Learning the lessons from how the development and operations teams joined their forces together mobilizing themselves under a common DevOps umbrella, security teams don't want to stay behind. They see it as a chance to get more involved at each step of the software development in the Agile fashion. Hence DevSecOps approach, closing the gap between the security teams and the rest of the engineering organization.
In my talk I will show the examples of how DevSecOps can lead to a faster feedback loop related to the security issues in the software you are developing. Furthermore, I will explain how to transform your Agile Software Development practices to leverage this new DevSecOps approach and thanks to that produce code with much less security vulnerabilities.
But what after you have embraced this new practice? What will be the next “Holy Grail” of software development? I will try to put my Captain Kirk suit and try to see what is laying at the edges of the DevSecOps galaxy.
DevSecOps: The Final Frontier? Building Secure Software in an Agile OrganizationJakub "Kuba" Sendor
During the past two decades we have started shifting from the waterfall project planning to more agile organization of our software development practices. Utilizing Scrum, Kanban and Lean practices we are now better prepared for the unknown and can faster react to the changing requirements, product plans and team rotation. But it seems that the security requirements for the software we are producing are still living in the "Waterfall World". They are usually being verified as the last step of the development, introducing further delays or simply leaving the deployed software with more and more vulnerabilities.
Learning the lessons from how the Development and Operations teams joined their forces together mobilizing themselves under a common DevOps umbrella, security teams don't want to stay behind. They see it as a chance to get more involved at each step of the software development in the Agile fashion. Hence DevSecOps approach, closing the gap between the security teams and the rest of the engineering organization.
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
DevSecOps requires processes and tools that enable weaving security throughout the DevOps pipeline. It is much more than a buzzword, and if you'd ask most organizations, well, they believe they are in the process of adopting DevSecOps tools and practices. But, are they?
In order to deeply understand the state of DevSecOps implementation we need to learn more about the relationship between developers and security teams. After surveying more than 560 application security professionals and software developers we found several insights.
Join Jeff Martin, associate VP of product management, and Rhys Arkins, director of product management at WhiteSource, to learn about:
The current challenges of the security and development teams when it comes to AppSec
The contradicting views and gaps between the teams on DevSecOps maturity
How to break the silos and advance toward DevSecOps maturity
Getting to Know Security and Devs: Keys to Successful DevSecOpsFranklin Mosley
In the past, security was seen as function of the ‘security’ organization. With DevOps, we aim to break down these silos, and make security a shared responsibility. What do Security and Development teams need know about each other to work together more effectively?
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24
The chase for security perfection is not uncommon. The idea of ‘shift left’ - locating defects from the beginning of SDLC and rectifying them early is a well-founded approach. But in a competitive business landscape, companies must balance the tradeoff between speed and quality to keep their business moving. Join our application security webinar and learn how to implement an agile DevSecOps to carry out the necessary security checks without compromising on time-to-market.
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24
DevOps is a revolution starting to deliver. The “shift left” security approach is trying to catch up, but challenges remain. We will go over concrete security approaches and real data that overcome these challenges.
It takes more than adding “hard to find” security talent to your DevOps team to reach DevSecOps benefits. Our discussion focuses on the practical side and lessons-learned from helping organizations gear up for this paradigm shift.
DevSecOps: The Final Frontier? Building Secure Software in an Agile OrganizationJakub "Kuba" Sendor
During the past two decades we have started shifting from the waterfall project planning to more agile organization of our software development practices. Utilizing Scrum, Kanban and Lean practices we are now better prepared for the unknown and can faster react to the changing requirements, product plans and team rotation. But it seems that the security requirements for the software we are producing are still living in the "Waterfall World". They are usually being verified as the last step of the development, introducing further delays or simply leaving the deployed software with more and more vulnerabilities.
Learning the lessons from how the Development and Operations teams joined their forces together mobilizing themselves under a common DevOps umbrella, security teams don't want to stay behind. They see it as a chance to get more involved at each step of the software development in the Agile fashion. Hence DevSecOps approach, closing the gap between the security teams and the rest of the engineering organization.
