SlideShare a Scribd company logo

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

Tom Stiehm
Tom Stiehm

DevSecOps adds on the DevOps by making Application Security part of the daily workflow of the team in order to improve the quality and security of a product. Shift AppSec practices left is the key enabler to making AppSec a first-class citizen in the development effort rather than an afterthought with limited ability to be successful.

Technology
1 of 19
Download to read offline
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 1@ThomasStiehm #valleytechcon Agility. Security. Delivered. Shifting Security Left The Innovation of DevSecOps Tom Stiehm @ThomasStiehm
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 2@ThomasStiehm #valleytechcon About Coveros • Services • Agile Transformations & Coaching • Agile Software Development • Agile Testing & Automation • DevOps Implementations • DevSecOps Integrations • Agile, DevOps, DevSecOps Security, Testing Training • Open Source Products • SecureCI – DevSecOps toolchain • Selenified – Agile test framework Coveros helps organizations accelerate software delivery using agile and DevOps methods 2
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 3@ThomasStiehm #valleytechcon Shifting Security Left •Shifting Left is taking a practice or process done late in development and doing it earlier. •Shifting Security Left is doing security testing, analysis, and remediation during development, iteratively. Usually automating data collection to make it faster and cheaper. •The net result is making security practices part of the daily workflow of the development team.
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 4@ThomasStiehm #valleytechcon Why Shift Security Left? Application Security is hard, error prone, and expensive. It is often made harder by trying to shoehorn it into the end of a release. Shifting Left allows the teams to deal with security issues early and often: •Reducing Risk •Reducing Cost •Leads to fewer errors •Results in fewer security compromises
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 5@ThomasStiehm #valleytechcon How DevSecOps builds on DevOps DevSecOps is a practice that rose from DevOps that includes information technology security as a fundamental aspect in all the stages of software development. -- Wikipedia DevSecOps builds on DevOps by leveraging collaboration and feedback to address security concerns throughout the software development life cycle.
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 6@ThomasStiehm #valleytechcon Why should you care about security? To reduce the likelihood of becoming the next:
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 7@ThomasStiehm #valleytechcon Security before the code is written Be proactive: •Architect and design security in from the start based on threat analysis. •Include security in your pipeline from the start. •Take time to analyze and remediate AppSec findings. Why? •Your software has security defects in it. •Testing security into software at the end doesn’t work. •Relying on network and OS security to protect applications doesn’t work. •Ignoring security concerns doesn’t work.
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 8@ThomasStiehm #valleytechcon Legacy Security Practices The Focus is on testing at the end.
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 9@ThomasStiehm #valleytechcon Shifting Left includes reacting to the feedback on a regular basis. Security Practices in DevSecOps
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 10@ThomasStiehm #valleytechcon Where to Start •SAST - Start with Static Application Security Testing •Quick to integration into a build pipeline •Leverages existing CI/CD assets •SCA - Install Software Composition Analysis •Expand existing CI/CD processes to scan your application dependencies •DAST - Next integrate Dynamic Application Security Testing •Could be as simple as adding a DAST proxy to your existing automated or manual testing environment •Expand into using the automated aspects of DAST tools
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 11@ThomasStiehm #valleytechcon What to do next •Security Testing – Testing the security features of your software •Security Test Automation - Using test automation tools like Selenium or Cucumber •Penetration Testing – Human beings evaluating the security of your software with the aid of tools •Threat Analysis – Understand who will attack you, why, and how •Infrastructure Analysis Scanning & Testing – Securing your OS and Server Software
