Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
Achieving Secure DevOps: Overcoming the Risks of Modern Service DeliveryPerforce
DevOps and Continuous Delivery practices are attracting the attention of many organizations looking to increase the speed of their application delivery, yet doing so the wrong way can risk both quality and security. In this webinar, Forrester analysts Kurt Bittner and Rick Holland will share their insights on how DevOps and Security teams can work better together to meet these challenges, along with best practices for bringing greater security to product development and delivery.
Marcin Grzejszczak - Contract Tests in the EnterpriseSegFaultConf
Is your legacy application talking to a service that is never up and running on your shared testing environment? Does your company waste a lot of time and money on regression testing only to see that, yet again, someone has created a typo in the API? Enough is enough. Time to fix this problem using contract tests!
In this presentation you’ll see how to migrate a legacy application to work with stubs of external applications. We’ll show different ways of increasing your test reliability by writing adding contract tests of your API. You’ll see the difference between producer and consumer driven contracts.
OpenChain, the ISO standard, defines effective open source compliance. This slide deck aims to let people get familiar with OpenChain specification from scratch.
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
Achieving Secure DevOps: Overcoming the Risks of Modern Service DeliveryPerforce
DevOps and Continuous Delivery practices are attracting the attention of many organizations looking to increase the speed of their application delivery, yet doing so the wrong way can risk both quality and security. In this webinar, Forrester analysts Kurt Bittner and Rick Holland will share their insights on how DevOps and Security teams can work better together to meet these challenges, along with best practices for bringing greater security to product development and delivery.
Marcin Grzejszczak - Contract Tests in the EnterpriseSegFaultConf
Is your legacy application talking to a service that is never up and running on your shared testing environment? Does your company waste a lot of time and money on regression testing only to see that, yet again, someone has created a typo in the API? Enough is enough. Time to fix this problem using contract tests!
In this presentation you’ll see how to migrate a legacy application to work with stubs of external applications. We’ll show different ways of increasing your test reliability by writing adding contract tests of your API. You’ll see the difference between producer and consumer driven contracts.
OpenChain, the ISO standard, defines effective open source compliance. This slide deck aims to let people get familiar with OpenChain specification from scratch.
OpenChain - The Industry Standard for Open Source ComplianceSZ Lin
OpenChain is a legal compliance process and standard for the implementation of open source software in the enterprise supply chain. It enables the upstream and downstream of the software supply to follow and share the open source compliance obligations accordingly; moreover, it can also help the enterprises to collaborate with the open source communities positively.
DevSecOps for Developers: How To StartPatricia Aas
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?
Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring."
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
The Secret Recipe for Automating Android Malware Analysis - Lorenzo Cavallaro...Codemotion
Rapid advent of Android platforms has dawned an era of sophisticated malware that attacks these systems. To better understand this slew of threats, in this talk, I will first introduce CopperDroid, an automatic VMI-based dynamic analysis system to reconstruct the behaviors of Android malware. I will then discuss the efficacy of such behavioral profiles to differentiate between families of malware. Finally, in a departure from traditional classification techniques, I further show how a statistical machine learning evaluation facilitates near-perfect accuracy by considering prediction sets.
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNSC42 Ltd
Security Architecture in DEVOPS
Title:
Security Architect, slayer of dragons defenders of the realms and protectors of the cybersecurity automation
Synopsis:
The talk will take the audience on a journey from the origin of the security architecture, the challenge of cloud security and the role of an architect in the dev-sec-ops world.
The talk explains the difference between traditional command and control governance and the solution to avoid starving automation and innovation with traditional security governance
We will explore:
Security Gates and why they do not always work in dev-ops
Automation how-tos:
How to deploy cybersecurity at scale
Why is important to know how to deal with people
Automation in the pipeline is the king
If time is available the talk will explore some additional lesson learned
rough length: compressed version 30 min normally 50 min or workshop format
Audience Take Away:
How to build a cybersecurity programme with architecture at the heart
how to do traditional security governance
how to mix governance and agile development as well as dev sec ops
how to extract patterns from existing design
the value of design principle patterns and why they are key to go fast.
how and when to use tools (SAST/DAST) and when to engineer
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
How to get along with HATEOAS without letting the bad guys steal your lunch?