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersDevOps.com
DevSecOps requires processes and tools that enable weaving security throughout the DevOps pipeline. It is much more than a buzzword, and if you'd ask most organizations, well, they believe they are in the process of adopting DevSecOps tools and practices. But, are they?
In order to deeply understand the state of DevSecOps implementation we need to learn more about the relationship between developers and security teams. After surveying more than 560 application security professionals and software developers we found several insights.
Join Jeff Martin, associate VP of product management, and Rhys Arkins, director of product management at WhiteSource, to learn about:
The current challenges of the security and development teams when it comes to AppSec
The contradicting views and gaps between the teams on DevSecOps maturity
How to break the silos and advance toward DevSecOps maturity
Getting to Know Security and Devs: Keys to Successful DevSecOpsFranklin Mosley
In the past, security was seen as function of the ‘security’ organization. With DevOps, we aim to break down these silos, and make security a shared responsibility. What do Security and Development teams need know about each other to work together more effectively?
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24
The chase for security perfection is not uncommon. The idea of ‘shift left’ - locating defects from the beginning of SDLC and rectifying them early is a well-founded approach. But in a competitive business landscape, companies must balance the tradeoff between speed and quality to keep their business moving. Join our application security webinar and learn how to implement an agile DevSecOps to carry out the necessary security checks without compromising on time-to-market.
In the world of DevSecOps as you may predict we have three teams working together. Development, the Security team and Operations.
The “Sec” of DevSecOps introduces changes into the following:
• Engineering
• Operations
• Data Science
• Compliance
Outpost24 webinar: Turning DevOps and security into DevSecOpsOutpost24
DevOps is a revolution starting to deliver. The “shift left” security approach is trying to catch up, but challenges remain. We will go over concrete security approaches and real data that overcome these challenges.
It takes more than adding “hard to find” security talent to your DevOps team to reach DevSecOps benefits. Our discussion focuses on the practical side and lessons-learned from helping organizations gear up for this paradigm shift.
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it. While automating security testing is an obvious answer to secure applications in the code pipeline, that does not provide 100% coverage until security risks are fully mitigated. Fabian will talk about his journey in making DevSecOps a reality in an organisation. This talk will focus some of the lessons learnt - which includes implementing open source tools to help security team do their jobs better, hacking the culture, whitelisting services, reporting security defects. and also doing Red Team activities.
Finding Security a Home in a DevOps WorldShannon Lietz
Presented this talk at DevOps Summit in 2015 to a DevOps community. Discovered that security is new to most DevOps teams and this was a very good discussion.
Key Takeaways from Instructure's Successful Bug Bounty Programbugcrowd
Slides used during Bugcrowd's 3/5/2015 webinar with Instructure, the innovative company behind Canvas Learning Management System. Learn why they turned to crowdsourced security, and how Bugcrowd's Flex program gave them great results.
Open Source Security at Scale- The DevOps Challenge WhiteSource
It’s no secret that open source components form the backbone of today’s software, comprising between 60-80% of modern applications. But with this, comes the alarming rise in open source vulnerabilities – more than 3,500 open source vulnerabilities were reported in 2017 – that’s 60% higher than the previous year, and the trend continued in 2018.
The question arises: how can DevOps teams ensure a visible and continuous delivery pipeline for software releases without letting security slow them down?
Join WhiteSource’s Product Manager, Shiri Ivtsan, as she discusses:
- The current state of open source vulnerabilities management;
- The latest innovations in the open source security world; and
- The best DevOps tools to protect organizations against open source vulnerabilities and ensure agility, visibility and control regarding their open source.
Taking Open Source Security to the Next LevelWhiteSource
Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future.
Additionally, WhiteSource Senior Director of Product Marketing, Jeff Crum, will discuss recent analysis of the Software Composition Analysis (SCA) market, including takeaways from The Forrester Wave™: Software Composition Analysis, Q2 2019.