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 12@ThomasStiehm #valleytechcon Advanced DevSecOps Techniques •IAST - Interactive Application Security Testing is technique for detecting security vulnerabilities in a running application •RASP - Runtime Application Self-Protection building on the same technology base as IAST by providing a facility to react to a detected vulnerability as it is exploited, e.g. terminating the session •HAST - Hybrid Application Security Testing uses DAST with IAST to find vulnerabilities
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 13@ThomasStiehm #valleytechcon Operational Security •Security Information and Event Management (SIEM) •Infrastructure Analysis Scanning & Testing •Encrypting Data at Rest •Encrypting Data in all Network Channels
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 14@ThomasStiehm #valleytechcon Secure practices in a pipeline
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 15@ThomasStiehm #valleytechcon Culture Shift Goal Mindset: “Everyone is responsible for security.” Three things to try when changing culture: 1. Build a Knowledge base 2. Promote Openness 3. Create Cybersecurity Champions Need to experiment to find what works for your specific organization.
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 16@ThomasStiehm #valleytechcon DevSecOps Benefits •Faster vulnerability detection and mitigation •Always-known security posture •Less security-based risk •Smaller chance of getting exploited •Reduced cost of fixing AppSec bugs •Avoidance of publicity for getting pwned •Able to recover from security incidents faster
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 17@ThomasStiehm #valleytechcon Wrap UP #Coveros5 •Starting to Shift Left is more important then what practices you start with •Greenfield start with Threat Analysis and build security in •Legacy or brownfield start with SAST (or SCA or DAST) •Iteratively add more security practices into your process •Iteratively add more security to your build pipeline
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 18@ThomasStiehm #valleytechcon Periodic Table of DevOps Tools En Os Fm Os Pd Pd Fm En En En Fm Os En Os Pd Os Fm Fm Fm Fm Pd En En Os Fr Os Fr Os Pd Fr Fr Fr Os Fm Fm Fr Os Fm Os En Fm Fm Pd Pd En En Fm En En En Os Fm En Fr Os Os Os Os En En En Fm En Os En En Os En En Os Pd Os Os En Os Os En En Pd En Fm Fm Pd Pd Pd En Os En Pd Pd Fm Os Fm En Fm Pd Pd En Pd Os Os En En Os Fm Fm Pd Pd Os Os En Os Os Fm En En Pd Os Os En 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 3 4 5 6 7 8 9 10 1 2 11 12 13 14 15 16 17 18 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 Cw Sv Gh Gl At Nx Bb Dp Db Dt Rg Fw Pf Jn Ba Tr Cr Cs Vs Tc Cb XLi Sw Fn Se Ga Cu Ki Jr Ju Jm Tn Mc Nr Tl Ka Ja Tt Lo Dt Sk Su Sl Pe Mf Dd St Ch An Pu Sa Ad Cn Tf Ru Pa Ce El Ry XLd Oc Cd Eb Ni Ac Ud Go Ec Ca Zb Og Ku Dk XLr Ms Ra De Zn Pd Cc Ur Aws Gke Aks Ae Cx Sn Pr Af Az Om Rk Cf Sg Tw Al Ld Gc Cp Sp Hm Bd Ck Os Ic Op Cy Ir Aw Sr Vc Ps Fd Sg Sp It Mg Ls Hv Ff GitLab GitHub Subversion ISPW Artifactory Nexus BitBucket Datical DBMaestro Delphix Redgate Flyway Perforce FitNesse Selenium Gatling Cucumber Kibana Jira JUnit JMeter TestNG Mocha Trello New Relic Karma Jasmine Tricentis Tosca Locust.io Slack Dynatrace SoapUI Sauce Labs Perfecto Micro Focus UFT Stride Datadog Chef Ansible Puppet Salt CollabNet VersionOne AppDynamics Terraform Rudder Packer CFEngine Remedy ElasticSearch XebiaLabs XL Deploy Octopus Deploy AWS CodeDeploy ElasticBox Nagios Agile Central UrbanCode Deploy GoCD ElectricCloud CA Automic Zabbix OpsGenie Kubernetes Mesos Rancher Docker Enterprise Docker XebiaLabs XL Release Zenoss Pagerduty CA CD Director GKE AKS AWS ECS UrbanCode Release AWS Checkmarx SAST Snort Plutora Release OpenMake Rkt Codefresh Azure Functions Azure Signal Sciences Tripwire Alibaba Cloud AWS CodePipeline Spinnaker Helm Lambda Google Cloud BlackDuck CyberArk OpenStack Cloud Foundry Iron.io Apache OpenWhisk IBM Cloud OpenShift SonarQube Veracode Fluentd Prometheus Sumo Logic Splunk ITRS Moogsoft Logstash HashiCorp Vault Fortify SCA Jenkins Bamboo Travis CI Circle CI Codeship VSTS TeamCity AWS CodeBuild XebiaLabs XL Impact ServiceNow Deployment AIOps Cloud Release Orchestration Containers Configuration Testing Continuous Integration Database Automation Source Control Mgmt. Collaboration Security Monitoring AnalyticsOs Open Source Fr Free Fm Freemium Pd Paid En Enterprise PERIODIC TABLE OF DEVOPS TOOLS (V3) https://xebialabs.com/periodic-table-of-devops-tools/
© COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 19@ThomasStiehm #valleytechcon Questions? @thomasstiehm • Join me on the TechWell Hub • https://hub.techwell.com/ • #devops

