SlideShare a Scribd company logo

Security and Data Breach

•
•
DevOps Indonesia
DevOps Indonesia

Security and Data Breach by Bobby Limitra

Technology
1 of 25
Download to read offline
PAGE1 DEVOPS INDONESIA PAGE 1 Bobby Limitra Solutions Engineer, F5 Jakarta, 10 Juni 2020 Security and Data Breach
Security and Data Breach What & How it Happened? How to Mitigate? Bobby Limitra Solutions Engineer, F5 Networks
“Data Breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so”
Source: Verizon 2020 DBIR
| ©2019 F5​5 CONFIDENTIAL Data Breach: What Tactics are Utilized? Verizon 2020 DBIR
| ©2019 F5​6 CONFIDENTIAL Top Hacking Varieties & Vectors in Breaches
Data Breaches In the last 8 years more than 7.1 billion identities have been exposed in data breaches 70 MILLION accounts 427 MILLION accounts 150 MILLION accounts 3 BILLION accounts 117 MILLION accounts 1. Symantec Internet Security Threat Report, April 2017 2. https://www.entrepreneur.com/article/246902# Nearly 3 out of 4 consumers use duplicate passwords, many of which have not been changed in five years or more. 3 out of 4
| ©2019 F5​8 https://haveibeenpwned.com
USERNAME Credit Card Data USERNAME Intellectual Property USERNAME Healthcare Data USERNAME Passport Data USERNAME Financial Data USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME Credentials from Previous Breaches
• Educate employees / customers and boost security awareness • Bot detection & prevention • Design your login form so that it is impossible for the attacker’s bot to recognize the fields • Use multifactor authentication • Monitor for failed authentication attempt
• Formjacking uses code injected by an attacker to siphon payment card information from an online form and deliver it to the attacker • The recent rise of formjacking indicates that any organization that accepts payment card information over the web is going to have their shopping cart targeted, regardless of sector
Confidential / / Part of F5 Formjacking / Magecart https://cdn.appdynamics.com/adrum/adrum-latest.js https://cdn.gladly.com/assets/chat-sdk/fece5b8abfb/main.js https://cdn.krxd.net/ctjs/controltag.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js https://connect.facebook.net/en_US/fbevents.js https://d1fc8wv8zag5ca.cloudfront.net/2.10.2/sp.js https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js https://fullstory.com/s/fs.js https://js.stripe.com/v2/ https://s.btstatic.com/tag.js https://secure.flyr.io/v3/js/flyr.js https://tag.bounceexchange.com/1907/i.js https://uwhfgjlv.micpn.com/p/js/1.js https://vt.myvisualiq.net/2/tDogjioRT72xXtfNK23F7A%3D%3D/vt-77.js Typical Add Payment page loads JS from a dozen sources
Confidential / / Part of F5 Magecart on British Airways (facing US$230M fine) SOURCE: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ Compromised file: https://www.britishairways.com/cms/global/scripts/lib/modernizr-2.6.2.min.js
• Injection Detection • Inventory • Patching • Scanning • Change Control • Multi-Factor Authentication (MFA) • Web Application Firewall (WAF) • Server Tools (e.g: CSP, SRI) • Monitor (for newly registered domains and certificates of your brand)
• DevOps adoption is increasing, but Security typically remain afterthoughts. • Security has largely been divorced from software development. Security in DevOps ?
| ©2019 F5​17 Cultural shift In a DevOps mentality, security is everybody’s RESPONSIBILITY. FROM TO A shift away from security is the TRAFFIC COP / GATEKEEPER mentality.
| ©2018 F5 NETWORKS​18 Collaborative Model Development Operations Security • Avoid security at the end • Greater collaboration with security “in the room” at the beginning. • Move to a risk based model rather than being a traffic cop. • Collaboration brings understanding. • Understanding shapes how we react.
| ©2018 F5 NETWORKS​19 The DevSecOps way Business Requirement New Code ProductionTesting Security SHIFT LEFT Risk based security as part of normal business. Develop initial sprint with security in mind Deploy to production with regular security reviews Test security in an automated way Shifting left refers to moving security earlier in the development process. This means that security becomes everyone’s responsibility. It also denotes a move to a risk based approach as opposed to a traffic cop approach. It is not just about the speed, but also the safety The earlier that security requirements can be addressed in the Software Development Lifecycle, the lower the cost and impact.
| ©2019 F5​20 Wrap Up: DevSecOps Principles ​Breaking down the silos ​Shifting Left ​Nurturing security champions ​Continuous Testing/Test automation ​Making the secure path the easy path
| ©2019 F5​21 Join us virtually for ASEAN CES 2020! SIGN UP AT: GO.F5.NET/ASEANCES ​Join industry-leading experts in multi-cloud application and gain insights on developing and delivering a modern apps architecture leveraging APIs, DevOps, SRE and Microservices!
| ©2019 F5​22 Connect with us! JOIN IN THE CONVERSATION ON SOCIAL MEDIA CONFIDENTIAL STATE OF APPLICATION SERVICES, 2020 Find us on Facebook @f5asiapacific Add us on LinkedIn F5 Follow us on Twitter @F5_AsiaPacific
PAGE24 DEVOPS INDONESIA Stay Connected @devopsindonesia http://www.devopsindonesia.com @IDDevOps @DevOpsIndonesia @IDDevOps DevOps Indonesia
PAGE25 DEVOPS INDONESIA Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson

