SlideShare a Scribd company logo
SESSION ID:
#RSAC
James Wickett
THE EMERGENT CLOUD
SECURITY TOOLCHAIN FOR CI/CD
CSV-T07
Head of Research
Signal Sciences
@wickett
#RSAC
@WICKETT
@WICKETT
Head of Research @ Signal Sciences
Organizer of DevOps Days Austin
lynda.com author on DevOps and Security
Courses
Blog at theagileadmin.com and
labs.signalsciences.com
@WICKETT
#RSAC
@WICKETT
Get the slides now!
james@signalsciences.com
#RSAC
@WICKETT
Questions on my Mind
Can Security as an Industry Rise to the
Demands of DevOps?
Is the DevOps culture able to handle security
and all of our baggage?
Will security destroy the DevOps Culture?
#RSAC
@WICKETT
SECURITY IS IN CRISIS
#RSAC
@WICKETT
This may be hard to see at RSA,
all looks well and good
#RSAC
@WICKETT
Companies are spending a great deal on
security, but we read of massive computer-
related attacks. Clearly something is wrong.
The root of the problem is twofold:
we’re protecting the wrong things,
and we’re hurting productivity in the process.
THINKING SECURITY, STEVEN M. BELLOVIN 2015
@WICKETT
#RSAC
@WICKETT
[Security by risk assessment]
introduces a dangerous fallacy: that
structured inadequacy is almost as
good as adequacy and that
underfunded security efforts plus risk
management are about as good as
properly funded security work
#RSAC
@WICKETT
many security teams work
with a worldview where their
goal is to inhibit change as
much as possible
#RSAC
@WICKETT
“SECURITY PREFERS A SYSTEM POWERED
OFF AND UNPLUGGED”
- DEVELOPER
#RSAC
@WICKETT
“…THOSE STUPID DEVELOPERS”
- SECURITY PERSON
#RSAC
@WICKETT
Security must Change or Die
#RSAC
@WICKETT
#RSAC
@WICKETT
THE WORLD HAS CHANGED
@WICKETT
#RSAC
@WICKETT
Serverless encourages functions as
deploy units and run as one-time*,
read-only containers*, coupled with
third party services that allow running
end-to-end applications without
worrying about system operation.
* - yes, we know there is container reuse and writability
@WICKETT
VMsHardware Serverless
Inspiration from @adrianco
Waste
Value
#RSAC
@WICKETT
Read-only containers and
serverless shift the security story
to almost 100% application
security
#RSAC
@WICKETT
DEVSECOPS TO THE RESCUE!
#RSAC
@WICKETT
What is DevSecOps
#RSAC
@WICKETT
DevSecOps Deep Thoughts
@WICKETT
Maybe in order to understand devsecops, we have to
look at the word itself. Basically, it’s made up of three
separate words: de, vseco, and ps. What do these
words mean? It’s a mystery, and that’s why so is
devsecops.
- DevSecOps Deep Thoughts
@WICKETT
Whenever someone asks
me to define devsecops, I
usually think for a minute,
then I spin around and pin
the guy's arm behind his
back. NOW who's asking the
questions?
- DevSecOps Deep Thoughts
Shoutout to the @TheJewberwocky the original DevOps Deep Thoughts
@WICKETT
The original DevOps Deep Thoughts were
created by the hilarious and awesome Josh
Zimmerman (@TheJewberwocky) as Not Jack
Handey which is parody of Deep Thoughts by
Jack Handey.
These DevSecOps Deep Thoughts are not nearly
as funny nor deep, but hey what do you expect of
a parody of a parody?
@WICKETT
Many people don't realize that
playing dead can help not only
with bears, but also at
important business meetings.
- Jack Handey
#RSAC
@WICKETT
High performing orgs achieve
quality by incorporating security
(and security teams) into the
delivery process
2016 State of DevOps Report
#RSAC
@WICKETT
DevSecOps is a cultural
movement that furthers the
movements of Agile and DevOps
into Security
#RSAC
@WICKETT
CULTURE IS THE MOST IMPORTANT
ASPECT TO DEVOPS SUCCEEDING
IN THE ENTERPRISE
- PATRICK DEBOIS
#RSAC