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these?
Join Codefresh and WhiteSource, as they embark on a journey to tackle:
The container iceberg - learn what are your blind spots
The main security challenges when using open source in containerized applications
The role of automation in open source security in containers
A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline
In the movie, RoboCop is given three primary directives: "Serve the public trust, Protect the innocent, and Uphold the law". We built our own RoboCop in order to bring law and order to our CI/CD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CI/CD pipeline.
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
We discuss the role software plays in information security and compare and contrast how many of the unique attributes of open source can present particular security challenges as opposed to proprietary/commercial software. We will examine the role open source has played in several high profile security incidents, drawing lessons learned from those incidents. We will also review the standards of “reasonableness” established by widely adopted security standards published by NIST and others and discuss the application of those standards to open source.
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
This webcast will analyze the key differences between the penetration testing and bug bounty models and explore why one company replaced their pen tests over the last three years.
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConTom Stiehm
DevSecOps adds on the DevOps by making Application Security part of the daily workflow of the team in order to improve the quality and security of a product. Shift AppSec practices left is the key enabler to making AppSec a first-class citizen in the development effort rather than an afterthought with limited ability to be successful.
Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems.
Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works.
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
The best approaches and practices that security teams should implement in order to enable their developers to harness the power of open source without slowing them down or compromising on security.
Unleash Team Productivity with Real-Time Operations (DEV203-S) - AWS re:Inven...Amazon Web Services
For today’s digital organizations, even a few minutes of downtime can mean millions of dollars lost and customers who go elsewhere. To keep up with customer expectations, organizations must handle and prioritize real-time operations at a scale that didn’t exist before. However, developing this competency is easier said than done, especially without a solid understanding of the capabilities needed to drive real-time operations across cloud and on-premises environments. In this session, we explore how innovations around machine learning, automation, and analytics, when combined with modern incident management best practices, can improve operational performance, team productivity, and drive business results. This session is brought to you by AWS partner, PagerDuty, Inc.
Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
The Rise of DevSecOps - Fabian Lim - DevSecOpsSgDevSecOpsSg
DevOps is a cultural shift for more and more organisations, bringing speed and innovation benefits that surpass other SDLC methods. But some of the principles of DevOps aren’t quite aligned with how companies of all sizes will need to incorporate and embed security into this shift. DevSecOps provides a path forward for the transformation and helps companies to shift security to the left so that everyone can take responsibility for it. While automating security testing is an obvious answer to secure applications in the code pipeline, that does not provide 100% coverage until security risks are fully mitigated. Fabian will talk about his journey in making DevSecOps a reality in an organisation. This talk will focus some of the lessons learnt - which includes implementing open source tools to help security team do their jobs better, hacking the culture, whitelisting services, reporting security defects. and also doing Red Team activities.
Finding Security a Home in a DevOps WorldShannon Lietz
Presented this talk at DevOps Summit in 2015 to a DevOps community. Discovered that security is new to most DevOps teams and this was a very good discussion.
Key Takeaways from Instructure's Successful Bug Bounty Programbugcrowd
Slides used during Bugcrowd's 3/5/2015 webinar with Instructure, the innovative company behind Canvas Learning Management System. Learn why they turned to crowdsourced security, and how Bugcrowd's Flex program gave them great results.
Open Source Security at Scale- The DevOps Challenge WhiteSource
It’s no secret that open source components form the backbone of today’s software, comprising between 60-80% of modern applications. But with this, comes the alarming rise in open source vulnerabilities – more than 3,500 open source vulnerabilities were reported in 2017 – that’s 60% higher than the previous year, and the trend continued in 2018.
The question arises: how can DevOps teams ensure a visible and continuous delivery pipeline for software releases without letting security slow them down?
Join WhiteSource’s Product Manager, Shiri Ivtsan, as she discusses:
- The current state of open source vulnerabilities management;
- The latest innovations in the open source security world; and
- The best DevOps tools to protect organizations against open source vulnerabilities and ensure agility, visibility and control regarding their open source.