Recommended

Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"
Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"
Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"DevOps Indonesia
 
Modern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API FriendlyModern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API FriendlyDevOps Indonesia
 
When Automation Keeps Your T-shirt Clean
When Automation Keeps Your T-shirt CleanWhen Automation Keeps Your T-shirt Clean
When Automation Keeps Your T-shirt CleanDevOps Indonesia
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 
Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?eG Innovations
 
Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...
Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...
Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...eG Innovations
 
Best Practices for Troubleshooting Four Real-world Java Performance Issues
Best Practices for Troubleshooting Four Real-world Java Performance IssuesBest Practices for Troubleshooting Four Real-world Java Performance Issues
Best Practices for Troubleshooting Four Real-world Java Performance IssueseG Innovations
 
How to monitor all aspects of Citrix NetScaler usage and performance within t...
How to monitor all aspects of Citrix NetScaler usage and performance within t...How to monitor all aspects of Citrix NetScaler usage and performance within t...
How to monitor all aspects of Citrix NetScaler usage and performance within t...eG Innovations
 

Recommended

Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"
Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"
Digital Transformation in Infrastructure "NetOps in The Era of Modern IT"DevOps Indonesia
 
Modern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API FriendlyModern App Architecture - Microservices, API Friendly
Modern App Architecture - Microservices, API FriendlyDevOps Indonesia
 
When Automation Keeps Your T-shirt Clean
When Automation Keeps Your T-shirt CleanWhen Automation Keeps Your T-shirt Clean
When Automation Keeps Your T-shirt CleanDevOps Indonesia
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 
Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?Microsoft, Citrix and SCOM: EOL or a New Beginning ?
Microsoft, Citrix and SCOM: EOL or a New Beginning ?eG Innovations
 
Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...
Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...
Best Practices for Troubleshooting Slow Citrix Logon and Ensuring Excellent U...eG Innovations
 
Best Practices for Troubleshooting Four Real-world Java Performance Issues
Best Practices for Troubleshooting Four Real-world Java Performance IssuesBest Practices for Troubleshooting Four Real-world Java Performance Issues
Best Practices for Troubleshooting Four Real-world Java Performance IssueseG Innovations
 
How to monitor all aspects of Citrix NetScaler usage and performance within t...
How to monitor all aspects of Citrix NetScaler usage and performance within t...How to monitor all aspects of Citrix NetScaler usage and performance within t...
How to monitor all aspects of Citrix NetScaler usage and performance within t...eG Innovations
 