Recommended

2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introductionStefan Streichsbier
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 

Recommended

2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
Shift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowShift Left Security - The What, Why and How
Shift Left Security - The What, Why and HowDevOps.com
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsSetu Parimi
 
DevSecOps Implementation Journey
DevSecOps Implementation JourneyDevSecOps Implementation Journey
DevSecOps Implementation JourneyDevOps Indonesia
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..DevOps to DevSecOps Journey..
DevOps to DevSecOps Journey..Siddharth Joshi
 
DevSecOps Singapore introduction
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introductionStefan Streichsbier
 
DevSecOps in Baby Steps
DevSecOps in Baby StepsDevSecOps in Baby Steps
DevSecOps in Baby StepsPriyanka Aash
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseTonex
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsTomas Honzak
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructureSynergetics Learning and Cloud Consulting
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOpsAmazon Web Services
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
GitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesGitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesVolodymyr Shynkar
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptxMohammadSaif904342
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitWeaveworks
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOpsAmazon Web Services
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Securityn|u - The Open Security Community
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOpsDevOps Indonesia
 
"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "Innovation Roots
 
Shifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCShifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCTom Stiehm
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceTom Stiehm
 

More Related Content

What's hot

DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseTonex
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOpsCYBRIC
 
GitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesGitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesVolodymyr Shynkar
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left SecurityBATbern
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitWeaveworks
 

What's hot (20)

DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps CourseDevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps Infrastructure
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdf
 
Implementing DevSecOps
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
How to Get Started with DevSecOps
How to Get Started with DevSecOpsHow to Get Started with DevSecOps
How to Get Started with DevSecOps
 
GitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with KubernetesGitOps is the best modern practice for CD with Kubernetes
GitOps is the best modern practice for CD with Kubernetes
 
DEVSECOPS.pptx
DEVSECOPS.pptxDEVSECOPS.pptx
DEVSECOPS.pptx
 
Shift Left Security
Shift Left SecurityShift Left Security
Shift Left Security
 
The Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps ToolkitThe Power of GitOps with Flux & GitOps Toolkit
The Power of GitOps with Flux & GitOps Toolkit
 
Introduction to DevSecOps
Introduction to DevSecOpsIntroduction to DevSecOps
Introduction to DevSecOps
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "
 

Similar to Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

Shifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCShifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCTom Stiehm
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceTom Stiehm
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev opsTom Stiehm
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineTechWell
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOpsGene Gotimer
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationDenim Group
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Amazon Web Services
 
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019 It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019 Amazon Web Services
 
How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program Denim Group
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineGene Gotimer
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Software Integrity Group
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...IBM Security
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 

Similar to Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon (20)

Shifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDCShifting Security Left - The Innovation of DevSecOps - AgileDC
Shifting Security Left - The Innovation of DevSecOps - AgileDC
 
Shifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 ConferenceShifting Security Left from the Lean+Agile 2019 Conference
Shifting Security Left from the Lean+Agile 2019 Conference
 
Shifting security all day dev ops
Shifting security all day dev opsShifting security all day dev ops
Shifting security all day dev ops
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
A Definition of Done for DevSecOps
A Definition of Done for DevSecOpsA Definition of Done for DevSecOps
A Definition of Done for DevSecOps
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation AppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
AppSec in a World of Digital Transformation
AppSec in a World of Digital TransformationAppSec in a World of Digital Transformation
AppSec in a World of Digital Transformation
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
Innovating Government: Building a Culture of DevSecOps for Rapid and Secure M...
 
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019 It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
It’s in my backlog: The truth behind DevSecOps - FND217 - AWS re:Inforce 2019
 
How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program How to Integrate AppSec Testing into your DevOps Program
How to Integrate AppSec Testing into your DevOps Program
 
Add Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery PipelineAdd Security Testing Tools to Your Delivery Pipeline
Add Security Testing Tools to Your Delivery Pipeline
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...Protecting Mission-Critical Source Code from Application Security Vulnerabili...
Protecting Mission-Critical Source Code from Application Security Vulnerabili...
 
