SlideShare a Scribd company logo

New Farming Methods in the Epistemological Wasteland of Application Security

James Wickett
James Wickett

Over the years, application security (appsec) has made progress, but it has also made some considerable mis-steps. Appsec focuses almost solely on developer awareness and secure development training as remediation. This isn't sustainable and arguably does little good. There is a better way, but we have to separate ourselves from the core assumptions we have made that got us here. Lets journey together to find old truths and better approaches. We will explore ways to make a change for the better across all levels of the development lifecycle, but we will focus on security testing early on in the development process. From this session, you will learn pragmatic approaches and tooling that will affect your development processes and delivery pipelines. You will walk away with code examples and tools that you can put into practice right away for security and rugged testing. http://lascon.org http://lascon2015.sched.org/event/175e3c828095386b2fa0fc660b2502a3

Software
1 of 159
Download to read offline
New Farming Methods in the Epistemological Wasteland of Application Security - @wickett
@wickett #ruggeddevops bit.ly/rdo-farming Slides
@wickett #ruggeddevops James Wickett SR. ENGINEER, SIGNAL SCIENCES AUSTIN, TX HANDS-ON GAUNTLT BOOK DEVOPS DAYS GLOBAL ORGANIZER LASCON ORGANIZER
Application Security Telemetry and Monitoring Plus Defense! Application Security for the rest of us An approach that integrates with devops organizations doesn't inhibit going fast
5
@wickett #ruggeddevops
@wickett #ruggeddevops Software development is a constant experiment in knowing Application Security abdicated runtime responsibility and development responsibility through incoherent philosophical approaches and fostering silo-thinking Security now is where Ops was 7 years ago. Ops found a path to change through devops, security can too There are three ways we can add value: at development, at deploy, at runtime Summary
@wickett #ruggeddevops Bad-Behavior Driven Development Weaponizing your CD Pipeline Application Security Telemetry and Monitoring Continuous Hardening and Audit Have a S-BOM! (Software Bill of Materials) Practices
@wickett #ruggeddevops Where do we come from
@wickett #ruggeddevops A study in how we know anything in Application Security
@wickett #ruggeddevops Spoiler Alert: We don’t !
@wickett #ruggeddevops once upon a time…
@wickett #ruggeddevops What does it all mean? A Journey to the Epistemological Problem of Software Development
@wickett #ruggeddevops In our Innate Humanness We optimize for the probable
@wickett #ruggeddevops Unit Testing
@wickett #ruggeddevops Integration Testing
@wickett #ruggeddevops Happy Path Engineering
@wickett #ruggeddevops We also optimize for the possible
@wickett #ruggeddevops Over Engineering
@wickett #ruggeddevops The scaling algo that never got used…
@wickett #ruggeddevops There is too much to choose from in the realm of possible
@wickett #ruggeddevops Actually, we optimize for the perceived probable
@wickett #ruggeddevops How do we know what to create?
@wickett #ruggeddevops This is the problem
@wickett #ruggeddevops Epistemological Problem of Software Development
@wickett #ruggeddevops We gather data and rhetoric to support our theories
@wickett #ruggeddevops There are 3 major arcs currently in Software Development
@wickett #ruggeddevops We started as Civil Engineers
@wickett #ruggeddevops First Arc: Agile
@wickett #ruggeddevops Agile avoids the problem