Managing Citrix Digital Business Services Performance - Make your first Impre...
Managing Citrix Digital Business Services Performance - Make your first Impre...Managing Citrix Digital Business Services Performance - Make your first Impre...
Managing Citrix Digital Business Services Performance - Make your first Impre...eG Innovations
 
eG Innovations
eG InnovationseG Innovations
eG Innovationsjanejarvella
 
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...Matthew Skelton
 
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell... Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...John Williams
 
Digital Workspaces and the Customer Experience
Digital Workspaces and the Customer ExperienceDigital Workspaces and the Customer Experience
Digital Workspaces and the Customer ExperienceeG Innovations
 
Citrix troubleshooting 101
Citrix troubleshooting 101Citrix troubleshooting 101
Citrix troubleshooting 101eG Innovations
 
DevOps Indonesia #14 - Building monitoring framework on container infrastructure
DevOps Indonesia #14 - Building monitoring framework on container infrastructureDevOps Indonesia #14 - Building monitoring framework on container infrastructure
DevOps Indonesia #14 - Building monitoring framework on container infrastructureDevOps Indonesia
 
2018 Citrix Migration Survey - Industry Insights
2018 Citrix Migration Survey - Industry Insights2018 Citrix Migration Survey - Industry Insights
2018 Citrix Migration Survey - Industry InsightseG Innovations
 
Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?eG Innovations
 
Citrix Troubleshooting 101
Citrix Troubleshooting 101Citrix Troubleshooting 101
Citrix Troubleshooting 101eG Innovations
 
Measure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityMeasure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityDevOps.com
 
The Complete User Experience Monitoring Solution - eG Enterprise v7
The Complete User Experience Monitoring Solution - eG Enterprise v7The Complete User Experience Monitoring Solution - eG Enterprise v7
The Complete User Experience Monitoring Solution - eG Enterprise v7eG Innovations
 
Akant_Kukreja
Akant_KukrejaAkant_Kukreja
Akant_KukrejaAkant Kukreja
 
Securing Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionSecuring Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionLumension
 
How to Get the Fastest Possible Citrix Logon Times?
How to Get the Fastest Possible Citrix Logon Times?How to Get the Fastest Possible Citrix Logon Times?
How to Get the Fastest Possible Citrix Logon Times?eG Innovations
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Flexera
 
How to Deliver an Exceptional End User Experience in your Citrix Environment
How to Deliver an Exceptional End User Experience in your Citrix EnvironmentHow to Deliver an Exceptional End User Experience in your Citrix Environment
How to Deliver an Exceptional End User Experience in your Citrix EnvironmenteG Innovations
 
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktop
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktopeG Enterprise Logon Simulator for Citrix XenApp & XenDesktop
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktopeG Innovations
 
Role of dev ops in it consulting
Role of dev ops in it consultingRole of dev ops in it consulting
Role of dev ops in it consultingImpressico Business Solutions
 
How to consolidate Citrix Monitoring in a Single Pane of Glass
How to consolidate Citrix Monitoring in a Single Pane of GlassHow to consolidate Citrix Monitoring in a Single Pane of Glass
How to consolidate Citrix Monitoring in a Single Pane of GlasseG Innovations
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 

More Related Content

What's hot

Managing Citrix Digital Business Services Performance - Make your first Impre...
Managing Citrix Digital Business Services Performance - Make your first Impre...Managing Citrix Digital Business Services Performance - Make your first Impre...
Managing Citrix Digital Business Services Performance - Make your first Impre...eG Innovations
 
eG Innovations
eG InnovationseG Innovations
eG Innovationsjanejarvella
 
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...Matthew Skelton
 
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell... Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...John Williams
 
Digital Workspaces and the Customer Experience
Digital Workspaces and the Customer ExperienceDigital Workspaces and the Customer Experience
Digital Workspaces and the Customer ExperienceeG Innovations
 
Citrix troubleshooting 101
Citrix troubleshooting 101Citrix troubleshooting 101
Citrix troubleshooting 101eG Innovations
 
