readonly container filesystem (harder to persist exploit at runtime)
VSHN - The DevOps Company ● “Docker” ○ Kernel-based process isolation based on lxc/libcontainer/runc (CNCF open standard) ○ Open Source Tools for container image creation and management (“Docker CE”) ○ Company based in San Francisco (“Docker inc”) ○ Enterprise software product (“Docker EE”) ○ Online portal for public docker containers (“Dockerhub” hub.docker.com) ● “Dockerfile” ○ Text file containing all the instructions to build and assemble the application into a container including application code, appserver, plugins, modules, libraries down to libc ○ Goal: document & automate the build process ○ Usually in the application GIT repository ○ References a base image to incrementally add the application to 3030 Container technology: Docker
VSHN - The DevOps Company ● Use declarative formats for setup automation ● Have a clean, portable contract with the underlying operating system ● Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration; ● Minimize divergence between development and production, enabling continuous deployment for maximum agility; ● And can scale up without significant changes to tooling, architecture, or development practices. 3131 12 Factor App Patterns: https://12factor.net/
VSHN - The DevOps Company From container to production? 3232
VSHN - The DevOps Company ● How many container instances should be running per service? ● On which IP/port/server are they running on? ● Service discovery ● What happens if a container/server goes away? ● scaling, load balancing, rolling deployments, persistent storage, networking 3333 Container orchestration: Kubernetes
VSHN - The DevOps Company Docker Kubernetes 3939 Layers of abstraction Hardware Operating System Service discovery & Load balancing Application Server Application Cloud/Onprem
VSHN - The DevOps Company Zooming in...
VSHN - The DevOps Company ● Logging: EFK ● Metrics: Prometheus ● SSL-Certificates: cert-manager (letsencrypt.org) ● Source-to-image builder, Dockerfile builder, Docker-Image-Registry ● Load-balancing: Ingress, NGINX ● horizontal (auto) scaling, rolling deployments ● Scanning: image scanning (repo & runtime) 4141 Kubernetes Ecosystem
VSHN - The DevOps Company AAI: Keycloak 4242 ● Identity & Access Management ● Single sign in/out ● Identity brokering: ○ OpenID Connect (OAuth2, FB/Twitter/Github etc.) ○ SAML2.0 ○ Kerberos ● User federation: LDAP, AD, etc ● 2FA: TOTP/HOTP ● Managing the Authorization groups
VSHN - The DevOps Company Logs: ELK/EFK/Greylog 4343 ● Logging all access and changes through the control plane ● Logging all access to the application and correlate with application logs ● Index, view, filter, aggregate KPI → monitoring ● Store outside of application scope
VSHN - The DevOps Company ● Prometheus ○ time series database ○ open source / CNCF-project ○ well-integrated in docker/kubernetes stats ● NewRelic APM ○ application-level profiling ○ performance tracking ○ exception tracking (backend & frontend) ○ available as SaaS 4444 Metrics: Prometheus / NewRelic
VSHN - The DevOps Company ● Developer and Operator of Banking Software used by ~100 Banks ● Based in Lenzburg, Switzerland ● Founded 1974 ● ~400 Employees Example: Finnova AG Bankware
Hier steht der Präsentationstitel I 47
VSHN - The DevOps Company 48 Deployment Process & Security DEV (Repository) Files (Pods) Docker Images Container (OpenShift) Betrieb AM Seewen (PRD) GitHub Code Image-Scan (Security & Compliance Policies) » Code Analyse » Image Scanning » Container Hardening Runtime » Network Security » Monitoring » Logging & Reporting » Code Security » Access » Security & Auditing SecurityDeployment
VSHN - The DevOps Company 49 Architecture and Security
VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 5050 Traditional IT governance
VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud ● Ops: Container orchestration platform ● Review design document & platform configuration 5151 Cloud native IT governance
VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 5252 IT governance controls in container platforms
VSHN - The DevOps Company ● compute resources billable by project ● self-service-onboarding possible ● autoscaling, scale-down dev envs outside office hours ● vendor procurement/due diligence/certification management ● SLA, 24x7, service process, escalation management clearly defined 5353 IT governance financial/compliance controlling
VSHN - The DevOps Company DevSecOps principles 5454
VSHN - The DevOps Company ● Please get in touch with feedback ● Twitter: @aarnoaukia ● Linkedin: https://www.linkedin.com/in/aukia/ ● Email: aarno.aukia@vshn.ch 5555 Thank you
Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 56