@WICKETT
10:1
Dev:Ops
#RSAC
@WICKETT
100:10:1
Dev:Ops:Sec
@WICKETT
#RSAC
@WICKETT
4 Keys to Culture
Mutual Understanding
Shared Language
Shared Views
Collaborative Tooling
#RSAC
@WICKETT
A security team who embraces
openness about what it does and
why, spreads understanding.
- Rich Smith
#RSAC
@WICKETT
EMERGING PATTERNS FOR
SECURITY IN A CI/CD WORLD
@WICKETT
#RSAC
@WICKETT
 SECURITY TOOLCHAIN FOR CI/CD
#RSAC
@WICKETT
Software Delivery Pipeline
Develop Inherit Build Deploy Operate
@WICKETT
@WICKETT
The design and development of an application and its
features. Including all the development practices like version
control, sprint planning, unit-testing.
Develop Inherit Build Deploy Operate
@WICKETT
- Threat Modeling
- Security Stories
- Authentication to Push
- Development Standards
Develop Inherit Build Deploy Operate
Security Activities and Considerations
- Peer Review
- Static Code Analysis
- Unit Tests for Security
@WICKETT
- The Threat Modeling Book by Adam
Shostack
- OWASP App Threat Modeling Cheat Sheet
- Evil User Stories (link)
- OWASP Application Security Verification
Standard
- Mozilla Rapid Risk Assessment (link)
Develop Inherit Build Deploy Operate
Threat Modeling and Security Stories
@WICKETT
- Pre-commit Hooks for
Security
- Coding Standards (Security
and otherwise)
Develop Inherit Build Deploy Operate
Development Standards
- Peer Review
- Single Mainline Branch
- Linting and Code Hygiene
@WICKETT
- git-secrets Prevents you from committing
passwords and other sensitive information to
a git repository. From awslabs. (link)
- git-hound Hound is a Git plugin that helps
prevent sensitive data from being committed
into a repository by sniffing potential commits
against PCRE regular expressions. (link)
Develop Inherit Build Deploy Operate
Code Standards and Team Tooling
- gometalinter or whatever your language
of choice (this is a golang example, you
will need one for your language)
- gofmt formats the code automatically
and makes everything look the same,
easier for everyone to grok (again, this is
specific to lang)
@WICKETT
Develop Inherit Build Deploy Operate
Code Standards and Team Tooling is run on
developer laptops and systems, but verified
by CI system.
@WICKETT
- Not unfamiliar territory for
security!
- Static Application Security
Testing (SAST)
- IDE Plugin if Possible
Develop Inherit Build Deploy Operate
Static Code Analysis!
- Open Source: Brakeman
(Ruby), FindSecurityBugs (Java),
Phan (PHP), Go AST (golang)
- Paid: Brakeman Pro, Veracode,
Fortify, …
@WICKETT
- Unit Testing is the currency of Developers
- JUnit, Rspec, Testing (golang), ….
- Goal is to have security tests being written with other unit tests
or whatever testing patterns you use: TDD, BDD, ATDD, …
Develop Inherit Build Deploy Operate
Unit Testing for Security
@WICKETT
Are the developers testing for security locally before it gets to CI
system?
Do we practice good hygiene and coding practices?
Are we developing as a team in trunk with few branches?
Develop Inherit Build Deploy Operate
Questions to Ask
@WICKETT
This is an overlooked phase because it is the most invisible as
software dependencies get bundled in and inherited in our
own code and upstream.
Develop Inherit Build Deploy Operate
@WICKETT
Develop Inherit Build Deploy Operate
- This is your real LOC count!
- The Software Delivery Supply
Chain
- Publish a Bill of Materials and
trace back
Security Considerations
- This is not just application
dependencies and libraries,
but also OS-level (remember
shellshock, heartbleed, ..)
@WICKETT
Develop Inherit Build Deploy Operate