It’s a cool idea - decouple the client from the server and let the application tell the client what it can do dynamically. This approach should allow much more flexibility and resilience as the client and server can evolve separately. Unfortunately, the HATEOAS approach can be a free lunch for cybercriminals unless you understand the simple steps needed to secure your design.
The question is - how to achieve the balance of design flexibility and security in practice?
This session will show you how to create a secure hypermedia-driven RESTful web service using HATEOAS principles. You’ll learn how HATEOAS works, understand how it can be exploited by the bad guys and discover why HATEOAS is still a really good approach .
With code and examples this session will leave you more informed and possibly a little wiser.
SpringOne Platform 2017
Miranda LeBlanc, Liberty Mutual
For early adopters, CI/CD and DevOps are obvious choices for driving software innovation at lightning speed, but how do you go about motivating the entire IT organization? At Liberty Mutual Insurance, we've been on a DevOps, Agile and CI/CD journey for at least the last 10 years. Come hear about how we've organically grown a culture supporting CI/CD practices and what our current struggles are in transforming 100 year old insurance company to run like a start up.
As organizations grapple with ever increasing threats to security, the focus is shifting from just monitoring and protecting access. This approach protects the organization with a 'hard outer shell' or perimeter. With insider threats and complex, distributed work environments, media & entertainment organizations need to focus inside the shell and monitor access points to critical data within the organization and securing data. This session will review the latest security practices including cyber situational awareness and advances in data management that are enabling organizations to protect their data at the source while not crippling the critical role that access to data plays in the operations of today's entertainment organizations.
TWISummit 2019 - Take the Pain out of Browser Automation!Thoughtworks
Are you ready to challenge the existing beliefs centered around browser automation? Explore Taiko - a free and open source library that has a lean learning curve, with Easy APIs to quickly automate web applications and reduce test flakiness with a prerequisite of NodeJS.
Learn what devsecops really means! See why security is in crisis and how it can find a new path forward.
Talk from DevSecOps Leadership Forum in Dallas, Texas, April 22nd, 2018.
From DevOps to DevSecOps, access control vulnerabilities and misconfigurations are the top security issues in infrastructure management. This workshop will introduce how to improve security in CI/CD to avoid privilege escalation and harden K8s security based on kube-bench (CIS Kubernetes Benchmark) and kubesec tools.
How to go beyond traditional Scrum principles and scale to globally distributed teams with Continuous Delivery and Subversion. Presented by Andy Singleton of Assembla and Scott Rudenstein of WANdisco. Presented Nov. 15, 2012. 30 minutes.
Principles and Practices in Continuous Deployment at EtsyMike Brittain
Presented at ALM Forum 2014.
Like what you've read? We're frequently hiring for a variety of engineering roles at Etsy. If you're interested, drop me a line or send me your resume: mike@etsy.com.
http://www.etsy.com/careers
Covering topics like:
CI CD DevOps Jenkins TFS TeamCity Compile Test Package Delpoy
See Disclaimer in the last slide and/or in file comments, if available.
Five Ways Automation Has Increased Application Deployment and Changed CultureXebiaLabs
Paychex, a recognized leader in the payroll, human resource, and benefits outsourcing industry, found that the demand for application deployments had increased beyond what could be supported by manual configuration. Keeping up with this demand required a shift from manually providing a service to developing an automated platform for self-service resulting in a culture change with new partnering across their DEV, OPS and Architecture teams.
David Jozis, Automation Engineer at Paychex, discusses the challenges they encountered when making these significant changes and how they were able to overcome them to accomplish 5x as many deployments as before.
OpenChain - The Industry Standard for Open Source ComplianceSZ Lin
OpenChain is a legal compliance process and standard for the implementation of open source software in the enterprise supply chain. It enables the upstream and downstream of the software supply to follow and share the open source compliance obligations accordingly; moreover, it can also help the enterprises to collaborate with the open source communities positively.
DevSecOps for Developers: How To StartPatricia Aas
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?
Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring."