Recommended

The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN Handbook
Aarno Aukia
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive
LibbySchulze
 
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Red Hat Developers
 
Mastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckMastering Secrets Management in Rundeck
Mastering Secrets Management in Rundeck
Rundeck
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX, Inc.
 
DevSecOps with Confidence
DevSecOps with ConfidenceDevSecOps with Confidence
DevSecOps with Confidence
VMware Tanzu
 

Recommended

The printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN HandbookThe printing press of 2021 - using GitLab to publish the VSHN Handbook
The printing press of 2021 - using GitLab to publish the VSHN Handbook
Aarno Aukia
 
Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?Was ist ein Service Mesh und wie funktioniert es?
Was ist ein Service Mesh und wie funktioniert es?
Cloud Native Rosenheim Meetup
 
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CDGitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
 
Is your kubernetes negative or positive
Is your kubernetes negative or positive Is your kubernetes negative or positive
Is your kubernetes negative or positive
LibbySchulze
 
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Putting The 'M' In MBaaS—Red Hat Mobile Client Development Platform (Jay Balu...
Red Hat Developers
 
Mastering Secrets Management in Rundeck
Mastering Secrets Management in RundeckMastering Secrets Management in Rundeck
Mastering Secrets Management in Rundeck
Rundeck
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX Controller: Configuration, Management, and Troubleshooting at Scale
NGINX, Inc.
 
DevSecOps with Confidence
DevSecOps with ConfidenceDevSecOps with Confidence
DevSecOps with Confidence
VMware Tanzu
 
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorial
Guo Albert
 
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesDeploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
All Things Open
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
Geoffrey Filippi
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4
Tikal Knowledge
 
DevSecOps on Azure
DevSecOps on AzureDevSecOps on Azure
DevSecOps on Azure
Seven Peaks Speaks
 
Webinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformWebinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins Platform
Kiratech
 
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
FalafelSoftware
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuff
nklmish
 
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
MarcelLanz
 
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesTaming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Karl Ots
 
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
Icinga
 
What we do with Go
What we do with GoWhat we do with Go
What we do with Go
MarcelLanz
 
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
Red Hat Developers
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLab
Matan Keidar
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware
Giovanni Coppa
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
Concurrency in Swift
Concurrency in SwiftConcurrency in Swift
Concurrency in Swift
Seven Peaks Speaks
 
OSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndOSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk Bernd
NETWAYS
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 

More Related Content

What's hot

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
AaronLieberman5
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorial
Guo Albert
 
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesDeploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
All Things Open
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
Geoffrey Filippi
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4
Tikal Knowledge
 
DevSecOps on Azure
DevSecOps on AzureDevSecOps on Azure
DevSecOps on Azure
Seven Peaks Speaks
 
Webinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformWebinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins Platform
Kiratech
 
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
FalafelSoftware
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuff
nklmish
 
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
MarcelLanz
 
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesTaming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Karl Ots
 
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
Icinga
 
What we do with Go
What we do with GoWhat we do with Go
What we do with Go
MarcelLanz
 
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
Red Hat Developers
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLab
Matan Keidar
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware
Giovanni Coppa
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
Concurrency in Swift
Concurrency in SwiftConcurrency in Swift
Concurrency in Swift
Seven Peaks Speaks
 
OSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndOSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk Bernd
NETWAYS
 