@wickett #ruggeddevops Agile reminds that we dont know what we are building
@wickett #ruggeddevops
@wickett #ruggeddevops Behavior Driven Development
@wickett #ruggeddevops BDD = Agile + feedback
@wickett #ruggeddevops Behavior Driven Development is a second-generation, outside–in, pull- based, multiple-stakeholder, multiple- scale, high-automation, agile methodology. It describes a cycle of interactions with well-defined outputs, resulting in the delivery of working, tested software that matters. Dan North , 2009
@wickett #ruggeddevops Amplify Feedback Loop
@wickett #ruggeddevops Agile emphasizes feedback to developers from their overlords and sometimes even customers
@wickett #ruggeddevops TLDR; Rapid Iterations Win
@wickett #ruggeddevops Agile is our guiding Light
@wickett #ruggeddevops The world has changed since Agile
@wickett #ruggeddevops We don’t sell CD’s anymore
@wickett #ruggeddevops Software as a Service
@wickett #ruggeddevops The last fifteen years have brought a complete change in our delivery cadence, distribution mechanisms and revenue models
@wickett #ruggeddevops Second Arc: DevOps
@wickett #ruggeddevops DEVOPS IS THE APPLICATION OF AGILE METHODOLOGY TO SYSTEM ADMINISTRATION - THE PRACTICE OF CLOUD SYSTEM ADMINISTRATION BOOK
@wickett #ruggeddevops DEVOPS
@wickett #ruggeddevops Agile Infrastructure
@wickett #ruggeddevops http://www.slideshare.net/jallspaw/10-deploys-per-day-dev-and-ops-cooperation-at-flickr
@wickett #ruggeddevops Less WIP Less technical debt
@wickett #ruggeddevops Customers actually using the feature while the developer is working on it
@wickett #ruggeddevops Great side effect: Produces Happy Developers
@wickett #ruggeddevops
@wickett #ruggeddevops
@wickett #ruggeddevops Devops realized that ops doesn’t know what devs know and vice versa
@wickett #ruggeddevops Dev : Ops 10 : 1
@wickett #ruggeddevops DevOps is an Epistemological breakthrough joining people around a common problem
@wickett #ruggeddevops Culture is the most important aspect to devops succeeding in the enterprise - Patrick DeBois
@wickett #ruggeddevops Culture is shaped in part by values
@wickett #ruggeddevops
@wickett #ruggeddevops Mutual Understanding Shared Language Shared Views Collaborative Tooling
@wickett #ruggeddevops DEVOPS IS THE INEVITABLE RESULT OF NEEDING TO DO EFFICIENT OPERATIONS IN A [DISTRIBUTED COMPUTING AND CLOUD] ENVIRONMENT. - TOM LIMONCELLI
@wickett #ruggeddevops https://puppetlabs.com/sites/default/files/2015-state-of-devops-report.pdf
@wickett #ruggeddevops TLDR; High-performing IT organizations experience 60X fewer failures and recover from failure 168X faster than their lower-performing peers. They also deploy 30X more frequently with 200X shorter lead times.
@wickett #ruggeddevops Culture Automation Measurement Sharing - @damonedwards, @botchagalupe
@wickett #ruggeddevops Devops gone wrong
@wickett #ruggeddevops “THAT THE WORD #DEVOPS GETS REDUCED TO TECHNOLOGY IS A MANIFESTATION OF HOW BADLY WE NEED A CULTURAL SHIFT” - @PATRICKDEBOIS http://www.slideshare.net/cm6051/london-devops-31-5-years-of-devops
@wickett #ruggeddevops Third Arc: Continuous Delivery
@wickett #ruggeddevops Continuous Delivery is not merely how often you deliver but how little you can deliver at a time
@wickett #ruggeddevops Delivery Pipelines are rad!
@wickett #ruggeddevops Batch Size of 1
@wickett #ruggeddevops Separation of Duties Considered Harmful
@wickett #ruggeddevops Give power to the Developers to deploy
@wickett #ruggeddevops Reduce Code Latency Increase Code Velocity
@wickett #ruggeddevops 3 Arcs: Agile DevOps Continuous Delivery
