PT
Uploaded bypenetration Tester
PPTX, PDF233 views

DSOMM

The DevSecOps Maturity Model (DSOMM) provides a framework for prioritizing security measures when using DevOps strategies to enhance security. It defines four levels of implementation from basic security practices to advanced deployment at scale. There are four main evaluation criteria: the comprehensiveness of static and dynamic code scans, the frequency of security scans, and the completeness of remediation workflows for security findings.

Embed presentation

Download to read offline
DSOMM DevSecOps Maturity Model
DSOMM • The DevSecOps Maturity Model (DSOMM), shows security measures which are applied when using DevOps strategies and how these can be prioritized. With the help of DevOps strategies security can also be enhanced • For example, each component such as application libraries and operating system libraries in docker images can be tested for known vulnerabilities
• Implementation Levels in DSOMM are • Level 1: Basic understanding of security practices • Level 2: Adoption of basic security practices • Level 3: High adoption of security practices • Level 4: Advanced deployment of security practices at scale
• There are four main evaluation criteria in DSOMM:  Static depth — How comprehensive the static code scan that you are performing within the AppSec CI pipeline is.  Dynamic depth — How comprehensive the dynamic scan that is being run within the AppSec CI pipeline is.  Intensity - Your schedule frequency for the security scans running in AppSec CI pipeline.  Consolidation — Your remediation workflow for handling findings and process completeness.
Referece : • https://dsomm.timo-pagel.de/

More Related Content

PPTX
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PDF
The State of DevSecOps
byDevOps Indonesia
 
PDF
DevSecOps The Evolution of DevOps
byMichael Man
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
PPTX
DEVSECOPS.pptx
byMohammadSaif904342
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
PPTX
DevSecOps reference architectures 2018
bySonatype
 
PDF
The What, Why, and How of DevSecOps
byCprime
 
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
The State of DevSecOps
byDevOps Indonesia
 
DevSecOps The Evolution of DevOps
byMichael Man
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
byMohammed A. Imran
 
DEVSECOPS.pptx
byMohammadSaif904342
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
DevSecOps reference architectures 2018
bySonatype
 
The What, Why, and How of DevSecOps
byCprime
 

What's hot

PDF
DevSecOps Implementation Journey
byDevOps Indonesia
 
PPTX
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
byMohamed Nizzad
 
PPTX
DevOps introduction
byMettje Heegstra
 
PDF
Azure DevOps Presentation
byInCycleSoftware
 
PPTX
DevSecOps : an Introduction
byPrashanth B. P.
 
PPTX
How to Get Started with DevSecOps
byCYBRIC
 
PDF
Introduction to DevOps
byRavindu Fernando
 
PPTX
DevSecOps
byJoel Divekar
 
PPTX
Power of Azure Devops
byAzure Riyadh User Group
 
PPTX
Introduction to DevSecOps
byabhimanyubhogwan
 
PDF
DevSecOps What Why and How
byNotSoSecure Global Services
 
PDF
DevSecOps | DevOps Sec
byRubal Jain
 
PDF
Scaling DevSecOps Culture for Enterprise
byOpsta
 
PPTX
DevOps introduction
byChristian F. Nissen
 
PDF
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
byEdureka!
 
PPTX
0 to hero with Azure DevOps
byChristos Matskas
 
ODP
Devops Devops Devops
byKris Buytaert
 
PPTX
Azure dev ops
byTomy Rhymond
 
PPTX
A Crash Course in Building Site Reliability
byAcquia
 
PPTX
Agile Manifesto and Principles
byAryan Rajbhandari
 
DevSecOps Implementation Journey
byDevOps Indonesia
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
byMohamed Nizzad
 
DevOps introduction
byMettje Heegstra
 
Azure DevOps Presentation
byInCycleSoftware
 
DevSecOps : an Introduction
byPrashanth B. P.
 
How to Get Started with DevSecOps
byCYBRIC
 
Introduction to DevOps
byRavindu Fernando
 
DevSecOps
byJoel Divekar
 
Power of Azure Devops
byAzure Riyadh User Group
 
Introduction to DevSecOps
byabhimanyubhogwan
 
DevSecOps What Why and How
byNotSoSecure Global Services
 
DevSecOps | DevOps Sec
byRubal Jain
 
Scaling DevSecOps Culture for Enterprise
byOpsta
 
DevOps introduction
byChristian F. Nissen
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
byEdureka!
 