What's hot (20)

GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
 
Deep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed MicroservicesDeep Visibility: Logging From Distributed Microservices
Deep Visibility: Logging From Distributed Microservices
 
Nig project setup quickly tutorial
Nig project setup quickly tutorialNig project setup quickly tutorial
Nig project setup quickly tutorial
 
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on KubernetesDeploying Anything as a Service (XaaS) Using Operators on Kubernetes
Deploying Anything as a Service (XaaS) Using Operators on Kubernetes
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
 
Tce automation-d4
Tce automation-d4Tce automation-d4
Tce automation-d4
 
DevSecOps on Azure
DevSecOps on AzureDevSecOps on Azure
DevSecOps on Azure
 
Webinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins PlatformWebinar: Introduction to CloudBees Jenkins Platform
Webinar: Introduction to CloudBees Jenkins Platform
 
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
Introducing ASP.NET vNext – The Future of .NET on the Server | FalafelCON 2014
 
Microservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuffMicroservice no fluff, the REAL stuff
Microservice no fluff, the REAL stuff
 
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
eigr.io – a Serverless Runtime on the BEAM (ACM SIGPLAN, ICFP 2021 Erlang Wor...
 
Taming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team ServicesTaming the DevOps unicorn with Azure and Visual Studio Team Services
Taming the DevOps unicorn with Azure and Visual Studio Team Services
 
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
DevOps monitoring: Best Practices using OpenShift combined with Icinga & Big ...
 
What we do with Go
What we do with GoWhat we do with Go
What we do with Go
 
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
IPaaS 2.0: Fuse Integration Services (Robert Davies & Keith Babo)
 
Thomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLabThomson Reuters, TMS: Workflow in GitLab
Thomson Reuters, TMS: Workflow in GitLab
 
Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware Creating a commercial PaaS offer based on Fiware
Creating a commercial PaaS offer based on Fiware
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
Concurrency in Swift
Concurrency in SwiftConcurrency in Swift
Concurrency in Swift
 
OSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk BerndOSMC 2017 | Current State of Icinga by Erk Bernd
OSMC 2017 | Current State of Icinga by Erk Bernd
 

Similar to DevSecOps - Security in DevOps

DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
Aarno Aukia
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps process
Aarno Aukia
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, Kubernetes
Aarno Aukia
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloud
Aarno Aukia
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
Aarno Aukia
 
A guide to modern software development 2018
A guide to modern software development 2018A guide to modern software development 2018
A guide to modern software development 2018
Peter Bittner
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
William Caban
 
Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der Cloud
Aarno Aukia
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
Microsoft
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release Management
Sergii Kryshtop
 
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with ConcourseContinuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
VMware Tanzu
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
Patrick Chanezon
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
Docker, Inc.
 
CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018
Krishna-Kumar
 
Plataforma DevOps en OpenShift
Plataforma DevOps en OpenShiftPlataforma DevOps en OpenShift
Plataforma DevOps en OpenShift
Juan Carlos García Peláez
 
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudDevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
Cloudify Community
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
Hendri Karisma
 

Similar to DevSecOps - Security in DevOps (20)

DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
DevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipelineDevSecOps: Bringing security to the DevOps pipeline
DevSecOps: Bringing security to the DevOps pipeline
 
Continuous security improvements in the DevOps process
Continuous security improvements in the DevOps processContinuous security improvements in the DevOps process
Continuous security improvements in the DevOps process
 
Application Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, KubernetesApplication Portability using Cloud Native Technology: Docker, Kubernetes
Application Portability using Cloud Native Technology: Docker, Kubernetes
 
Next gen software operations models in the cloud
Next gen software operations models in the cloudNext gen software operations models in the cloud
Next gen software operations models in the cloud
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShiftIT Governance and Security Architecture in Docker, Kubernetes, OpenShift
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
 
A guide to modern software development 2018
A guide to modern software development 2018A guide to modern software development 2018
A guide to modern software development 2018
 