@wickett #ruggeddevops The next Arc: Security Rugged
@wickett #ruggeddevops “…Those stupid developers” - Security person
@wickett #ruggeddevops “Security prefers a system powered off and unplugged” - Developer
@wickett #ruggeddevops Cultural Unrest with security in most organizations
@wickett #ruggeddevops Compliance Driven Culture
@wickett #ruggeddevops “[RISK ASSESSMENT] INTRODUCES A DANGEROUS FALLACY: THAT STRUCTURED INADEQUACY IS ALMOST AS GOOD AS ADEQUACY AND THAT UNDERFUNDED SECURITY EFFORTS PLUS RISK MANAGEMENT ARE ABOUT AS GOOD AS PROPERLY FUNDED SECURITY WORK”
@wickett #ruggeddevops Security is where ops was 7 years ago…
@wickett #ruggeddevops Dev : Ops : Sec 100 : 10 : 1
@wickett #ruggeddevops Understaffing means no one thinks security helps the business win
@wickett #ruggeddevops DevOps changed that for Ops, security can change too
@wickett #ruggeddevops Netflix demonstrated that people care about resiliency
@wickett #ruggeddevops Innately, we all care
@wickett #ruggeddevops Rugged Software Movement
@wickett #ruggeddevops #ruggeddevops
@wickett #ruggeddevops https://vimeo.com/54250716
@wickett #ruggeddevops http://www.youtube.com/watch?v=jQblKuMuS0Y
@wickett #ruggeddevops Security’s way forward is to help developers and help operations
@wickett #ruggeddevops Start there
@wickett #ruggeddevops Let’s review Security’s approach thus far
@wickett #ruggeddevops BadIdea #1 Applications can’t be defended—Web App Firewalls Suck! lets do developer training
@wickett #ruggeddevops
@wickett #ruggeddevops
@wickett #ruggeddevops Awareness campaign OWASP Top Ten
@wickett #ruggeddevops We abandoned knowing anything useful about the Runtime
@wickett #ruggeddevops Instead Add Defense based on behaviors
@wickett #ruggeddevops BadIdea #2 Developers can’t figure it out. lets scan for vulnerabilities instead
@wickett #ruggeddevops “here is a 400 page PDF of our findings to prove your developers don't get it!” - The Pen tester
@wickett #ruggeddevops Even with the emphasis on appsec training, in practice we made it a dark art
@wickett #ruggeddevops Integrated rugged testing should sit inside the pipeline
@wickett #ruggeddevops BadIdea #3 With the new alignment to vulnerability scanning, there is a tendency to Fix the Low-Hanging Fruit
@wickett #ruggeddevops
@wickett #ruggeddevops we still don't know who is attacking us
@wickett #ruggeddevops We still don't actually know what they are attacking
@wickett #ruggeddevops Real Threats go Unknown so Developers fix what the automated tooling detected at a certain point in time
@wickett #ruggeddevops Add Application Security Telemetry
@wickett #ruggeddevops badidea #4 Put in tooling that no one outside of security can understand
@wickett #ruggeddevops usually in the name of compliance
@wickett #ruggeddevops “Get a Web App Firewall dude!” - PCI-DSS Req 6.6
@wickett #ruggeddevops
@wickett #ruggeddevops Choose your own adventure…
@wickett #ruggeddevops smallest possible solution you can consider a WAF…
@wickett #ruggeddevops Our CDN added ModSecurity Ruleset Huzzah!
@wickett #ruggeddevops An appliance that blocks all the things
@wickett #ruggeddevops And now you wonder why no one eats lunch with you anymore
@wickett #ruggeddevops “every aspect of managing WAFs is an ongoing process. This is the antithesis of set it and forget it technology. That is the real point of this research. To maximize value from your WAF you need to go in with everyone’s eyes open to the effort required to get and keep the WAF running productively.” - a whitepaper from a WAF vendor
@wickett #ruggeddevops