0 to hero with Azure DevOps
byChristos Matskas
 
Devops Devops Devops
byKris Buytaert
 
Azure dev ops
byTomy Rhymond
 
A Crash Course in Building Site Reliability
byAcquia
 
Agile Manifesto and Principles
byAryan Rajbhandari
 

Similar to DSOMM

PDF
Introduction to DevSecOps
bySetu Parimi
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
byTonex
 
PPTX
DevSecOps Story with added security controls
byHareeshNani5
 
PPTX
Why You Should Implement DevSecOps Approach?
byEnov8
 
PPTX
DevSecOps: Integrating Security Into Your SDLC
byDev Software
 
PDF
DevSecOpsMaturityModel.pdf
bycdsk335
 
PDF
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
PDF
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
PPTX
What is devsecops and what is the characteristics of it
byamalsalah25
 
PDF
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
PPTX
DevSecCon KeyNote London 2015
byShannon Lietz
 
PPTX
DevSecOps presentation explaining what is devsecops
byamalsalah25
 
PDF
Security & Compliance, Without the Headaches..pdf
byDevseccops.ai
 
PDF
Why You Should Implement DevSecOps Approach?
byEnov8
 
PDF
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
PDF
Scale security for a dollar or less
byMohammed A. Imran
 
PPTX
DevSecCon Keynote
byShannon Lietz
 
PPTX
ISACA Ireland Keynote 2015
byShannon Lietz
 
PDF
How To Implement DevSecOps In Your Existing DevOps Workflow
byEnov8
 
PDF
Forrester Infographic
byThang Cao (He/Him)
 
Introduction to DevSecOps
bySetu Parimi
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
byTonex
 
DevSecOps Story with added security controls
byHareeshNani5
 
Why You Should Implement DevSecOps Approach?
byEnov8
 
DevSecOps: Integrating Security Into Your SDLC
byDev Software
 
DevSecOpsMaturityModel.pdf
bycdsk335
 
Why Security Engineer Need Shift-Left to DevSecOps?
byNajib Radzuan
 
The Rise of DevSecOps in CI_CD Workflows.pdf
byyour techdigest
 
What is devsecops and what is the characteristics of it
byamalsalah25
 
How DevOps Improves Security DevSecOps Explained.pdf
byhimanshuwowit
 
DevSecCon KeyNote London 2015
byShannon Lietz
 
DevSecOps presentation explaining what is devsecops
byamalsalah25
 
Security & Compliance, Without the Headaches..pdf
byDevseccops.ai
 
Why You Should Implement DevSecOps Approach?
byEnov8
 
Strengthen and Scale Security for a dollar or less
byMohammed A. Imran
 
Scale security for a dollar or less
byMohammed A. Imran
 
DevSecCon Keynote
byShannon Lietz
 
ISACA Ireland Keynote 2015
byShannon Lietz
 
How To Implement DevSecOps In Your Existing DevOps Workflow
byEnov8
 
Forrester Infographic
byThang Cao (He/Him)
 