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
GitOps, Driving NGN Operations Teams 211127 #kcdgt 2021
 
Wie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der CloudWie macht man aus Software einen Online-Service in der Cloud
Wie macht man aus Software einen Online-Service in der Cloud
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
 
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
 
AzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release ManagementAzureDay Kyiv 2016 Release Management
AzureDay Kyiv 2016 Release Management
 
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with ConcourseContinuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
Continuous Delivery: Fly the Friendly CI in Pivotal Cloud Foundry with Concourse
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
 
CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018CNCF Introduction - Feb 2018
CNCF Introduction - Feb 2018
 
Plataforma DevOps en OpenShift
Plataforma DevOps en OpenShiftPlataforma DevOps en OpenShift
Plataforma DevOps en OpenShift
 
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4CloudDevOps Digital Transformation: A real life use case enabled by Alien4Cloud
DevOps Digital Transformation: A real life use case enabled by Alien4Cloud
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 

More from Aarno Aukia

Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Aarno Aukia
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...
Aarno Aukia
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Aarno Aukia
 
Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 Recap
Aarno Aukia
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platforms
Aarno Aukia
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
Aarno Aukia
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Aarno Aukia
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloud
Aarno Aukia
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die Cloud
Aarno Aukia
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container Plattforms
Aarno Aukia
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOps
Aarno Aukia
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native Computing
Aarno Aukia
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018
Aarno Aukia
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Aarno Aukia
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open source
Aarno Aukia
 
SecDevOps 2017
SecDevOps 2017SecDevOps 2017
SecDevOps 2017
Aarno Aukia
 
Cloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichCloud Native Computing Meetup Zürich
Cloud Native Computing Meetup Zürich
Aarno Aukia
 
DevOps for E-Commerce
DevOps for E-CommerceDevOps for E-Commerce
DevOps for E-Commerce
Aarno Aukia
 
Scalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftScalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShift
Aarno Aukia
 
Docker Containers in Azure
Docker Containers in AzureDocker Containers in Azure
Docker Containers in Azure
Aarno Aukia
 

More from Aarno Aukia (20)

Applikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die CloudApplikationsmodernisierung: Der Weg von Legacy in die Cloud
Applikationsmodernisierung: Der Weg von Legacy in die Cloud
 
Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...Security in the DevOps pipeline of containerized core application: Case Study...
Security in the DevOps pipeline of containerized core application: Case Study...
 
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
Von der Straße in die Cloud: Optimierung von Logistikprozessen mit Docker, Ku...
 
Kubecon 2019 Recap
Kubecon 2019 RecapKubecon 2019 Recap
Kubecon 2019 Recap
 
My broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platformsMy broken container is gone - how to debug containers on container platforms
My broken container is gone - how to debug containers on container platforms
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
 
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
Wir arbeiten in der Cloud – eine Herausforderung für das IT Management?
 
Moving Applications to the cloud
Moving Applications to the cloudMoving Applications to the cloud
Moving Applications to the cloud
 
Migration von Applikationen in die Cloud
Migration von Applikationen in die CloudMigration von Applikationen in die Cloud
Migration von Applikationen in die Cloud
 
IPv6 on Container Plattforms
IPv6 on Container PlattformsIPv6 on Container Plattforms
IPv6 on Container Plattforms
 
Cloud Native Computing & DevOps
Cloud Native Computing & DevOpsCloud Native Computing & DevOps
Cloud Native Computing & DevOps
 
Cloud Native Computing
Cloud Native ComputingCloud Native Computing
Cloud Native Computing
 
Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018Cloud Native Computing Meetup Zürich Jan 11 2018
Cloud Native Computing Meetup Zürich Jan 11 2018
 
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.chWie nutzen wir Cloud-Infrastruktur @ VSHN.ch
Wie nutzen wir Cloud-Infrastruktur @ VSHN.ch
 