Security and Data Breach
Security and Data BreachSecurity and Data Breach
Security and Data Breach
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...Enabling Developers in Your Application Security Program With Coverity and Th...
Enabling Developers in Your Application Security Program With Coverity and Th...
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 

Recently uploaded

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 

Recently uploaded (20)

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 

Shifting Security Left - The Innovation of DevSecOps - ValleyTechCon

  • 1. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 1@ThomasStiehm #valleytechcon Agility. Security. Delivered. Shifting Security Left The Innovation of DevSecOps Tom Stiehm @ThomasStiehm
  • 2. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 2@ThomasStiehm #valleytechcon About Coveros • Services • Agile Transformations & Coaching • Agile Software Development • Agile Testing & Automation • DevOps Implementations • DevSecOps Integrations • Agile, DevOps, DevSecOps Security, Testing Training • Open Source Products • SecureCI – DevSecOps toolchain • Selenified – Agile test framework Coveros helps organizations accelerate software delivery using agile and DevOps methods 2
  • 3. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 3@ThomasStiehm #valleytechcon Shifting Security Left •Shifting Left is taking a practice or process done late in development and doing it earlier. •Shifting Security Left is doing security testing, analysis, and remediation during development, iteratively. Usually automating data collection to make it faster and cheaper. •The net result is making security practices part of the daily workflow of the development team.
  • 4. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 4@ThomasStiehm #valleytechcon Why Shift Security Left? Application Security is hard, error prone, and expensive. It is often made harder by trying to shoehorn it into the end of a release. Shifting Left allows the teams to deal with security issues early and often: •Reducing Risk •Reducing Cost •Leads to fewer errors •Results in fewer security compromises
  • 5. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 5@ThomasStiehm #valleytechcon How DevSecOps builds on DevOps DevSecOps is a practice that rose from DevOps that includes information technology security as a fundamental aspect in all the stages of software development. -- Wikipedia DevSecOps builds on DevOps by leveraging collaboration and feedback to address security concerns throughout the software development life cycle.
  • 6. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 6@ThomasStiehm #valleytechcon Why should you care about security? To reduce the likelihood of becoming the next:
  • 7. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 7@ThomasStiehm #valleytechcon Security before the code is written Be proactive: •Architect and design security in from the start based on threat analysis. •Include security in your pipeline from the start. •Take time to analyze and remediate AppSec findings. Why? •Your software has security defects in it. •Testing security into software at the end doesn’t work. •Relying on network and OS security to protect applications doesn’t work. •Ignoring security concerns doesn’t work.
  • 8. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 8@ThomasStiehm #valleytechcon Legacy Security Practices The Focus is on testing at the end.
  • 9. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 9@ThomasStiehm #valleytechcon Shifting Left includes reacting to the feedback on a regular basis. Security Practices in DevSecOps
  • 10. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 10@ThomasStiehm #valleytechcon Where to Start •SAST - Start with Static Application Security Testing •Quick to integration into a build pipeline •Leverages existing CI/CD assets •SCA - Install Software Composition Analysis •Expand existing CI/CD processes to scan your application dependencies •DAST - Next integrate Dynamic Application Security Testing •Could be as simple as adding a DAST proxy to your existing automated or manual testing environment •Expand into using the automated aspects of DAST tools
  • 11. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 11@ThomasStiehm #valleytechcon What to do next •Security Testing – Testing the security features of your software •Security Test Automation - Using test automation tools like Selenium or Cucumber •Penetration Testing – Human beings evaluating the security of your software with the aid of tools •Threat Analysis – Understand who will attack you, why, and how •Infrastructure Analysis Scanning & Testing – Securing your OS and Server Software