DevOps Indonesia #14 - Building monitoring framework on container infrastructure
DevOps Indonesia #14 - Building monitoring framework on container infrastructureDevOps Indonesia #14 - Building monitoring framework on container infrastructure
DevOps Indonesia #14 - Building monitoring framework on container infrastructureDevOps Indonesia
 
2018 Citrix Migration Survey - Industry Insights
2018 Citrix Migration Survey - Industry Insights2018 Citrix Migration Survey - Industry Insights
2018 Citrix Migration Survey - Industry InsightseG Innovations
 
Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?eG Innovations
 
Citrix Troubleshooting 101
Citrix Troubleshooting 101Citrix Troubleshooting 101
Citrix Troubleshooting 101eG Innovations
 
Measure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityMeasure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityDevOps.com
 
The Complete User Experience Monitoring Solution - eG Enterprise v7
The Complete User Experience Monitoring Solution - eG Enterprise v7The Complete User Experience Monitoring Solution - eG Enterprise v7
The Complete User Experience Monitoring Solution - eG Enterprise v7eG Innovations
 
Securing Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionSecuring Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionLumension
 
How to Get the Fastest Possible Citrix Logon Times?
How to Get the Fastest Possible Citrix Logon Times?How to Get the Fastest Possible Citrix Logon Times?
How to Get the Fastest Possible Citrix Logon Times?eG Innovations
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Flexera
 
How to Deliver an Exceptional End User Experience in your Citrix Environment
How to Deliver an Exceptional End User Experience in your Citrix EnvironmentHow to Deliver an Exceptional End User Experience in your Citrix Environment
How to Deliver an Exceptional End User Experience in your Citrix EnvironmenteG Innovations
 
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktop
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktopeG Enterprise Logon Simulator for Citrix XenApp & XenDesktop
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktopeG Innovations
 
How to consolidate Citrix Monitoring in a Single Pane of Glass
How to consolidate Citrix Monitoring in a Single Pane of GlassHow to consolidate Citrix Monitoring in a Single Pane of Glass
How to consolidate Citrix Monitoring in a Single Pane of GlasseG Innovations
 

What's hot (20)

Managing Citrix Digital Business Services Performance - Make your first Impre...
Managing Citrix Digital Business Services Performance - Make your first Impre...Managing Citrix Digital Business Services Performance - Make your first Impre...
Managing Citrix Digital Business Services Performance - Make your first Impre...
 
eG Innovations
eG InnovationseG Innovations
eG Innovations
 
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...
Practical operability techniques for teams - Matthew Skelton - Conflux - Cont...
 
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell... Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
Delivering Java Applications? Ensure Top Performance Every Time, with Intell...
 
Digital Workspaces and the Customer Experience
Digital Workspaces and the Customer ExperienceDigital Workspaces and the Customer Experience
Digital Workspaces and the Customer Experience
 
Citrix troubleshooting 101
Citrix troubleshooting 101Citrix troubleshooting 101
Citrix troubleshooting 101
 
DevOps Indonesia #14 - Building monitoring framework on container infrastructure
DevOps Indonesia #14 - Building monitoring framework on container infrastructureDevOps Indonesia #14 - Building monitoring framework on container infrastructure
DevOps Indonesia #14 - Building monitoring framework on container infrastructure
 
2018 Citrix Migration Survey - Industry Insights
2018 Citrix Migration Survey - Industry Insights2018 Citrix Migration Survey - Industry Insights
2018 Citrix Migration Survey - Industry Insights
 
Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?
 