Scalable Web Applications with 100% open source
Scalable Web Applications with 100% open sourceScalable Web Applications with 100% open source
Scalable Web Applications with 100% open source
 
SecDevOps 2017
SecDevOps 2017SecDevOps 2017
SecDevOps 2017
 
Cloud Native Computing Meetup Zürich
Cloud Native Computing Meetup ZürichCloud Native Computing Meetup Zürich
Cloud Native Computing Meetup Zürich
 
DevOps for E-Commerce
DevOps for E-CommerceDevOps for E-Commerce
DevOps for E-Commerce
 
Scalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShiftScalable Python with Docker, Kubernetes, OpenShift
Scalable Python with Docker, Kubernetes, OpenShift
 
Docker Containers in Azure
Docker Containers in AzureDocker Containers in Azure
Docker Containers in Azure
 

Recently uploaded

一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
kgyxske
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
kalichargn70th171
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
safelyiotech
 
ppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptxppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptx
Reetu63
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Peter Caitens
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
Tier1 app
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
kalichargn70th171
 
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLES
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLESINTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLES
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLES
anfaltahir1010
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
ICS
 

Recently uploaded (20)

一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
一比一原版(sdsu毕业证书)圣地亚哥州立大学毕业证如何办理
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
 
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
 
ppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptxppt on the brain chip neuralink.pptx
ppt on the brain chip neuralink.pptx
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom KittEnhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
The Key to Digital Success_ A Comprehensive Guide to Continuous Testing Integ...
 
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLES
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLESINTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLES
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLES
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
Webinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for EmbeddedWebinar On-Demand: Using Flutter for Embedded
Webinar On-Demand: Using Flutter for Embedded
 