@wickett #ruggeddevops Ok, Security has to change… How do we add value already?
@wickett #ruggeddevops Two ways!
@wickett #ruggeddevops Add value to Devs Add value to ops
@wickett #ruggeddevops Pray that someone notices
@wickett #ruggeddevops
@wickett #ruggeddevops Pro-Tip #1 Bad-Behavior Driven Development (automate those security tools!)
@wickett #ruggeddevops Start with Adding just one test for XSS on a few pages in your app
@wickett #ruggeddevops
@wickett #ruggeddevops gauntlt is Bad-Behavior Driven Development
@wickett #ruggeddevops GAUNTLT Open source, MIT License Gauntlt comes with pre-canned steps that hook security testing tools Gauntlt does not install tools Gauntlt wants to be part of the CI/CD pipeline Be a good citizen of exit status and stdout/stderr
@wickett #ruggeddevops
@wickett #ruggeddevops
@wickett #ruggeddevops
@wickett #ruggeddevops Be Mean to Your Code
@wickett #ruggeddevops Gauntlt Uses Cucumber and its awesome
@wickett #ruggeddevops
@wickett #ruggeddevops
@wickett #ruggeddevops here’s an XSS attack Example
@wickett #ruggeddevops @slow @final Feature: Look for cross site scripting (xss) using arachni against a URL Scenario: Using arachni, look for cross site scripting and verify no issues are found Given "arachni" is installed And the following profile: | name | value | | url | http://localhost:8008 | When I launch an "arachni" attack with: """ arachni --modules=xss --depth=1 --link-count=10 --auto- redundant=2 <url> """ Then the output should contain "0 issues were detected."
@wickett #ruggeddevops http://theagileadmin.com/2015/06/09/pragmatic-security-and- rugged-devops/
@wickett #ruggeddevops github.com/gauntlt/gauntlt-demo
@wickett #ruggeddevops github.com/gauntlt/gauntlt-starter-kit
@wickett #ruggeddevops leanpub.com/hands-on-gauntlt Hands-on Gauntlt Book
@wickett #ruggeddevops Pro-tip #2 Put security testing in your continuous integration system
@wickett #ruggeddevops
@wickett #ruggeddevops
@wickett #ruggeddevops https://speakerdeck.com/garethr/battle-tested-code-without-the-battle
@wickett #ruggeddevops Pro-Tip #3 Add Application Security telemetry to devs and ops
@wickett #ruggeddevops Convert App Security Logs into metrics in the systems dev and ops use StatsD
@wickett #ruggeddevops RunTime Correlation between biz, ops, dev, sec
@wickett #ruggeddevops SQLi Attempts + HTTP 500’s or login spikes + transaction decrease
@wickett #ruggeddevops Runtime Instrumentation for Application Security
@wickett #ruggeddevops Pro-Tip #4 Get hugs from the auditors and add Hardening and Audit using config management
@wickett #ruggeddevops Open Source Hardening Framework chef/puppet/ansible http://hardening.io/
@wickett #ruggeddevops Run Nightly Audits of your Hardening using Config Management (Chef audit mode) https://www.chef.io/blog/2015/04/09/chef-audit-mode-cis-benchmarks/
@wickett #ruggeddevops OS and Config Management
@wickett #ruggeddevops reverse the trend Add Value to Devs Add Value to Ops
@wickett #ruggeddevops Software development is a constant experiment in knowing Application Security abdicated runtime responsibility and development responsibility through incoherent philosophical approaches and fostering silo-thinking Security now is where Ops was 7 years ago. Ops found a path to change through devops, security can too There are three ways we can add value: at development, at deploy, at runtime Summary
@wickett #ruggeddevops Bad-Behavior Driven Development Weaponizing your CD Pipeline Application Security Telemetry and Monitoring Continuous Hardening and Audit Have a S-BOM! (Software Bill of Materials) Practices