- bundler-audit - checks for vulnerable
versions of gems in your ruby code
(link)
- nsp - node security platform (link)
- Paid options: Sonatype, BlackDuck,
JFrog
Language Tooling
- Retire.js - known vuln JS libs (link)
@WICKETT
Develop Inherit Build Deploy Operate
- Over 30% of containers in
Docker Hub have high sev
vulns (source)
- Open Source: Docker Bench,
Clair
- Paid Options: aqua, twistlock
Containers!
@WICKETT
Develop Inherit Build Deploy Operate
What have I bundled into my app that is making vulnerable?
Am I publishing a Bill of Materials with my application?
Questions to Ask
@WICKETT
This phase is where the CI build system runs all the build
steps and does acceptance testing. Previous testing and
tooling gets verified here.
Develop Inherit Build Deploy Operate
@WICKETT
Develop Inherit Build Deploy Operate
- Outside-In Security Testing
- Infra as Code (Testing)
- Dynamic Application Security
Testing (DAST)
Security Considerations
- Compliance on every build!
- Cloud provider config as
code
- Using containers
@WICKETT
Develop Inherit Build Deploy Operate
- These all require tuning and can be
difficult to integrate into build
pipelines.
- Application Security scanners:
Nikto, Arachni, ZAP, sqlmap, xsser,
…
Dynamic Application Security Scanners
- Other - SSLyze, nmap,
ssh_scan
- See Kali Linux
- Paid: Qualys, AppScan,
BurpSuite, …
@WICKETT
The goal should be to come up with
a set of automated tests that probe
and check security configurations
and runtime system behavior for
security features that will execute
every time the system is built and
every time it is deployed.
@WICKETT
Framework with Security testing written in a natural
language that developers, security and operations can
understand.
Gauntlt wraps security testing tools but does not install tools
Gauntlt was built to be part of the CI/CD pipeline
Open source, MIT License,
gauntlt.org
@WICKETT
Gauntlt Example
#RSAC
@WICKETT
“We have saved millions of dollars
using Gauntlt for the largest
healthcare industry project.”
- Aaron Rinehart, UnitedHealthCare
@WICKETT
https://www.lynda.com/Software-Development-tutorials/Security-Testing/667367-2.html
A Whole Course on Security Testing with Gauntlt
@WICKETT
Develop Inherit Build Deploy Operate
- Test Kitchen - https://kitchen.ci/
- Serverspec - http://serverspec.org/
- Chef InSpec - Continuous
Compliance Testing (https://
www.chef.io/inspec/)
Infrastructure and Compliance
- Cloud Provider is
Infrastructure too
- Version and test Cloud
Config (e.g. CloudFormation
for AWS)
@WICKETT
Develop Inherit Build Deploy Operate
Am I testing for security low hanging fruit?
Am I arming my pipeline with attack tools to exercise my
application?
Have I validated the previous two phases of testing in secure
build environment?
Questions to Ask
@WICKETT
The phase where software moves from our testing to where
customers are able to operate it for the first time.
Develop Inherit Build Deploy Operate
@WICKETT
Develop Inherit Build Deploy Operate
- Watch out for Compliance
- Secrets Management
- Deploy Accountability
- Authorization and Logging
Security Considerations
- Monitoring Deploys
- Infra as Code (Execution)
- Repeatable Execution
#RSAC
@WICKETT
@WICKETT
#RSAC
@WICKETT
Currently, at Signal Sciences we do
about 15 deploys per day
#RSAC
@WICKETT
Roughly 10,000 deploys in the last 2.5
yrs
#RSAC
@WICKETT
CD is how little you can deploy at a time
#RSAC
@WICKETT
We optimized for cycle time—the time
from code commit to production
@WICKETT
[Deploys] can be treated as
standard or routine changes
that have been pre-approved