  • 12. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 12@ThomasStiehm #valleytechcon Advanced DevSecOps Techniques •IAST - Interactive Application Security Testing is technique for detecting security vulnerabilities in a running application •RASP - Runtime Application Self-Protection building on the same technology base as IAST by providing a facility to react to a detected vulnerability as it is exploited, e.g. terminating the session •HAST - Hybrid Application Security Testing uses DAST with IAST to find vulnerabilities
  • 13. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 13@ThomasStiehm #valleytechcon Operational Security •Security Information and Event Management (SIEM) •Infrastructure Analysis Scanning & Testing •Encrypting Data at Rest •Encrypting Data in all Network Channels
  • 14. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 14@ThomasStiehm #valleytechcon Secure practices in a pipeline
  • 15. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 15@ThomasStiehm #valleytechcon Culture Shift Goal Mindset: “Everyone is responsible for security.” Three things to try when changing culture: 1. Build a Knowledge base 2. Promote Openness 3. Create Cybersecurity Champions Need to experiment to find what works for your specific organization.
  • 16. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 16@ThomasStiehm #valleytechcon DevSecOps Benefits •Faster vulnerability detection and mitigation •Always-known security posture •Less security-based risk •Smaller chance of getting exploited •Reduced cost of fixing AppSec bugs •Avoidance of publicity for getting pwned •Able to recover from security incidents faster
  • 17. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 17@ThomasStiehm #valleytechcon Wrap UP #Coveros5 •Starting to Shift Left is more important then what practices you start with •Greenfield start with Threat Analysis and build security in •Legacy or brownfield start with SAST (or SCA or DAST) •Iteratively add more security practices into your process •Iteratively add more security to your build pipeline
  • 18. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 18@ThomasStiehm #valleytechcon Periodic Table of DevOps Tools En Os Fm Os Pd Pd Fm En En En Fm Os En Os Pd Os Fm Fm Fm Fm Pd En En Os Fr Os Fr Os Pd Fr Fr Fr Os Fm Fm Fr Os Fm Os En Fm Fm Pd Pd En En Fm En En En Os Fm En Fr Os Os Os Os En En En Fm En Os En En Os En En Os Pd Os Os En Os Os En En Pd En Fm Fm Pd Pd Pd En Os En Pd Pd Fm Os Fm En Fm Pd Pd En Pd Os Os En En Os Fm Fm Pd Pd Os Os En Os Os Fm En En Pd Os Os En 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 3 4 5 6 7 8 9 10 1 2 11 12 13 14 15 16 17 18 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 Cw Sv Gh Gl At Nx Bb Dp Db Dt Rg Fw Pf Jn Ba Tr Cr Cs Vs Tc Cb XLi Sw Fn Se Ga Cu Ki Jr Ju Jm Tn Mc Nr Tl Ka Ja Tt Lo Dt Sk Su Sl Pe Mf Dd St Ch An Pu Sa Ad Cn Tf Ru Pa Ce El Ry XLd Oc Cd Eb Ni Ac Ud Go Ec Ca Zb Og Ku Dk XLr Ms Ra De Zn Pd Cc Ur Aws Gke Aks Ae Cx Sn Pr Af Az Om Rk Cf Sg Tw Al Ld Gc Cp Sp Hm Bd Ck Os Ic Op Cy Ir Aw Sr Vc Ps Fd Sg Sp It Mg Ls Hv Ff GitLab GitHub Subversion ISPW Artifactory Nexus BitBucket Datical DBMaestro Delphix Redgate Flyway Perforce FitNesse Selenium Gatling Cucumber Kibana Jira JUnit JMeter TestNG Mocha Trello New Relic Karma Jasmine Tricentis Tosca Locust.io Slack Dynatrace SoapUI Sauce Labs Perfecto Micro Focus UFT Stride Datadog Chef Ansible Puppet Salt CollabNet VersionOne AppDynamics Terraform Rudder Packer CFEngine Remedy ElasticSearch XebiaLabs XL Deploy Octopus Deploy AWS CodeDeploy ElasticBox Nagios Agile Central UrbanCode Deploy GoCD ElectricCloud CA Automic Zabbix OpsGenie Kubernetes Mesos Rancher Docker Enterprise Docker XebiaLabs XL Release Zenoss Pagerduty CA CD Director GKE AKS AWS ECS UrbanCode Release AWS Checkmarx SAST Snort Plutora Release OpenMake Rkt Codefresh Azure Functions Azure Signal Sciences Tripwire Alibaba Cloud AWS CodePipeline Spinnaker Helm Lambda Google Cloud BlackDuck CyberArk OpenStack Cloud Foundry Iron.io Apache OpenWhisk IBM Cloud OpenShift SonarQube Veracode Fluentd Prometheus Sumo Logic Splunk ITRS Moogsoft Logstash HashiCorp Vault Fortify SCA Jenkins Bamboo Travis CI Circle CI Codeship VSTS TeamCity AWS CodeBuild XebiaLabs XL Impact ServiceNow Deployment AIOps Cloud Release Orchestration Containers Configuration Testing Continuous Integration Database Automation Source Control Mgmt. Collaboration Security Monitoring AnalyticsOs Open Source Fr Free Fm Freemium Pd Paid En Enterprise PERIODIC TABLE OF DEVOPS TOOLS (V3) https://xebialabs.com/periodic-table-of-devops-tools/
  • 19. © COPYRIGHT 2019 COVEROS, INC. ALL RIGHTS RESERVED. 19@ThomasStiehm #valleytechcon Questions? @thomasstiehm • Join me on the TechWell Hub • https://hub.techwell.com/ • #devops