SlideShare a Scribd company logo

Seven Deadly Saves To Security With Integrations

S
SBWebinars

As software increasingly plays a critical role in how leaders run businesses, we are seeing that organizations want more software produced faster while at the same time protecting themselves against cyber attackers who are finding software a more attractive target to explore. For security professionals, this expanded and more complex threat landscape requires taking on a new defensive approach that is different from the traditional playbook they have been following. For developers, this simply means that their jobs are changing. The need to get software out the door faster has led to a shift to DevSecOps – where software ships quickly and incrementally, and where both teams address security and operational concerns early and often.

Technology
1 of 29
Download to read offline
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.1 DEVSECOPS
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.2 Who are we? Tim Jarrett (@tojarrett) • Over 20 years in software: development, project management, product management & strategy • At Veracode since 2008 • Grammy award winner, Bacon number of 3 Diptesh Shah • Over 15 years experience as a developer and engineering leader • At Veracode since 2017 • Recent Winter Olympics “swept” me into Curling
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.3 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Why appsec integrations?
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.4 • Continuous Delivery • Shorten feedback loops • Learn quickly DevSecOps: the end of manual security?
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.5 Fix earlier = fix cheaper 0 20 40 60 80 100 120 Design Implementation Testing Maintenance Source: IBM,based on Boehm, 1981/2001
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.6 Avoid rework Code Ship Discover issue Fix and ship again Development process – current state Code Discover issue Fix issue Ship Development process with integrations
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.7 Avoid context switching
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.8 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.9 DevSecOps – Follow the Code
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.10 Code phase 1 Develop 2 Check in Team processes (build, test, agile planning)
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.11 Build phase 1 Get latest check-ins from source control 2 Build and Run Tests Test Failures 3 Stage/ Deploy
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.12 Deploy and Production phase Deployment pipeline Stage/ Deploy Monitor for Incidents Scan for issues in production
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.13 Different development methodologies = different integration approaches Waterfall Agile DevOps 1-4 Releases Per Year 12-24 Releases Per Year 100+ Releases Per Year 50+ people 6-12 people 6-12 people
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.14 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog (tickets) Waterfall to agile: “build and test” Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 3a Manual Testing*
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.15 CI CD 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog DevOps: Protect the Pipeline Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.16 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.17 Veracode Integrations Team Focused on delivering integration capabilities with the Veracode platform that enable development teams to “shift security left” and make the idea of “DevSecOps” a reality. • 12 person team; geographically distributed • Responsible for 20+ applications & supporting modules • 75 releases in 2017 (on pace for 144 releases in 2018) • SAFe / Agile Scrum • DevSecOps (evolution continues) • Vested interest in achieving our mission!!
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.18 In The Beginning 3 Build 4 Static Analysis 5 Security Results 2 Check in 1 Develop Backlog Scheduled Build Nightly/ weekly
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.19 Initially Fast Forward to Now Empower Developers – IDE Integration 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1a Greenlight Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.20 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assessment – Build Server Integration 6 Static Analysis Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis Security Results 7
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.21 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Issue Tracking Nightly/ weekly Scheduled Build 1a Greenlight Static Analysis 6 Static Analysis 5 Build 7 Synchronize
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.22 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assurance – Fail the Build Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.23 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis Manual acceptance testing, move to stage, move to prod
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.24 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance – End Goal Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.25 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Making it happen
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.26 Relationships • Who is your peer in development / security? • Do you meet with them? • Do you understand each others’ goals? • Are you sympathetic to each others struggles?
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.27 Accountability • Shared between development and security • Part of annual goals for both teams • Measured and reported regularly
© 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.28 Plan Code Build Test Stage Deploy Monitor Shift Left & Monitor Dynamic Application Security Testing Runtime Application Self Protection Open Source Risk MonitoringStatic Application Security Testing + 3rd Party Risk Analysis Training (eLearning, instructor led, metadata driven) Manual Penetration Testing Red Team Activities Remediation and Mitigation Guidance Secure Code Reviews Threat Modeling Security Grooming Secure Design
© 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.29 © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES. Questions? @tojarrett