Citrix Troubleshooting 101
Citrix Troubleshooting 101Citrix Troubleshooting 101
Citrix Troubleshooting 101
 
Measure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service ObservabilityMeasure Customer Value with Self-Service Observability
Measure Customer Value with Self-Service Observability
 
The Complete User Experience Monitoring Solution - eG Enterprise v7
The Complete User Experience Monitoring Solution - eG Enterprise v7The Complete User Experience Monitoring Solution - eG Enterprise v7
The Complete User Experience Monitoring Solution - eG Enterprise v7
 
Akant_Kukreja
Akant_KukrejaAkant_Kukreja
Akant_Kukreja
 
Securing Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data ProtectionSecuring Your Infrastructure: Identity Management and Data Protection
Securing Your Infrastructure: Identity Management and Data Protection
 
How to Get the Fastest Possible Citrix Logon Times?
How to Get the Fastest Possible Citrix Logon Times?How to Get the Fastest Possible Citrix Logon Times?
How to Get the Fastest Possible Citrix Logon Times?
 
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
Windows 10 webinar: What’s new for IT pros Windows 10 v 1709
 
How to Deliver an Exceptional End User Experience in your Citrix Environment
How to Deliver an Exceptional End User Experience in your Citrix EnvironmentHow to Deliver an Exceptional End User Experience in your Citrix Environment
How to Deliver an Exceptional End User Experience in your Citrix Environment
 
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktop
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktopeG Enterprise Logon Simulator for Citrix XenApp & XenDesktop
eG Enterprise Logon Simulator for Citrix XenApp & XenDesktop
 
Role of dev ops in it consulting
Role of dev ops in it consultingRole of dev ops in it consulting
Role of dev ops in it consulting
 
How to consolidate Citrix Monitoring in a Single Pane of Glass
How to consolidate Citrix Monitoring in a Single Pane of GlassHow to consolidate Citrix Monitoring in a Single Pane of Glass
How to consolidate Citrix Monitoring in a Single Pane of Glass
 

Similar to Security and Data Breach

Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxYoisRoberthTapiadeLa
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxVictoriaChavesta
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualVMware Tanzu
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacksAppSense
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7Mark Interrante
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXNGINX, Inc.
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev opsTom Stiehm
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceTom Stiehm
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Software Integrity Group
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfSolviosTechnology
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Troy Marshall
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti
 

Similar to Security and Data Breach (20)

Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Fortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptxFortify-Application_Security_Foundation_Training.pptx
Fortify-Application_Security_Foundation_Training.pptx
 
Security in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty MutualSecurity in the Hybrid Cloud at Liberty Mutual
Security in the Hybrid Cloud at Liberty Mutual
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Protecting endpoints from targeted attacks
Protecting endpoints from targeted attacksProtecting endpoints from targeted attacks
Protecting endpoints from targeted attacks
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINXShift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Top 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdfTop 6 Web Application Security Best Practices.pdf
Top 6 Web Application Security Best Practices.pdf
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
Secure Digital Transformation- Cybersecurity Skills for a Safe Journey to Dev...
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec StakeholdersIvanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
Ivanti Webinar - How to Win Budget and Influence Non-InfoSec Stakeholders
 

More from DevOps Indonesia

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8sDevOps Indonesia
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systemsDevOps Indonesia
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDevOps Indonesia
 
Securing DevOps Lifecycle
Securing DevOps LifecycleSecuring DevOps Lifecycle
Securing DevOps LifecycleDevOps Indonesia
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Indonesia
 
Secure your Application with Google cloud armor
Secure your Application with Google cloud armorSecure your Application with Google cloud armor
Secure your Application with Google cloud armorDevOps Indonesia
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS CopilotDevOps Indonesia
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusContinuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusDevOps Indonesia
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps Indonesia
 
Securing Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsSecuring Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsDevOps Indonesia
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsDevOps Indonesia
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingDevOps Indonesia
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsDevOps Indonesia
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoDevOps Indonesia
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingDevOps Indonesia
 

More from DevOps Indonesia (20)

DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation Journey
 
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
DevOps Indonesia X Palo Alto and Dkatalis Roadshow to DevOpsDays Jakarta 2022
 
Securing an NGINX deployment for K8s
Securing an NGINX deployment for K8sSecuring an NGINX deployment for K8s
Securing an NGINX deployment for K8s
 