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
The Secret Recipe for Automating Android Malware Analysis - Lorenzo Cavallaro...Codemotion
Rapid advent of Android platforms has dawned an era of sophisticated malware that attacks these systems. To better understand this slew of threats, in this talk, I will first introduce CopperDroid, an automatic VMI-based dynamic analysis system to reconstruct the behaviors of Android malware. I will then discuss the efficacy of such behavioral profiles to differentiate between families of malware. Finally, in a departure from traditional classification techniques, I further show how a statistical machine learning evaluation facilitates near-perfect accuracy by considering prediction sets.
Nsc42 security knights slayer of dragons 0-5_very_short_15m_shareNSC42 Ltd
Security Architecture in DEVOPS
Title:
Security Architect, slayer of dragons defenders of the realms and protectors of the cybersecurity automation
Synopsis:
The talk will take the audience on a journey from the origin of the security architecture, the challenge of cloud security and the role of an architect in the dev-sec-ops world.
The talk explains the difference between traditional command and control governance and the solution to avoid starving automation and innovation with traditional security governance
We will explore:
Security Gates and why they do not always work in dev-ops
Automation how-tos:
How to deploy cybersecurity at scale
Why is important to know how to deal with people
Automation in the pipeline is the king
If time is available the talk will explore some additional lesson learned
rough length: compressed version 30 min normally 50 min or workshop format
Audience Take Away:
How to build a cybersecurity programme with architecture at the heart
how to do traditional security governance
how to mix governance and agile development as well as dev sec ops
how to extract patterns from existing design
the value of design principle patterns and why they are key to go fast.
how and when to use tools (SAST/DAST) and when to engineer
How to get along with HATEOAS without letting the bad guys steal your lunch?Graham Charters
How to get along with HATEOAS without letting the bad guys steal your lunch?
It’s a cool idea - decouple the client from the server and let the application tell the client what it can do dynamically. This approach should allow much more flexibility and resilience as the client and server can evolve separately. Unfortunately, the HATEOAS approach can be a free lunch for cybercriminals unless you understand the simple steps needed to secure your design.
The question is - how to achieve the balance of design flexibility and security in practice?
This session will show you how to create a secure hypermedia-driven RESTful web service using HATEOAS principles. You’ll learn how HATEOAS works, understand how it can be exploited by the bad guys and discover why HATEOAS is still a really good approach .
With code and examples this session will leave you more informed and possibly a little wiser.
SpringOne Platform 2017
Miranda LeBlanc, Liberty Mutual
For early adopters, CI/CD and DevOps are obvious choices for driving software innovation at lightning speed, but how do you go about motivating the entire IT organization? At Liberty Mutual Insurance, we've been on a DevOps, Agile and CI/CD journey for at least the last 10 years. Come hear about how we've organically grown a culture supporting CI/CD practices and what our current struggles are in transforming 100 year old insurance company to run like a start up.
As organizations grapple with ever increasing threats to security, the focus is shifting from just monitoring and protecting access. This approach protects the organization with a 'hard outer shell' or perimeter. With insider threats and complex, distributed work environments, media & entertainment organizations need to focus inside the shell and monitor access points to critical data within the organization and securing data. This session will review the latest security practices including cyber situational awareness and advances in data management that are enabling organizations to protect their data at the source while not crippling the critical role that access to data plays in the operations of today's entertainment organizations.
TWISummit 2019 - Take the Pain out of Browser Automation!Thoughtworks
Are you ready to challenge the existing beliefs centered around browser automation? Explore Taiko - a free and open source library that has a lean learning curve, with Easy APIs to quickly automate web applications and reduce test flakiness with a prerequisite of NodeJS.
Learn what devsecops really means! See why security is in crisis and how it can find a new path forward.
Talk from DevSecOps Leadership Forum in Dallas, Texas, April 22nd, 2018.
From DevOps to DevSecOps, access control vulnerabilities and misconfigurations are the top security issues in infrastructure management. This workshop will introduce how to improve security in CI/CD to avoid privilege escalation and harden K8s security based on kube-bench (CIS Kubernetes Benchmark) and kubesec tools.
How to go beyond traditional Scrum principles and scale to globally distributed teams with Continuous Delivery and Subversion. Presented by Andy Singleton of Assembla and Scott Rudenstein of WANdisco. Presented Nov. 15, 2012. 30 minutes.
Principles and Practices in Continuous Deployment at EtsyMike Brittain
Presented at ALM Forum 2014.