Recommended

Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
CA Technologies
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future Possibilities
TechWell
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
TechWell
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous Inspection
Josh Gough
 
Leading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the TrenchesLeading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the Trenches
DevOps.com
 
Testing in a DevOps team
Testing in a DevOps teamTesting in a DevOps team
Testing in a DevOps team
Laurent PY
 
Continuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and MilestonesContinuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and Milestones
DevOps.com
 
DevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente RotterdamDevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente Rotterdam
Miel Donkers
 

Recommended

Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
Moving to Open-Source Tools - How to Increase Performance Test Coverage Throu...
CA Technologies
 
Testing in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future PossibilitiesTesting in an Agile World: The Current State and Future Possibilities
Testing in an Agile World: The Current State and Future Possibilities
TechWell
 
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, CheaperTesting in a Continuous Delivery Pipeline: Faster, Better, Cheaper
Testing in a Continuous Delivery Pipeline: Faster, Better, Cheaper
TechWell
 
Software Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous InspectionSoftware Defect Prevention via Continuous Inspection
Software Defect Prevention via Continuous Inspection
Josh Gough
 
Leading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the TrenchesLeading the Transformation: Stories from the Trenches
Leading the Transformation: Stories from the Trenches
DevOps.com
 
Testing in a DevOps team
Testing in a DevOps teamTesting in a DevOps team
Testing in a DevOps team
Laurent PY
 
Continuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and MilestonesContinuous Delivery Pipelines: Metrics, Myths, and Milestones
Continuous Delivery Pipelines: Metrics, Myths, and Milestones
DevOps.com
 
DevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente RotterdamDevOps presentation at gemeente Rotterdam
DevOps presentation at gemeente Rotterdam
Miel Donkers
 
DevOps+ to Leverage Software Development
DevOps+ to Leverage Software DevelopmentDevOps+ to Leverage Software Development
DevOps+ to Leverage Software Development
DOCOMO Innovations, Inc.
 
Angelique henry performance non regression
Angelique henry performance non regressionAngelique henry performance non regression
Angelique henry performance non regression
🎸 Angélique Jard 🎸
 
Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing
SOASTA
 
How to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsHow to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business Terms
Ethan Ram
 
How a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryHow a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous Delivery
XebiaLabs
 
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalAgile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Xebia IT Architects
 
Performance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsPerformance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps Environments
TechWell
 
Agile Load Testing In The Real World
Agile Load Testing In The Real WorldAgile Load Testing In The Real World
Agile Load Testing In The Real World
SOASTA
 
Testing in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionTesting in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detection
Michael Palotas
 
Solve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsSolve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOps
Josiah Renaudin
 
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Serena Software
 
ApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apex
Vamshidhar Gandham
 
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
Jennifer Finney
 
Requirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project EnvironmentRequirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project Environment
Association for Project Management
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi
AgileSparks
 
Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018
DevOps.com
 
ITIL® Release, Control and Validation
ITIL® Release, Control and ValidationITIL® Release, Control and Validation
ITIL® Release, Control and Validation
mitchell burner
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & Agile
Sai Jithesh ☁️
 
What's the State of Agile Software Development?
What's the State of Agile Software Development?What's the State of Agile Software Development?
What's the State of Agile Software Development?
VersionOne
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the Cloud
SOASTA
 
Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
Rocket Software
 
Extend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITExtend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid IT
DevOps.com
 

More Related Content

What's hot

DevOps+ to Leverage Software Development
DevOps+ to Leverage Software DevelopmentDevOps+ to Leverage Software Development
DevOps+ to Leverage Software Development
DOCOMO Innovations, Inc.
 