Observability in highly distributed systems
Observability in highly distributed systemsObservability in highly distributed systems
Observability in highly distributed systems
 
DevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcementDevOps Indonesia Meetup #52 - announcement
DevOps Indonesia Meetup #52 - announcement
 
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - AnnouncementDev ops meetup 51 : Securing DevOps Lifecycle - Announcement
Dev ops meetup 51 : Securing DevOps Lifecycle - Announcement
 
Securing DevOps Lifecycle
Securing DevOps LifecycleSecuring DevOps Lifecycle
Securing DevOps Lifecycle
 
DevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - AnnouncementDevOps Meetup 50 : Securing your Application - Announcement
DevOps Meetup 50 : Securing your Application - Announcement
 
Secure your Application with Google cloud armor
Secure your Application with Google cloud armorSecure your Application with Google cloud armor
Secure your Application with Google cloud armor
 
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps IndonesiaDevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
DevOps Meetup 49 Aws Copilot and Gitops - announcement by DevOps Indonesia
 
Operate Containers with AWS Copilot
Operate Containers with AWS CopilotOperate Containers with AWS Copilot
Operate Containers with AWS Copilot
 
Continuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barusContinuously Deploy Your CDK Application by Petra novandi barus
Continuously Deploy Your CDK Application by Petra novandi barus
 
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
DevOps indonesia (online) meetup 46 aws with payfazz in devops indonesia - a...
 
Securing Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB CredentialsSecuring Your Database Dynamic DB Credentials
Securing Your Database Dynamic DB Credentials
 
DevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - AnnouncementDevOps Indonesia (online) meetup 45 - Announcement
DevOps Indonesia (online) meetup 45 - Announcement
 
The Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOpsThe Death and Rise of Enterprise DevOps
The Death and Rise of Enterprise DevOps
 
API Security Webinar - Credential Stuffing
API Security Webinar - Credential StuffingAPI Security Webinar - Credential Stuffing
API Security Webinar - Credential Stuffing
 
API Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIsAPI Security Webinar - Security Guidelines for Providing and Consuming APIs
API Security Webinar - Security Guidelines for Providing and Consuming APIs
 
API Security Webinar - Hendra Tanto
API Security Webinar - Hendra TantoAPI Security Webinar - Hendra Tanto
API Security Webinar - Hendra Tanto
 
API Security Webinar : Credential Stuffing
API Security Webinar : Credential StuffingAPI Security Webinar : Credential Stuffing
API Security Webinar : Credential Stuffing
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Security and Data Breach