Taking Open Source Security to the Next LevelWhiteSource
Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future.
Additionally, WhiteSource Senior Director of Product Marketing, Jeff Crum, will discuss recent analysis of the Software Composition Analysis (SCA) market, including takeaways from The Forrester Wave™: Software Composition Analysis, Q2 2019.
Tackling the Container Iceberg:How to approach security when most of your sof...WhiteSource
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these?
Join Codefresh and WhiteSource, as they embark on a journey to tackle:
The container iceberg - learn what are your blind spots
The main security challenges when using open source in containerized applications
The role of automation in open source security in containers
A live demo showing how WhiteSource & Codefresh can allow you to automate open source security in containers throughout the DevOps pipeline
In the movie, RoboCop is given three primary directives: "Serve the public trust, Protect the innocent, and Uphold the law". We built our own RoboCop in order to bring law and order to our CI/CD pipeline. DevOps practices are all about enabling fast and frequent delivery of new software. In order to keep pace in a DevOps culture, application security must be reliably integrated into the CI/CD pipeline.
[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd
Kymberlee Price's Black Hat 2016 talk in a live webcast. This presentation will address some best practices and templates to help security teams build or scale their incident response practices.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
We discuss the role software plays in information security and compare and contrast how many of the unique attributes of open source can present particular security challenges as opposed to proprietary/commercial software. We will examine the role open source has played in several high profile security incidents, drawing lessons learned from those incidents. We will also review the standards of “reasonableness” established by widely adopted security standards published by NIST and others and discuss the application of those standards to open source.
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
This webcast will analyze the key differences between the penetration testing and bug bounty models and explore why one company replaced their pen tests over the last three years.
Shifting Security Left - The Innovation of DevSecOps - ValleyTechConTom Stiehm
DevSecOps adds on the DevOps by making Application Security part of the daily workflow of the team in order to improve the quality and security of a product. Shift AppSec practices left is the key enabler to making AppSec a first-class citizen in the development effort rather than an afterthought with limited ability to be successful.
Modern systems pose a number of thorny challenges and securing the transformation from legacy monolithic systems to distributed systems demands a change in mindset and engineering toolkit. The security engineering toolkit is unfortunately out-of-style and outdated with today's approach to building, security and operating distributed systems.
Distributed systems at scale have unpredictable and complex outcomes that are costly when security incidents occur. The speed, scale, and complex operations within microservice architectures make them tremendously difficult for humans to mentally model their behavior. If the latter is even remotely true how is it possible to adequately secure services that are not even fully comprehended by the engineering teams that built them. How do we realign the actual state of operational security measures to maintain an acceptable level of confidence that our security actually works.
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
The best approaches and practices that security teams should implement in order to enable their developers to harness the power of open source without slowing them down or compromising on security.
Unleash Team Productivity with Real-Time Operations (DEV203-S) - AWS re:Inven...Amazon Web Services
For today’s digital organizations, even a few minutes of downtime can mean millions of dollars lost and customers who go elsewhere. To keep up with customer expectations, organizations must handle and prioritize real-time operations at a scale that didn’t exist before. However, developing this competency is easier said than done, especially without a solid understanding of the capabilities needed to drive real-time operations across cloud and on-premises environments. In this session, we explore how innovations around machine learning, automation, and analytics, when combined with modern incident management best practices, can improve operational performance, team productivity, and drive business results. This session is brought to you by AWS partner, PagerDuty, Inc.
Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
How to build app sec team & culture in your organization the hack summi...kunwaratul hax0r
This talk is completely dedicated to how to build application security culture and team in your organization. I have presented this talk at The Hack Summit Poland.
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
Our experts discuss the key considerations for implementing security training and application security into the SDLC, how to engage with developers through gamified learning and embed security testing without any downtime and costing the earth.