More from penetration Tester

PPTX
Devops
bypenetration Tester
 
PPTX
Jenkins
bypenetration Tester
 
PPTX
Sonar qube
bypenetration Tester
 
PPTX
Owasp zap
bypenetration Tester
 
PPTX
Sonarlint
bypenetration Tester
 
PPTX
Nist
bypenetration Tester
 
PPTX
Shift left
bypenetration Tester
 
PPTX
Shift left
bypenetration Tester
 
PDF
Jenkins
bypenetration Tester
 
PPTX
Lfi
bypenetration Tester
 
PPTX
Deployment Strategies
bypenetration Tester
 
PPTX
Burp intruder
bypenetration Tester
 
PPTX
Directory traversal
bypenetration Tester
 
PDF
Burp documentation
bypenetration Tester
 
DOCX
Maven
bypenetration Tester
 
DOCX
7 layer OSI model
bypenetration Tester
 
PPTX
Virtual box
bypenetration Tester
 
PPTX
Hippa
bypenetration Tester
 
PPTX
Tcp IP OSI
bypenetration Tester
 
PPTX
Burp repeater
bypenetration Tester
 
Devops
bypenetration Tester
 
Jenkins
bypenetration Tester
 
Sonar qube
bypenetration Tester
 
Owasp zap
bypenetration Tester
 
Sonarlint
bypenetration Tester
 
Nist
bypenetration Tester
 
Shift left
bypenetration Tester
 
Shift left
bypenetration Tester
 
Jenkins
bypenetration Tester
 
Lfi
bypenetration Tester
 
Deployment Strategies
bypenetration Tester
 
Burp intruder
bypenetration Tester
 
Directory traversal
bypenetration Tester
 
Burp documentation
bypenetration Tester
 
Maven
bypenetration Tester
 
7 layer OSI model
bypenetration Tester
 
Virtual box
bypenetration Tester
 
Hippa
bypenetration Tester
 
Tcp IP OSI
bypenetration Tester
 
Burp repeater
bypenetration Tester
 

Recently uploaded

PDF
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
PDF
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
PPTX
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
DOCX
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
PPTX
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
PDF
Toward Massive, Ultrareliable, and Low-Latency Wireless Communication With Sh...
byMan_Ebook
 
PPTX
AI_in_Daily_Life_Presentation and more.pptx
bybantydansena
 
PPTX
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PPTX
Basics in Phytochemistry, Extraction, Isolation methods, Characterisation etc.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
PDF
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PDF
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
PDF
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PPTX
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
PPTX
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
PPTX
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
PDF
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
PDF
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 
The Drift Principle: When Information Accelerates Faster Than Minds Can Compress
byReality Drift Archive
 
FAMILY ASSESSMENT FORMAT - CHN practical
byDr. Sudhadevi Sadanandan
 
Limpitlaw "Licensing: From Mindset to Milestones"
byNational Information Standards Organization (NISO)
 
Mobile applications Devlopment ReTest year 2025-2026
byDr. Mazin Mohamed alkathiri
 
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
Toward Massive, Ultrareliable, and Low-Latency Wireless Communication With Sh...
byMan_Ebook
 
AI_in_Daily_Life_Presentation and more.pptx
bybantydansena
 
Cost of Capital - Cost of Equity, Cost of debenture, Cost of Preference share...
bySundar B N
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
Basics in Phytochemistry, Extraction, Isolation methods, Characterisation etc.
byD. Y. Patil College of Pharmacy, Kolhapur.
 
Projecte de la porta de la classe de primer A: Mar i cel.
byeduardrubio1
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
Projecte de la porta de primer B: L'antic Egipte
byeduardrubio1
 
IMANI Africa files RTI request seeking full disclosure on 2026 SIM registrati...
bynservice241
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
York "Collaboration for Research Support at U-M Library"
byNational Information Standards Organization (NISO)
 
ELEMENTS OF COMMUNICATION (UNIT 2) .pptx
byPOOJA KARVANDE
 
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
Unit-III pdf (Basic listening Skill, Effective Writing Communication & Writin...
bySayyadTarannum
 
Digital Wellness in University Communities: Libraries as Guardians of Healthy...
bySylvester Ebhonu
 

DSOMM

  • 1.
  • 2.
    DSOMM • The DevSecOpsMaturity Model (DSOMM), shows security measures which are applied when using DevOps strategies and how these can be prioritized. With the help of DevOps strategies security can also be enhanced • For example, each component such as application libraries and operating system libraries in docker images can be tested for known vulnerabilities
  • 4.
    • Implementation Levelsin DSOMM are • Level 1: Basic understanding of security practices • Level 2: Adoption of basic security practices • Level 3: High adoption of security practices • Level 4: Advanced deployment of security practices at scale
  • 5.
    • There arefour main evaluation criteria in DSOMM:  Static depth — How comprehensive the static code scan that you are performing within the AppSec CI pipeline is.  Dynamic depth — How comprehensive the dynamic scan that is being run within the AppSec CI pipeline is.  Intensity - Your schedule frequency for the security scans running in AppSec CI pipeline.  Consolidation — Your remediation workflow for handling findings and process completeness.
  • 6.