by management, and that
don’t require a heavyweight
change review meeting.
#RSAC
@WICKETT
Separation of Duties Considered Harmful
#RSAC
@WICKETT
https://cdn2.hubspot.net/hubfs/228391/Corporate/
DevOps_Audit_Defense_Toolkit_v1.0.pdf
Check out DevOps Audit
Defense Toolkit
@WICKETT
@WICKETT
Develop Inherit Build Deploy Operate
- Paid Cloud Config security:
Evident.io, ThreatStack,
AlienVault
- Cloud Provider: AWS
CloudTrail, Inspector, GuardDuty
Monitoring Cloud Config
@WICKETT
Develop Inherit Build Deploy Operate
What secrets are needed to move my application from
development into production?
Am I testing for Compliance on each and every deploy?
Is there a repeatable mechanism to push changes to
production?
Questions to Ask
@WICKETT
The runtime state of the application, where users interact with
or consume the application. Our application in production.
Develop Inherit Build Deploy Operate
@WICKETT
@WICKETT
Develop Inherit Build Deploy Operate
- Chaos Engineering and creating
stability through instability
- Circuit Break Pattern in use
- Instrumentation and
Visualization
Security Considerations
- Application security and
service abuse and misuse
- Bug Bounties
- Red Teaming as a Service
@WICKETT
@WICKETT
“every aspect of managing WAFs is an ongoing
process. This is the antithesis of set it and forget it
technology. That is the real point of this research.
To maximize value from your WAF you need to go
in with everyone’s eyes open to the effort required
to get and keep the WAF running productively.”
- WHITEPAPER FROM AN UNDISCLOSED WAF VENDOR
@WICKETT
Account takeover attempts
Areas of the site under attack
Most likely vectors of attack
Business logic flows
Abuse and Misuse signals
Detect what matters
@WICKETT
https://info.signalsciences.com/appsec-defense-needs-top-five
Free
Guidebook
on AppSec in
Modern Era
@WICKETT
Which is better application attack feedback?
@WICKETT
Develop Inherit Build Deploy Operate
- Open Source: modSecurity +
ELK To gain application insight
monitoring.
- Paid NGWAF / RASP Options:
Signal Sciences, Contrast, Prevoty
Runtime Defense Tooling
- Pro-tip: Avoid adding appsec
defense at the CDN
#RSAC
@WICKETT
Red Team Mondays at Intuit
Shannon Lietz
@WICKETT
Develop Inherit Build Deploy Operate
- Roll your own!
- Paid Options: HackerOne,
BugCrowd, Synack
Bug Bounties
@WICKETT
Develop Inherit Build Deploy Operate
- Log All The Things
- ELK Stack for Open Source
- Paid Options: Splunk,
SumoLogic
Logging Security Telemetry
@WICKETT
@WICKETT
Develop Inherit Build Deploy Operate
Do you know if you are under attack at this current moment?
Do you know what the attackers are going after?
Can I turn on and off services independently if being attacked?
Are we doing Chaos experiments?
Questions to Ask
#RSAC
@WICKETT
SECURITY’S NEW CORE IDEOLOGY
#RSAC
@WICKETT
The New Ways
Empathy and Enablement
Be Fast and Non-Blocking
Don’t slow delivery
Join with continuous testing efforts
Security testing automated in every phase
Penetration Testing alongside the Pipeline
Security provides value through making security normal
#RSAC
@WICKETT
Apply What You Have Learned Today
Next week you should:
Identify the who/where/what of your CI/CD Pipeline
In the first three months following this presentation you should:
Create a plan around the five phases and security tooling and practices
Implement 1-2 tools in the pipeline
Within six months you should:
Have security in all five phases of the pipeline
Answer the maturity questions for each phase
#RSAC
@WICKETT
Want the slides and
referenced links?
james@signalsciences.com