DevSecOps - Security in DevOps

  • 1. VSHN - The DevOps Company DevSecOps Security in DevOps Aarno Aukia, CTO @ VSHN - The DevOps Company 05.10.2020 WeAreDevelopers Live Week
  • 2. VSHN - The DevOps Company ● About Aarno & VSHN.ch ● Why? From Dev to DevOps to DevSecOps ● What? DevSecOps principles ● How? Concrete measures ● Who? Customer Example: Finnova AG Bankware ● Because? Resulting IT Governance & security benefits 22 Agenda
  • 3. VSHN - The DevOps Company @aarnoaukia a@vshn.ch ETH → Google → Atrila → VSHN VSHN - The DevOps Company @vshn_ch Since 2014, currently 45 VSHNeers in Zürich, Switzerland Helping developers run online businesses without having to worry about operations 33 About Aarno & VSHN.ch
  • 4. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 5. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 6. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Validation Maintenance
  • 7. VSHN - The DevOps Company Software Project Management Requirements Design Implementation Testing Release Biz
  • 8. VSHN - The DevOps Company Software Project Management: Dev vs. Ops Requirements Design Implementation Testing Release Ops Biz
  • 9. VSHN - The DevOps Company 9 OPS = Firefighting-as-a-Service ? 9
  • 10. VSHN - The DevOps Company Collaboration between software developers and operations: ● Teamwork ● Continuous improvement ● Efficient and lean ● Agile: being able to react to new requirements ● Automate as much as possible (“Infrastructure as code”) 1212 DevOps: People, Processes & Tools
  • 11. VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor
  • 12. VSHN - The DevOps Company Software Project Management: DevOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor SECURITY
  • 13. VSHN - The DevOps Company Software Project Management: DevSecOps Requirements Design Implementation Testing ReleaseDeployOperateMonitor Todo-List Data & Risks Secure Practices Validation traceabilityauditabilityAnomalies Availability
  • 14. VSHN - The DevOps Company ● Developer education, requirements engineering, design review -> AppSec/DevSec ● Software Build/Deployment/Operations -> DevSecOps ● Incident detection & management -> SecOps 1616 Areas of security improvement
  • 15. VSHN - The DevOps Company DevSecOps principles 1717
  • 16. VSHN - The DevOps Company ● static code analysis automatically for each commit (DevSecOps principle 4) ● Dependency Management (DevSecOps principle 5) ● (base) container image scanning (DevSecOps principle 5) 1818 Build
  • 17. VSHN - The DevOps Company Code analysis: sonarqube 1919
  • 18. VSHN - The DevOps Company 2020 Dependency updates: https://dependabot.com
  • 19. VSHN - The DevOps Company Container scanning: aquasec 2121
  • 20. VSHN - The DevOps Company ● smoke tests (DevSecOps principle 4) ● As many test environments as necessary (DevSecOps principle 4) ● atomic container deployment (DevSecOps principle 6) ● every deployment (and rollback) is a “normal deployment” (DevSecOps principle 6) ● deployment automation removes need for (all) devs root prod access and/or waiting for ops to deploy new dev version (DevSecOps principle 6) 2222 Test & Deployment
  • 21. VSHN - The DevOps Company ● standardization on (minimal, hardened) OS and container orchestrator ● immutable (application) infrastructure using containers ● process/storage/network separation of applications/environments ● detect/prevent configuration drift between dev/test/stage/prod envs ● documentation & automatic backup of all volumes ● documentation & monitoring of routes/loadbalancers/ingresspoints with enforcing SSL/TLS ● AAI for admin & application ● key & secrets management ● audit logging of control & application planes 2323 Ops (DevSecOps principle 1)
  • 22. VSHN - The DevOps Company Container isolation 2424 ● Kernel namespacing (process & network) ● Control groups (resource quota to prevent DoS) ● SELinux (additional syscall filter) ● prevent running as root inside container, no user-provided privileged containers (enforce best practice) ● readonly container filesystem (harder to persist exploit at runtime)
  • 23. VSHN - The DevOps Company ● “Docker” ○ Kernel-based process isolation based on lxc/libcontainer/runc (CNCF open standard) ○ Open Source Tools for container image creation and management (“Docker CE”) ○ Company based in San Francisco (“Docker inc”) ○ Enterprise software product (“Docker EE”) ○ Online portal for public docker containers (“Dockerhub” hub.docker.com) ● “Dockerfile” ○ Text file containing all the instructions to build and assemble the application into a container including application code, appserver, plugins, modules, libraries down to libc ○ Goal: document & automate the build process ○ Usually in the application GIT repository ○ References a base image to incrementally add the application to 3030 Container technology: Docker