  • 1. PAGE1 DEVOPS INDONESIA PAGE 1 Bobby Limitra Solutions Engineer, F5 Jakarta, 10 Juni 2020 Security and Data Breach
  • 2. Security and Data Breach What & How it Happened? How to Mitigate? Bobby Limitra Solutions Engineer, F5 Networks
  • 3. “Data Breach is a security violation in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so”
  • 5. | ©2019 F5​5 CONFIDENTIAL Data Breach: What Tactics are Utilized? Verizon 2020 DBIR
  • 6. | ©2019 F5​6 CONFIDENTIAL Top Hacking Varieties & Vectors in Breaches
  • 7. Data Breaches In the last 8 years more than 7.1 billion identities have been exposed in data breaches 70 MILLION accounts 427 MILLION accounts 150 MILLION accounts 3 BILLION accounts 117 MILLION accounts 1. Symantec Internet Security Threat Report, April 2017 2. https://www.entrepreneur.com/article/246902# Nearly 3 out of 4 consumers use duplicate passwords, many of which have not been changed in five years or more. 3 out of 4
  • 9. USERNAME Credit Card Data USERNAME Intellectual Property USERNAME Healthcare Data USERNAME Passport Data USERNAME Financial Data USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME USERNAME Credentials from Previous Breaches
  • 10. • Educate employees / customers and boost security awareness • Bot detection & prevention • Design your login form so that it is impossible for the attacker’s bot to recognize the fields • Use multifactor authentication • Monitor for failed authentication attempt
  • 11. • Formjacking uses code injected by an attacker to siphon payment card information from an online form and deliver it to the attacker • The recent rise of formjacking indicates that any organization that accepts payment card information over the web is going to have their shopping cart targeted, regardless of sector
  • 12. Confidential / / Part of F5 Formjacking / Magecart https://cdn.appdynamics.com/adrum/adrum-latest.js https://cdn.gladly.com/assets/chat-sdk/fece5b8abfb/main.js https://cdn.krxd.net/ctjs/controltag.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js https://connect.facebook.net/en_US/fbevents.js https://d1fc8wv8zag5ca.cloudfront.net/2.10.2/sp.js https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js https://fullstory.com/s/fs.js https://js.stripe.com/v2/ https://s.btstatic.com/tag.js https://secure.flyr.io/v3/js/flyr.js https://tag.bounceexchange.com/1907/i.js https://uwhfgjlv.micpn.com/p/js/1.js https://vt.myvisualiq.net/2/tDogjioRT72xXtfNK23F7A%3D%3D/vt-77.js Typical Add Payment page loads JS from a dozen sources
  • 13. Confidential / / Part of F5 Magecart on British Airways (facing US$230M fine) SOURCE: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/ Compromised file: https://www.britishairways.com/cms/global/scripts/lib/modernizr-2.6.2.min.js
  • 14. • Injection Detection • Inventory • Patching • Scanning • Change Control • Multi-Factor Authentication (MFA) • Web Application Firewall (WAF) • Server Tools (e.g: CSP, SRI) • Monitor (for newly registered domains and certificates of your brand)
  • 15.
  • 16. • DevOps adoption is increasing, but Security typically remain afterthoughts. • Security has largely been divorced from software development. Security in DevOps ?
  • 17. | ©2019 F5​17 Cultural shift In a DevOps mentality, security is everybody’s RESPONSIBILITY. FROM TO A shift away from security is the TRAFFIC COP / GATEKEEPER mentality.
  • 18. | ©2018 F5 NETWORKS​18 Collaborative Model Development Operations Security • Avoid security at the end • Greater collaboration with security “in the room” at the beginning. • Move to a risk based model rather than being a traffic cop. • Collaboration brings understanding. • Understanding shapes how we react.
  • 19. | ©2018 F5 NETWORKS​19 The DevSecOps way Business Requirement New Code ProductionTesting Security SHIFT LEFT Risk based security as part of normal business. Develop initial sprint with security in mind Deploy to production with regular security reviews Test security in an automated way Shifting left refers to moving security earlier in the development process. This means that security becomes everyone’s responsibility. It also denotes a move to a risk based approach as opposed to a traffic cop approach. It is not just about the speed, but also the safety The earlier that security requirements can be addressed in the Software Development Lifecycle, the lower the cost and impact.
  • 20. | ©2019 F5​20 Wrap Up: DevSecOps Principles ​Breaking down the silos ​Shifting Left ​Nurturing security champions ​Continuous Testing/Test automation ​Making the secure path the easy path
  • 21. | ©2019 F5​21 Join us virtually for ASEAN CES 2020! SIGN UP AT: GO.F5.NET/ASEANCES ​Join industry-leading experts in multi-cloud application and gain insights on developing and delivering a modern apps architecture leveraging APIs, DevOps, SRE and Microservices!
  • 22. | ©2019 F5​22 Connect with us! JOIN IN THE CONVERSATION ON SOCIAL MEDIA CONFIDENTIAL STATE OF APPLICATION SERVICES, 2020 Find us on Facebook @f5asiapacific Add us on LinkedIn F5 Follow us on Twitter @F5_AsiaPacific
  • 23.
  • 25. PAGE25 DEVOPS INDONESIA Alone We are smart, together We are brilliant THANK YOU ! Quote by Steve Anderson