Like what you've read? We're frequently hiring for a variety of engineering roles at Etsy. If you're interested, drop me a line or send me your resume: mike@etsy.com.
http://www.etsy.com/careers
Covering topics like:
CI CD DevOps Jenkins TFS TeamCity Compile Test Package Delpoy
See Disclaimer in the last slide and/or in file comments, if available.
Five Ways Automation Has Increased Application Deployment and Changed CultureXebiaLabs
Paychex, a recognized leader in the payroll, human resource, and benefits outsourcing industry, found that the demand for application deployments had increased beyond what could be supported by manual configuration. Keeping up with this demand required a shift from manually providing a service to developing an automated platform for self-service resulting in a culture change with new partnering across their DEV, OPS and Architecture teams.
David Jozis, Automation Engineer at Paychex, discusses the challenges they encountered when making these significant changes and how they were able to overcome them to accomplish 5x as many deployments as before.
TDD is the elengant way of designing software. People scares from it so much, because software design is hard and it requires discipline. In this talk, I tried to describe what TDD is from software design perspective.
Continuous Delivery refers to the process of releasing high quality software quickly and with confidence through the use of build, test and deployment automation. By applying Lean techniques to the development, test and deployment of software, waste is reduced and staff are freed up to work on more important tasks. By following a continuous delivery model, release cycles shift from a matter of months to weeks or days.
In this presentation, we will look at the key tools and processes involved in transitioning from a manual culture to one that embraces automation. We will look at real world examples, including the tools and architectural components. We will discuss organizational impacts, including the dramatic improvements in morale as team delivery commitments are met more easily through automation.
Session at ContainerDay Security 2023 on the 8th of March in Hamburg.
The ClusterImageScanner detects images in Kubernetes clusters and provides fast feedback based on security scans. Security scans are for example image lifetime or detection of known vulnerabilities.
This talk will give insights into:
- The use cases of the ClusterImageScanner
- The different scans
- The architecture
- A live demo
The ClusterImageScannerScanner is OpenSource, get it from https://github.com/SDA-SE/cluster-image-scanner/.
Session at ContainerDay Security 2023 on the 8th of March in Hamburg.
The ClusterImageScanner detects images in Kubernetes clusters and provides fast feedback based on security scans. Security scans are for example image lifetime or detection of known vulnerabilities.
This talk will give insights into:
- The use cases of the ClusterImageScanner
- The different scans
- The architecture
- A live demo
The ClusterImageScannerScanner is OpenSource, get it from https://github.com/SDA-SE/cluster-image-scanner/.
This session focuses on IPv6 deployment options for the enterprise and commercial network manager, with in-depth information about IPv6 configuration and transition methods. IPv6 deployment considerations for specific areas of the network such as campus, WAN or branch, remote access, and data center are discussed. The session features best practices for deploying IPv6 with a variety of associated technologies and operating systems.
Testing in Production, Deploy on FridaysYi-Feng Tzeng
本議題是去年 ModernWeb'19 「Progressive Deployment & NoDeploy」的延伸。雖然已提倡 Testing in Production 多年,但至今願意或敢於實踐的團隊並不多,背後原因多是與文化及態度有些關係。
此次主要分享推廣過程中遇到的苦與甜,以及自己親力操刀幾項達成 Testing in Production, Deploy on Fridays 成就的產品。
Introduction to Redis 3.0, and it’s features and improvements. What’s difference between Redis / Memcached / Aerospike ? The strong sides of Redis, and away from the weak sides.
本議程介紹 Redis 3.0 及其歷史,探討 Redis 的特性與改進。並一併分析 Redis / Memcached / Aerospike 三者之間的差異,有助於未來面對業務場景需求提供瞭解與判斷。最後,分享 Redis 適用之場景,及其不適用場景下的備案或整合方案。議程適於 Redis 初學者、對 Redis 想深入瞭解者,及曾經莫名被 Redis 雷擊或坑殺者。
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
21. 21/81
Code Test Operate
Continuous Integration / 持續整合
Continuous Delivery / 持續交付
Continuous Deployment / 持續部署
DevOps / SRE
Commit Dev Test Staging Test Deploy Prod
Continuous Deployment
Local Dev Staging Prod
Environments
Chaos
22. 22/81
Code Test Operate
Continuous Integration / 持續整合
Continuous Delivery / 持續交付
Continuous Deployment / 持續部署
DevOps / SRE
Commit Dev Test Staging Test Deploy Prod
Continuous Deployment
Local Dev Staging Prod
Environments
Chaos
23. 23/81
Staging
Staging 環境必須與 Production 環境幾乎
相同,這十分困難,否則測試就不準了。
Trying to mirror your staging
environment to production is a fool’s
errand. Just give up.