  • 24. VSHN - The DevOps Company ● Use declarative formats for setup automation ● Have a clean, portable contract with the underlying operating system ● Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration; ● Minimize divergence between development and production, enabling continuous deployment for maximum agility; ● And can scale up without significant changes to tooling, architecture, or development practices. 3131 12 Factor App Patterns: https://12factor.net/
  • 25. VSHN - The DevOps Company From container to production? 3232
  • 26. VSHN - The DevOps Company ● How many container instances should be running per service? ● On which IP/port/server are they running on? ● Service discovery ● What happens if a container/server goes away? ● scaling, load balancing, rolling deployments, persistent storage, networking 3333 Container orchestration: Kubernetes
  • 27. VSHN - The DevOps Company Docker Kubernetes 3939 Layers of abstraction Hardware Operating System Service discovery & Load balancing Application Server Application Cloud/Onprem
  • 28. VSHN - The DevOps Company Zooming in...
  • 29. VSHN - The DevOps Company ● Logging: EFK ● Metrics: Prometheus ● SSL-Certificates: cert-manager (letsencrypt.org) ● Source-to-image builder, Dockerfile builder, Docker-Image-Registry ● Load-balancing: Ingress, NGINX ● horizontal (auto) scaling, rolling deployments ● Scanning: image scanning (repo & runtime) 4141 Kubernetes Ecosystem
  • 30. VSHN - The DevOps Company AAI: Keycloak 4242 ● Identity & Access Management ● Single sign in/out ● Identity brokering: ○ OpenID Connect (OAuth2, FB/Twitter/Github etc.) ○ SAML2.0 ○ Kerberos ● User federation: LDAP, AD, etc ● 2FA: TOTP/HOTP ● Managing the Authorization groups
  • 31. VSHN - The DevOps Company Logs: ELK/EFK/Greylog 4343 ● Logging all access and changes through the control plane ● Logging all access to the application and correlate with application logs ● Index, view, filter, aggregate KPI → monitoring ● Store outside of application scope
  • 32. VSHN - The DevOps Company ● Prometheus ○ time series database ○ open source / CNCF-project ○ well-integrated in docker/kubernetes stats ● NewRelic APM ○ application-level profiling ○ performance tracking ○ exception tracking (backend & frontend) ○ available as SaaS 4444 Metrics: Prometheus / NewRelic
  • 33. VSHN - The DevOps Company ● Developer and Operator of Banking Software used by ~100 Banks ● Based in Lenzburg, Switzerland ● Founded 1974 ● ~400 Employees Example: Finnova AG Bankware
  • 34. Hier steht der Präsentationstitel I 47
  • 35. VSHN - The DevOps Company 48 Deployment Process & Security DEV (Repository) Files (Pods) Docker Images Container (OpenShift) Betrieb AM Seewen (PRD) GitHub Code Image-Scan (Security & Compliance Policies) » Code Analyse » Image Scanning » Container Hardening Runtime » Network Security » Monitoring » Logging & Reporting » Code Security » Access » Security & Auditing SecurityDeployment
  • 36. VSHN - The DevOps Company 49 Architecture and Security
  • 37. VSHN - The DevOps Company ● “Full Stack Audit” ● Review design document ● Every layer was custom built ○ physical hardware ○ handcrafted servers ○ manual application deployment ● Review each layer ● Review each layer again next year... 5050 Traditional IT governance
  • 38. VSHN - The DevOps Company ● Standardized components ○ already audited, some even externally certified ○ re-used, economies of scale, CMMI level 5 ○ tech controls (AAI, RBAC, logs/SIEM) implemented once ○ financial controls implemented once ● Infrastructure: private/public cloud ● Ops: Container orchestration platform ● Review design document & platform configuration 5151 Cloud native IT governance
  • 39. VSHN - The DevOps Company ● prevent configuration drift ○ immutable (application) infrastructure using containers ○ deploy dev/test/stage/prod envs from CI/CD ● prevent manual errors ○ validate configuration in CI/CD before deployment ○ standardization on (minimal, hardened) OS and container orchestrator ○ deployment automation removes need for (most) root prod access ● security by default ○ image scanning, dependency vulnerability management ○ process/storage/network separation of applications/environments ○ volumes & ingresspoints best practice (documentation, monitoring, backup, SSL/TLS/WAF) ○ AAI for admin & application, audit trail logging of CI/CD, control & application planes ○ key & secrets management ● 5252 IT governance controls in container platforms
  • 40. VSHN - The DevOps Company ● compute resources billable by project ● self-service-onboarding possible ● autoscaling, scale-down dev envs outside office hours ● vendor procurement/due diligence/certification management ● SLA, 24x7, service process, escalation management clearly defined 5353 IT governance financial/compliance controlling
  • 41. VSHN - The DevOps Company DevSecOps principles 5454
  • 42. VSHN - The DevOps Company ● Please get in touch with feedback ● Twitter: @aarnoaukia ● Linkedin: https://www.linkedin.com/in/aukia/ ● Email: aarno.aukia@vshn.ch 5555 Thank you
  • 43. Come visit us for a coffee! VSHN AG - Neugasse 10 - CH-8005 Zürich - +41 44 545 53 00 - https://vshn.ch/ - info@vshn.ch https://vshn.ch/kontakt/ Follow us on Twitter! @vshn_ch 56