Angelique henry performance non regression
Angelique henry performance non regressionAngelique henry performance non regression
Angelique henry performance non regression
🎸 Angélique Jard 🎸
 
Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing
SOASTA
 
How to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsHow to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business Terms
Ethan Ram
 
How a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryHow a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous Delivery
XebiaLabs
 
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalAgile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Xebia IT Architects
 
Performance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsPerformance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps Environments
TechWell
 
Agile Load Testing In The Real World
Agile Load Testing In The Real WorldAgile Load Testing In The Real World
Agile Load Testing In The Real World
SOASTA
 
Testing in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionTesting in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detection
Michael Palotas
 
Solve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsSolve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOps
Josiah Renaudin
 
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Serena Software
 
ApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apex
Vamshidhar Gandham
 
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
Jennifer Finney
 
Requirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project EnvironmentRequirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project Environment
Association for Project Management
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi
AgileSparks
 
Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018
DevOps.com
 
ITIL® Release, Control and Validation
ITIL® Release, Control and ValidationITIL® Release, Control and Validation
ITIL® Release, Control and Validation
mitchell burner
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & Agile
Sai Jithesh ☁️
 
What's the State of Agile Software Development?
What's the State of Agile Software Development?What's the State of Agile Software Development?
What's the State of Agile Software Development?
VersionOne
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the Cloud
SOASTA
 

What's hot (20)

DevOps+ to Leverage Software Development
DevOps+ to Leverage Software DevelopmentDevOps+ to Leverage Software Development
DevOps+ to Leverage Software Development
 
Angelique henry performance non regression
Angelique henry performance non regressionAngelique henry performance non regression
Angelique henry performance non regression
 
Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing Get Ready for Changes To Load Testing
Get Ready for Changes To Load Testing
 
How to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business TermsHow to Measure Agility Project Success in Business Terms
How to Measure Agility Project Success in Business Terms
 
How a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryHow a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous Delivery
 
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek AgrawalAgile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
Agile vs Waterfall From A Tester's Eyes by Shweta Parashar & Abhishek Agrawal
 
Performance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps EnvironmentsPerformance Testing in Agile and DevOps Environments
Performance Testing in Agile and DevOps Environments
 
Agile Load Testing In The Real World
Agile Load Testing In The Real WorldAgile Load Testing In The Real World
Agile Load Testing In The Real World
 
Testing in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detectionTesting in the new world-bug prevention vs. bug detection
Testing in the new world-bug prevention vs. bug detection
 
Solve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOpsSolve Everyday IT Problems with DevOps
Solve Everyday IT Problems with DevOps
 
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
Micro Focus DevOps Drive-in with Gary Gruver - Starting and Scaling DevOps in...
 
ApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apexApexUnit: Open source test framework for apex
ApexUnit: Open source test framework for apex
 
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
How To Introduce Cloud Based Load Testing to Your Jenkins Continuous Delivery...
 
Requirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project EnvironmentRequirements Management applied in an agile Project Environment
Requirements Management applied in an agile Project Environment
 
Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi Augury's Journey Towards CD by Assaf Mizrachi
Augury's Journey Towards CD by Assaf Mizrachi
 
Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018Top 5 Considerations for DevOps Success in 2018
Top 5 Considerations for DevOps Success in 2018
 
ITIL® Release, Control and Validation
ITIL® Release, Control and ValidationITIL® Release, Control and Validation
ITIL® Release, Control and Validation
 
Salesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & AgileSalesforce – Proven Platform Development with DevOps & Agile
Salesforce – Proven Platform Development with DevOps & Agile
 
What's the State of Agile Software Development?
What's the State of Agile Software Development?What's the State of Agile Software Development?
What's the State of Agile Software Development?
 
Testing In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the CloudTesting In Production (TiP) Advances with Big Data & the Cloud
Testing In Production (TiP) Advances with Big Data & the Cloud
 

Similar to Seven Deadly Saves To Security With Integrations

Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
Rocket Software
 
Extend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITExtend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid IT
DevOps.com
 
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG EnterpriseA Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
eG Innovations
 
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
CA Technologies
 
Components of CI/CD in DevOps
Components of CI/CD in DevOpsComponents of CI/CD in DevOps
Components of CI/CD in DevOps
sunil173422
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
DevOps.com
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
RapidValue
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
CA Technologies
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
Deborah Schalm
 
DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017
Jouni Jätyri
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security Coverage
DevOps.com
 