This talk will demo one threat modeling methodology and how an engineering team is appending it to their Secure Software Development Life Cycle. The goal is to create a single platform for communicating architectural risk and planning mitigations within sprints. This will not only address security concerns sooner in a product's lifecycle but establish a trusting relationship between engineering and security teams. As an ever-evolving space, to reduce risk and deploy products to market, this is one additional step any software-focused team can quickly adapt to their practices.
DevOps continues to be a buzzword in the software development and operations world, but is it really a paradigm shift? It depends on what lens you view it through.
Roman Garber, an active software security engineering and software team lead thinks so. Ed Adams, Security Innovation CEO, a 20-year software quality veteran and former mechanical engineer, curmudgeonly disagrees.
Link to Youtube video: https://youtu.be/-awH_CC4DLo
You can contact me at abhimanyu.bhogwan@gmail.com
My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/
Basic Introduction to DevSecOps concept
Why What and How for DevSecOps
Basic intro for Threat Modeling
Basic Intro for Security Champions
3 pillars of DevSecOps
6 important components of a DevSecOps approach
DevSecOps Security Best Practices
How to integrate security in CI/CD pipeline
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
VMWare Tech Talk: "The Road from Rugged DevOps to Security Chaos Engineering"Aaron Rinehart
This session will cover the foundations DevSecOps and the application of Chaos Engineering for Cyber Security. We will cover how the craft has evolved by sharing some lessons learned driving digital transformation at the largest healthcare company in the world, UnitedHealth Group. During the session we will talk about DevSecOps, Rugged DevOps, Open Source, and how we pioneered the application of Chaos Engineering to Cyber Security.
We will cover how DevSecOps and Security Chaos Engineering allows for teams to proactively experiment on recurring failure patterns in order to derive new information about underlying problems that were previously unknown. The use of Chaos Engineering techniques in DevSecOps pipelines, allows incident response and engineering teams to derive new information about the state of security within the system that was previously unknown.
As far as we know Chaos Engineering is one of the only proactive mechanisms for detecting systemic availability and security failures before they manifest into outages, incidents, and breaches. In other words, Security focused Chaos Engineering allows teams to proactively, safely discover system weakness before they disrupt business outcomes.
Slides from presentation delivered at InfoSecWeek in London (Oct 2016) about making developers more productive, embedding security practices into the SDL and ensuring that security risks are accepted and understood.
The focus is on the Dev part of SecDevOps, and on the challenges of creating Security Champions for all DevOps stages.
Slicing Apples with Ninja Sword: Fighting Malware at the Corporate Level (OWA...Jakub "Kuba" Sendor
Even for a big incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Our malware analysts (we love to call them "ninjas" as they are superfast!) have spent a lot of their precious time staring at the digital forensics collected from potentially infected macOS systems. Early on, we have automated some parts of the collection (taking advantage of our open source OSXCollector) and analysis (with OSXCollector Output Filters), augmenting the initial set of digital forensics with the information gathered from the threat intelligence APIs. This helped us in taking the full advantage of the additional information on potentially suspicious domains, URLs and file hashes. But our approach to the analysis still required a certain degree of configuration and manual maintenance that was consuming lots of attention from malware responders.
So we have turned our OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. It's like a ninja sword and a chainsaw combined into one. AMIRA turns the forensic information gathered by OSXCollector into an actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to trigger the collection of the forensic artifacts.
AMIRA: Automated Malware Incident Response and Analysis for macOS (Black Hat ...Jakub "Kuba" Sendor
Even for a big incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Early on, we automated some of the collection and analysis using our own open source OSXCollector. This helped us quickly identify suspicious domains, URLs and file hashes. But our approach to the analysis still required manual steps that was consuming lots of attention from malware responders.
Enter automation: Further reducing the repetitive tasks will help you deal faster with the incident discovery, forensic collection and analysis, with fewer possibilities to make a mistake. We have turned our OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. AMIRA turns the forensic information gathered by OSXCollector into an actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to trigger the collection of the forensic artifacts.
Thanks to that, the incident response team members can focus on what they excel at: finding the unusual patterns and discovering the novel ways that malware was trying to sneak into the corporate infrastructure.