More Related Content

What's hot

Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 milliseconds
James Wickett
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
Uchit Vyas ☁
 
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-NapocaFrom Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
jerryhargrove
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
James Wickett
 
How to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityHow to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application Security
James Wickett
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
James Wickett
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015
James Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
James Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
James Wickett
 
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecInnotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
James Wickett
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
James Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
James Wickett
 
Epistemological Problem of Application Security
Epistemological Problem of Application SecurityEpistemological Problem of Application Security
Epistemological Problem of Application Security
James Wickett
 
Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudz
James Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
James Wickett
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot Application
VMware Tanzu
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
James Wickett
 
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftDevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
Amazon Web Services
 
Hacker Games & DevSecOps
Hacker Games & DevSecOpsHacker Games & DevSecOps
Hacker Games & DevSecOps
lokori
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
James Wickett
 

What's hot (20)

Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 milliseconds
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-NapocaFrom Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
How to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityHow to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application Security
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecInnotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
Epistemological Problem of Application Security
Epistemological Problem of Application SecurityEpistemological Problem of Application Security
Epistemological Problem of Application Security
 
Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudz
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot ApplicationBuilding a DevSecOps Pipeline Around Your Spring Boot Application
Building a DevSecOps Pipeline Around Your Spring Boot Application
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF LoftDevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft
 
Hacker Games & DevSecOps
Hacker Games & DevSecOpsHacker Games & DevSecOps
Hacker Games & DevSecOps
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
 

Similar to The Emergent Cloud Security Toolchain for CI/CD

DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
James Wickett
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
lior mazor
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
Stefan Streichsbier
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
Steven Carlson
 
Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery World
James Wickett
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
Chris Gates
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPA
Haggai Philip Zagury
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
James Wickett
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
Priyanka Aash
 
Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
Amazon Web Services
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
DevOps Indonesia
 
10 Reasons Your Software Sucks 2014 - Tax Day Edition!
10 Reasons Your Software Sucks 2014 - Tax Day Edition!10 Reasons Your Software Sucks 2014 - Tax Day Edition!
10 Reasons Your Software Sucks 2014 - Tax Day Edition!
Caleb Jenkins
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Mobodexter
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
OWASP Kyiv
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
OWASP
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
lior mazor
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Achim D. Brucker
 

Similar to The Emergent Cloud Security Toolchain for CI/CD (20)

DevSecOps and the CI/CD Pipeline
 DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 
Dev{sec}ops
Dev{sec}opsDev{sec}ops
Dev{sec}ops
 
Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery World
 
DevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim MackeyDevSecCon London 2017: when good containers go bad by Tim Mackey
DevSecCon London 2017: when good containers go bad by Tim Mackey
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps Toolchains
 
Kube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPAKube Security Shifting left | Scanners & OPA
Kube Security Shifting left | Scanners & OPA
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
Collaborative security : Securing open source software
Collaborative security : Securing open source softwareCollaborative security : Securing open source software
Collaborative security : Securing open source software
 
Successfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the CloudSuccessfully Implementing DEV-SEC-OPS in the Cloud
Successfully Implementing DEV-SEC-OPS in the Cloud
 
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
Securing a Great Developer Experience - DevOps Indonesia Meetup by Stefan Str...
 
10 Reasons Your Software Sucks 2014 - Tax Day Edition!
10 Reasons Your Software Sucks 2014 - Tax Day Edition!10 Reasons Your Software Sucks 2014 - Tax Day Edition!
10 Reasons Your Software Sucks 2014 - Tax Day Edition!
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
 

More from James Wickett

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
James Wickett
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
James Wickett
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
James Wickett
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
James Wickett
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
James Wickett
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
James Wickett
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
James Wickett
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
James Wickett
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018
James Wickett
 
Serverless Security at LASCON 2017
Serverless Security at LASCON 2017Serverless Security at LASCON 2017
Serverless Security at LASCON 2017
James Wickett
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
James Wickett
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
James Wickett
 

More from James Wickett (12)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018
 
Serverless Security at LASCON 2017
Serverless Security at LASCON 2017Serverless Security at LASCON 2017
Serverless Security at LASCON 2017
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
 

Recently uploaded

Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.
shivamt017
 
Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
VishrutGoyani1
 
High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...
High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...
High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...
singhlata50dh
 
Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)
miso_uam
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
SimonedeGijt
 
Attendance Tracking From Paper To Digital
Attendance Tracking From Paper To DigitalAttendance Tracking From Paper To Digital
Attendance Tracking From Paper To Digital
Task Tracker
 