嘗試將 Staging 視為 Production 是一個愚蠢的事。放棄吧。
Partial Credit: https://thenewstack.io/honeycombs-charity-majors-go-ahead-test-in-production/
24. 24/81
Staging
Staging 環境必須與 Production 環境幾乎
相同,這十分困難,否則測試就不準了。
Trying to mirror your staging
environment to production is a fool’s
errand. Just give up.
嘗試將 Staging 視為 Production 是一個愚蠢的事。放棄吧。
Partial Credit: https://thenewstack.io/honeycombs-charity-majors-go-ahead-test-in-production/
36. 36/81
Code Operate
Continuous Integration / 持續整合
Continuous Delivery / 持續交付
Continuous Deployment / 持續部署
DevOps / SRE
Commit Dev Test Staging Test Deploy Prod
Continuous Deployment
Local Dev Staging Prod
Environments
Chaos
37. 37/81
Only Feature FlagNo Deploy (artifact)
No Staging
No QA / CI
No Visible container
No Test Locally
Only Code CommitNo Acceptance
38. Cost in Time
hours
mins ~ hour
secs
~
mins
Applicability
2%
8%
90%
Toggle
Feature Flag
ReDeploy
Previous Version
Rollback
Revert Commit
Incident Recovery
39. 39/81
Feature Flag
01 所有程式皆為部署,並可控制開關,減少整合問題
All code is deployed, but control exposure, reduces integration issue.
02 控制細緻度可至特定人層級或是開發分支
Flags provide runtime control down to individual user.
03 開發者可以增加或刪除功能,無需再次部署
Users can be added or removed with no redeployment
04 暗啟動
Enables dark launch
Credit: Progressive Deployment, Experimentation, Multitenancy, No Downtime, Cloud Security (2018-02-23).pdf
Image Credit: https://opensource.com/article/18/2/feature-flags-ring-deployment-model
40. 40/81
Feature Flag
01 提交程式至主幹可能會影響其他功能
Commit code on trunk may affects other features.
02 未完成的功能可能也會部署,如果配置有誤可能將未完成的功能開啟
Unfinished features may be deployed, and turned on if the configuration is incorrect.
Image Credit: https://opensource.com/article/18/2/feature-flags-ring-deployment-model
41. 41/81
Only Feature Flag
Only Progressive Deployment
No Deploy (artifact)
No Staging
No QA / CI
No Visible container
No Test Locally
Only Code CommitNo Acceptance
42. 42/81
Only Feature Flag
Only Progressive Deployment
Only Observability
No Deploy (artifact)
No Staging
No QA / CI
No Visible container
No Test Locally
Only Code CommitNo Acceptance
43. 43/81
Only Feature Flag
Only Progressive Deployment
And Test in Production
Only Observability
No Deploy (artifact)
No Staging
No QA / CI
No Visible container
No Test Locally
Only Code CommitNo Acceptance
51. 51/81
Only Feature Flag
Only Progressive Deployment
And Test in Production
Only Observability
No ACCEPTANCE
No Deploy (artifact)
No Staging
No QA / CI
No Visible container
No Test Locally
Only Code Commit
56. 56/81
How do you
go fast
And
zero downtime
Font Credit: https://www.dafont.com/theme.php?cat=109 (Defused)
57. 57/81
Your aim won’t be perfect,
control over the blast radius.
你的瞄準並不完美,
請控制好爆炸半徑。
Image Credit: https://www.behance.net/gallery/57558081/FREE-BUSINESS-ICONS
Progressive Deployment
79. 79/81
Only Feature Flag
Only Progressive Deployment
And Test in Production
Only Observability
No ACCEPTANCE
No Deploy (artifact)
No Staging
No QA / CI
No Visible container
No Test Locally
Only Code Commit