AMIRA: Automated Malware Incident Response and Analysis (Black Hat USA Arsena...Jakub "Kuba" Sendor
Even for a larger incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Our malware analysts have spent a lot of time chasing digital forensics from potentially infected Mac OS X systems, leveraging open source tools, like OSXCollector. Early on, we have automated some part of the analysis process, augmenting the initial set of digital forensics collected from the machines with the information gathered from the threat intelligence APIs. They helped us with additional information on potentially suspicious domains, URLs and file hashes. But our approach to the analysis still required a certain degree of configuration and manual maintenance that was consuming lots of attention from malware responders.
Enter automation: turning all of your repetitive tasks in a scripted way that will help you deal faster with the incident discovery, forensic collection and analysis, with fewer possibilities to make a mistake. We went ahead and turned OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. AMIRA turns the forensic information gathered by OSXCollector into actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to follow the investigation. Thanks to that, the incident response team members can focus on what they excel at: finding unusual patterns and the novel ways that malware was trying to sneak into the corporate infrastructure.
Even for a larger incident response team handling all of the repetitive tasks related to malware infections is a tedious task. Our malware analysts have spent a lot of time chasing digital forensics from potentially infected Mac OS X systems, leveraging open source tools, like OSXCollector. Early on, we have automated some part of the analysis process, augmenting the initial set of digital forensics collected from the machines with the information gathered from the threat intelligence APIs. They helped us with additional information on potentially suspicious domains, URLs and file hashes. But our approach to the analysis still required a certain degree of configuration and manual maintenance that was consuming lots of attention from malware responders.
Enter automation: turning all of your repetitive tasks in a scripted way that will help you deal faster with the incident discovery, forensic collection and analysis, with fewer possibilities to make a mistake. We went ahead and turned OSXCollector toolkit into AMIRA: Automated Malware Incident Response and Analysis service. AMIRA turns the forensic information gathered by OSXCollector into actionable response plan, suggesting the infection source as well as suspicious files and domains requiring a closer look. Furthermore, we integrated AMIRA with our incident response platform, making sure that as little interaction as necessary is required from the analyst to follow the investigation.
Thanks to that, the incident response team members can focus on what they excel at: finding unusual patterns and the novel ways that malware was trying to sneak into the corporate infrastructure.
BSidesSF 2016 - A year in the wild: fighting malware at the corporate levelJakub "Kuba" Sendor
From the moment of the threat detection, first response throughout the analysis, and the final resolution, we make sure that we can catch as many incidents as possible and properly sanitize the environment so that the potential problems are cut short. All this in an automated and orchestrated fashion, eliminating the manual repetition as much as possible thanks to the in-house built tools like AIR (Automated Incident Response), OSXCollector (Mac OS X forensics collection) and ElastAlert (alerting out of Elasticsearch). We also complement the pipeline with some available open source tools, like osquery and other proprietary threat detection technologies. This adds up to a balanced ecosystem that helps us leverage the current assets, learn about the potential problems quickly and respond to them in a timely fashion.
OSXCollector: Automated forensic evidence collection & analysis for OS X (Bru...Jakub "Kuba" Sendor
We use Macs a lot at Yelp, which means that we see our fair share of Mac-specific security alerts. Host based detectors will tell us about known malware infestations or weird new startup items. Network based detectors see potential C2 callouts or DNS requests to resolve suspicious domains. Sometimes our awesome employees just let us know, “I think I have like Stuxnet or conficker or something on my laptop.”
When alerts fire, our incident response team’s first goal is to “stop the bleeding” – to contain and then eradicate the threat. Next, we move to “root cause the alert” – figuring out exactly what happened and how we’ll prevent it in the future. One of our primary tools for root causing OS X alerts is OSXCollector.