Developing a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDeveloping a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps Success
DevOps.com
 
This is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy WebinarThis is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy Webinar
Antoine Craske
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Amazon Web Services
 
Agile and Stage-Gate - Getting it Right
Agile and Stage-Gate - Getting it RightAgile and Stage-Gate - Getting it Right
Agile and Stage-Gate - Getting it Right
Stage-Gate International
 
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
eG Innovations
 
Case Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation JourneyCase Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
CA Technologies
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous Testing
TechWell
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
DevOps.com
 

Similar to Seven Deadly Saves To Security With Integrations (20)

Implementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software QualityImplementing Continuous Integration to Improve Software Quality
Implementing Continuous Integration to Improve Software Quality
 
Extend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid ITExtend Agile and DevOps Practices Across Hybrid IT
Extend Agile and DevOps Practices Across Hybrid IT
 
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG EnterpriseA Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
A Deep Dive Into Comprehensive Citrix & VDI Monitoring with eG Enterprise
 
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
Case Study: Citrix Adopts DevOps Principles to Gain Efficiency and Speed Soft...
 
Components of CI/CD in DevOps
Components of CI/CD in DevOpsComponents of CI/CD in DevOps
Components of CI/CD in DevOps
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
 
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
Continuous Delivery Pipeline in the Cloud – How to Achieve Continous Everything
 
Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack Full Spectrum Engineering – The New Full-stack
Full Spectrum Engineering – The New Full-stack
 
DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017DevOps at TestausOSY 20june2017
DevOps at TestausOSY 20june2017
 
Shifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security CoverageShifting Left…AND Right to Ensure Full Application Security Coverage
Shifting Left…AND Right to Ensure Full Application Security Coverage
 
Developing a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps SuccessDeveloping a Testing Strategy for DevOps Success
Developing a Testing Strategy for DevOps Success
 
This is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy WebinarThis is How We Accelerate with Quality Engineering - Codacy Webinar
This is How We Accelerate with Quality Engineering - Codacy Webinar
 
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
Advanced Continuous Delivery Best Practices (DEV317-R1) - AWS re:Invent 2018
 
Agile and Stage-Gate - Getting it Right
Agile and Stage-Gate - Getting it RightAgile and Stage-Gate - Getting it Right
Agile and Stage-Gate - Getting it Right
 
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
Enterprise Monitoring 2018: Converged Application & Infrastructure Monitoring...
 
Case Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation JourneyCase Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
Case Study: SunTrust’s Next Gen QA and Release Services Transformation Journey
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous Testing
 
Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator Software Quality as a Competitive Differentiator
Software Quality as a Competitive Differentiator
 

More from SBWebinars

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside Out
SBWebinars
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
SBWebinars
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
SBWebinars
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application Security
SBWebinars
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply Chain
SBWebinars
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
SBWebinars
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
SBWebinars
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
SBWebinars
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
SBWebinars
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need Them
SBWebinars
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
 

More from SBWebinars (20)

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside Out
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application Security
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply Chain
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
 
Top 10 Threats to Cloud Security
Top 10 Threats to Cloud SecurityTop 10 Threats to Cloud Security
Top 10 Threats to Cloud Security
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need Them
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
 

Recently uploaded

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
alexjohnson7307
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 

Recently uploaded (20)

Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 

Seven Deadly Saves To Security With Integrations

  • 1. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.1 DEVSECOPS
  • 2. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.2 Who are we? Tim Jarrett (@tojarrett) • Over 20 years in software: development, project management, product management & strategy • At Veracode since 2008 • Grammy award winner, Bacon number of 3 Diptesh Shah • Over 15 years experience as a developer and engineering leader • At Veracode since 2017 • Recent Winter Olympics “swept” me into Curling
  • 3. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.3 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Why appsec integrations?
  • 4. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.4 • Continuous Delivery • Shorten feedback loops • Learn quickly DevSecOps: the end of manual security?
  • 5. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.5 Fix earlier = fix cheaper 0 20 40 60 80 100 120 Design Implementation Testing Maintenance Source: IBM,based on Boehm, 1981/2001
  • 6. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.6 Avoid rework Code Ship Discover issue Fix and ship again Development process – current state Code Discover issue Fix issue Ship Development process with integrations
  • 7. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.7 Avoid context switching
  • 8. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.8 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
  • 9. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.9 DevSecOps – Follow the Code
  • 10. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.10 Code phase 1 Develop 2 Check in Team processes (build, test, agile planning)
  • 11. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.11 Build phase 1 Get latest check-ins from source control 2 Build and Run Tests Test Failures 3 Stage/ Deploy
  • 12. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.12 Deploy and Production phase Deployment pipeline Stage/ Deploy Monitor for Incidents Scan for issues in production
  • 13. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.13 Different development methodologies = different integration approaches Waterfall Agile DevOps 1-4 Releases Per Year 12-24 Releases Per Year 100+ Releases Per Year 50+ people 6-12 people 6-12 people
  • 14. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.14 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog (tickets) Waterfall to agile: “build and test” Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 3a Manual Testing*
  • 15. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.15 CI CD 1 Develop 4 Check in Static Analysis 3 Build & Test 2 Backlog DevOps: Protect the Pipeline Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Static Analysis
  • 16. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.16 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES
  • 17. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.17 Veracode Integrations Team Focused on delivering integration capabilities with the Veracode platform that enable development teams to “shift security left” and make the idea of “DevSecOps” a reality. • 12 person team; geographically distributed • Responsible for 20+ applications & supporting modules • 75 releases in 2017 (on pace for 144 releases in 2018) • SAFe / Agile Scrum • DevSecOps (evolution continues) • Vested interest in achieving our mission!!
  • 18. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.18 In The Beginning 3 Build 4 Static Analysis 5 Security Results 2 Check in 1 Develop Backlog Scheduled Build Nightly/ weekly
  • 19. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.19 Initially Fast Forward to Now Empower Developers – IDE Integration 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 1a Greenlight Static Analysis
  • 20. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.20 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assessment – Build Server Integration 6 Static Analysis Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis Security Results 7
  • 21. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.21 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Issue Tracking Nightly/ weekly Scheduled Build 1a Greenlight Static Analysis 6 Static Analysis 5 Build 7 Synchronize
  • 22. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.22 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Automated Assurance – Fail the Build Pass? 7 Synchronize No Yes 6 Static Analysis 6 Unit Tests Manual acceptance testing, move to stage, move to prod Nightly/ weekly 5 Build Scheduled Build 1a Greenlight Static Analysis
  • 23. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.23 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis Manual acceptance testing, move to stage, move to prod
  • 24. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.24 CI CD 1 Develop 4 Check in Sandbox Static Analysis 3 Build & Test 2 Continued Assurance – End Goal Pass? 7 Synchronize No Yes 7 Deploy to QA/Stage 6 Static Analysis 6 Unit Tests 8 Dynamic Analysis 8 Regression Testing Pass? Yes Stage then Prod Per Check-in 5 Build CI/CD Pipeline 1a Greenlight Static Analysis
  • 25. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.25 © 2017 VERACODE INC. ACQUIRED BY CA TECHNOLOGIES Making it happen
  • 26. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.26 Relationships • Who is your peer in development / security? • Do you meet with them? • Do you understand each others’ goals? • Are you sympathetic to each others struggles?
  • 27. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.27 Accountability • Shared between development and security • Part of annual goals for both teams • Measured and reported regularly
  • 28. © 2018 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.28 Plan Code Build Test Stage Deploy Monitor Shift Left & Monitor Dynamic Application Security Testing Runtime Application Self Protection Open Source Risk MonitoringStatic Application Security Testing + 3rd Party Risk Analysis Training (eLearning, instructor led, metadata driven) Manual Penetration Testing Red Team Activities Remediation and Mitigation Guidance Secure Code Reviews Threat Modeling Security Grooming Secure Design
  • 29. © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES.29 © 2017 VERACODE INC. A BUSINESS UNIT OF CA TECHNOLOGIES. Questions? @tojarrett