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
rachitkumar09887
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
kayash1656
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
taskroupseo
 
ERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in CoimbatoreERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in Coimbatore
Nextskill Technologies
 
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
Srinivas Dukka
 
Il Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazioneIl Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazione
confluent
 
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
jealousviolet
 
Introduction to Cloud computing for Internet of Things
Introduction to Cloud computing for Internet of ThingsIntroduction to Cloud computing for Internet of Things
Introduction to Cloud computing for Internet of Things
NachuSubramanian1
 
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
bhumivarma35300
 
Building infrastructure with code_ A deep dive into CDK for IaC in Java.pdf
Building infrastructure with code_ A deep dive into CDK for IaC in Java.pdfBuilding infrastructure with code_ A deep dive into CDK for IaC in Java.pdf
Building infrastructure with code_ A deep dive into CDK for IaC in Java.pdf
mohitd6
 
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdfIoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
mohitd6
 
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
neshakor5152
 
GT degree offer diploma Transcript
GT degree offer diploma TranscriptGT degree offer diploma Transcript
GT degree offer diploma Transcript
attueb
 
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docxComprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Aardwolf Security
 

Recently uploaded (20)

Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.Shivam Pandit working on Php Web Developer.
Shivam Pandit working on Php Web Developer.
 
Google ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learningGoogle ML-Kit - Understanding on-device machine learning
Google ML-Kit - Understanding on-device machine learning
 
High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...
High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...
High Girls Call Chennai 000XX00000 Provide Best And Top Girl Service And No1 ...
 
Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)Software development... for all? (keynote at ICSOFT'2024)
Software development... for all? (keynote at ICSOFT'2024)
 
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptxWired_2.0_Create_AmsterdamJUG_09072024.pptx
Wired_2.0_Create_AmsterdamJUG_09072024.pptx
 
Attendance Tracking From Paper To Digital
Attendance Tracking From Paper To DigitalAttendance Tracking From Paper To Digital
Attendance Tracking From Paper To Digital
 
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
Agra Girls Call Agra 0X0000000X Unlimited Short Providing Girls Service Avail...
 
Artificial intelligence in customer services or chatbots
Artificial intelligence  in customer services or chatbotsArtificial intelligence  in customer services or chatbots
Artificial intelligence in customer services or chatbots
 
Leading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptxLeading Project Management Tool Taskruop.pptx
Leading Project Management Tool Taskruop.pptx
 
ERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in CoimbatoreERP Software Solutions Provider in Coimbatore
ERP Software Solutions Provider in Coimbatore
 
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
AWS DevOps-Tutorial CHANAKYA SRIYAN DUKKA.
 
Il Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazioneIl Data Streaming per un’AI real-time di nuova generazione
Il Data Streaming per un’AI real-time di nuova generazione
 
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
VVIP Girls Call Mumbai 9910780858 Provide Best And Top Girl Service And No1 i...
 
Introduction to Cloud computing for Internet of Things
Introduction to Cloud computing for Internet of ThingsIntroduction to Cloud computing for Internet of Things
Introduction to Cloud computing for Internet of Things
 
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
Independent Girls call Service Pune 000XX00000 Provide Best And Top Girl Serv...
 
Building infrastructure with code_ A deep dive into CDK for IaC in Java.pdf
Building infrastructure with code_ A deep dive into CDK for IaC in Java.pdfBuilding infrastructure with code_ A deep dive into CDK for IaC in Java.pdf
Building infrastructure with code_ A deep dive into CDK for IaC in Java.pdf
 
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdfIoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
IoT In Manufacturing_ Use Cases, Benefits, and Challenges.pdf
 
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in CityGirls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
Girls Call Mysore 000XX00000 Provide Best And Top Girl Service And No1 in City
 
GT degree offer diploma Transcript
GT degree offer diploma TranscriptGT degree offer diploma Transcript
GT degree offer diploma Transcript
 
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docxComprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
Comprehensive Vulnerability Assessments Process _ Aardwolf Security.docx
 

The Emergent Cloud Security Toolchain for CI/CD