OSXCollector (https://github.com/Yelp/OSXCollector) is an open source forensic evidence collection and analysis toolkit for OS X. It was developed in-house at Yelp to automate the digital forensics and incident response (DFIR) our crack team of responders had been doing manually.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
To boldly go where no one has gone before: life after the DevSecOps transformation
1. To boldly go where no one has gone before
Life after the DevSecOps transformation 🚀👨🚀
j-labs software specialists | Cracow | Warsaw | Munich j-labs.pl blog.j-labs.pl talk4devs.j-labs.pl
Kuba Sendor
Delivery Manager @ j-labs
2. 2Agenda
1.A brief history of where DevSecOps came from
2.So what DevSecOps really is?
3.To boldly go: transition into DevSecOps
Image source: omado.ca
3. 3Brief intro
since 2019: Delivery Manager, j-labs in Kraków
2010-2014: Security & Trust Research,
SAP Labs France in Sophia-Antipolis
2014-2018: Corporate Security, Yelp in London
and San Francisco
Jakub „Kuba” Sendor
12. 12DevSecOps Manifesto
Leaning in over Always Saying “No”
Data & Security Science over Fear, Uncertainty and Doubt
Open Contribution & Collaboration over Security-Only Requirements
Consumable Security Services with APIs over Mandated Security Controls & Paperwork
Business Driven Security Scores over Rubber Stamp Security
Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident
Shared Threat Intelligence over Keeping Info to Ourselves
Compliance Operations over Clipboards & Checklists
Source: devsecops.org
13. 13DevSecOps Manifesto
Leaning in over Always Saying “No”
Data & Security Science over Fear, Uncertainty and Doubt
Open Contribution & Collaboration over Security-Only Requirements
Consumable Security Services with APIs over Mandated Security Controls & Paperwork
Business Driven Security Scores over Rubber Stamp Security
Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident
Shared Threat Intelligence over Keeping Info to Ourselves
Compliance Operations over Clipboards & Checklists
Source: devsecops.org
16. 16The Six Pillars of DevSecOps – Cloud Security Alliance
Pillar 1: Collective Responsibility
Pillar 2: Collaboration and Integration
Pillar 3: Pragmatic Implementation
Pillar 4: Bridging Compliance and Development
Pillar 5: Automation
Pillar 6: Measure, Monitor, Report and Action
Source: cloudsecurityalliance.org
17. 17Collective Responsibility
Security as a first-class citizen
• Board-level interest in your organization
• CISO – Chief Information Security Officer
Source: linkedin.com
27. 27
Start small –
iterate fast
Journey to DevSecOps
Get the right tools
Be inclusive and
involve everybody
Measure and don’t be
afraid of course
correction
28. 28Start small – iterate fast
Education
• Awareness training
• Security conferences
Threat modeling
• You already know how to do it!
35. 35Get the right tools
• Incident Response
• Security Incident and Event
Management
• Threat Hunting
the list goes on and on...
36. 36DevSecOps Manifesto
Leaning in over Always Saying “No”
Data & Security Science over Fear, Uncertainty and Doubt
Open Contribution & Collaboration over Security-Only Requirements
Consumable Security Services with APIs over Mandated Security Controls & Paperwork
Business Driven Security Scores over Rubber Stamp Security
Red & Blue Team Exploit Testing over Relying on Scans & Theoretical Vulnerabilities
24x7 Proactive Security Monitoring over Reacting after being Informed of an Incident
Shared Threat Intelligence over Keeping Info to Ourselves
Compliance Operations over Clipboards & Checklists
Source: devsecops.org
42. 42Measure and don’t be afraid of course correction
• Measure
• Vulnerabilities detected
• Number of incidents
• Mean time to respond
• Retrospect
• Take action!
44. 44Thank you!
Jakub „Kuba” Sendor
Delivery Manager
jakub.sendor@j-labs.pl
Luise-Ullrich-Straße 20
80636 München
ul. Zabłocie 43a
30-701 Kraków
al. Armii Ludowej 26
00-609 Warszawa
j-labs.pl
blog.j-labs.pl
talk4devs.j-labs.pl