Recommended

How to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityHow to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityJames Wickett
 
Epistemological Problem of Application Security
Epistemological Problem of Application SecurityEpistemological Problem of Application Security
Epistemological Problem of Application SecurityJames Wickett
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015James Wickett
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsJames Wickett
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019James Wickett
 
Serverless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersServerless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersJames Wickett
 
DevSecOps and the New Path Forward
DevSecOps and the New Path ForwardDevSecOps and the New Path Forward
DevSecOps and the New Path ForwardJames Wickett
 

Recommended

How to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityHow to Effect Change in the Epistemological Wasteland of Application Security
How to Effect Change in the Epistemological Wasteland of Application SecurityJames Wickett
 
Epistemological Problem of Application Security
Epistemological Problem of Application SecurityEpistemological Problem of Application Security
Epistemological Problem of Application SecurityJames Wickett
 
Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015Pragmatic Security and Rugged DevOps - SXSW 2015
Pragmatic Security and Rugged DevOps - SXSW 2015James Wickett
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Serverless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsServerless Security: Doing Security in 100 milliseconds
Serverless Security: Doing Security in 100 millisecondsJames Wickett
 
Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019Serverless Security: A How-to Guide @ SnowFROC 2019
Serverless Security: A How-to Guide @ SnowFROC 2019James Wickett
 
Serverless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersServerless Security: A pragmatic primer for builders and defenders
Serverless Security: A pragmatic primer for builders and defendersJames Wickett
 
DevSecOps and the New Path Forward
DevSecOps and the New Path ForwardDevSecOps and the New Path Forward
DevSecOps and the New Path ForwardJames Wickett
 
Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldJames Wickett
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecJames Wickett
 
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSecAppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSecJames Wickett
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS LaneJames Wickett
 
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-NapocaFrom Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napocajerryhargrove
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpJames Wickett
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationJames Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneJames Wickett
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentJames Wickett
 
Security in the Delivery Pipeline - GOTO Amsterdam 2017
Security in the Delivery Pipeline - GOTO Amsterdam 2017Security in the Delivery Pipeline - GOTO Amsterdam 2017
Security in the Delivery Pipeline - GOTO Amsterdam 2017James Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019James Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleJames Wickett
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOpsUchit Vyas ☁
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzJames Wickett
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Erkang Zheng
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsJames Wickett
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldJames Wickett
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?James Wickett
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 

More Related Content

What's hot

Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldJames Wickett
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecJames Wickett
 
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSecAppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSecJames Wickett
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS LaneJames Wickett
 
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-NapocaFrom Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napocajerryhargrove
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOpJames Wickett
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpJames Wickett
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationJames Wickett
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneJames Wickett
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentJames Wickett
 
Security in the Delivery Pipeline - GOTO Amsterdam 2017
Security in the Delivery Pipeline - GOTO Amsterdam 2017Security in the Delivery Pipeline - GOTO Amsterdam 2017
Security in the Delivery Pipeline - GOTO Amsterdam 2017James Wickett
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019James Wickett
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleJames Wickett
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline SecurityJames Wickett
 
Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzJames Wickett
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Erkang Zheng
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsJames Wickett
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldJames Wickett
 

What's hot (20)

Application Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery WorldApplication Security Epistemology in a Continuous Delivery World
Application Security Epistemology in a Continuous Delivery World
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
 
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSecAppSec California 2018: The Path of DevOps Enlightenment for InfoSec
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
 
Security in the FaaS Lane
Security in the FaaS LaneSecurity in the FaaS Lane
Security in the FaaS Lane
 
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-NapocaFrom Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napoca
 
Release Your Inner DevSecOp
Release Your Inner DevSecOpRelease Your Inner DevSecOp
Release Your Inner DevSecOp
 
The Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOpThe Seven Habits of the Highly Effective DevSecOp
The Seven Habits of the Highly Effective DevSecOp
 
LambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless ApplicationLambHack: A Vulnerable Serverless Application
LambHack: A Vulnerable Serverless Application
 
DevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS LaneDevOpsDays Austin: Security in the FaaS Lane
DevOpsDays Austin: Security in the FaaS Lane
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
 
Security in the Delivery Pipeline - GOTO Amsterdam 2017
Security in the Delivery Pipeline - GOTO Amsterdam 2017Security in the Delivery Pipeline - GOTO Amsterdam 2017
Security in the Delivery Pipeline - GOTO Amsterdam 2017
 
The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019The New Ways of DevSecOps - The Secure Dev 2019
The New Ways of DevSecOps - The Secure Dev 2019
 
A DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and PeopleA DevSecOps Tale of Business, Engineering, and People
A DevSecOps Tale of Business, Engineering, and People
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
Pragmatic Pipeline Security
Pragmatic Pipeline SecurityPragmatic Pipeline Security
Pragmatic Pipeline Security
 
Rugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudzRugged DevOps Will help you build ur cloudz
Rugged DevOps Will help you build ur cloudz
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
 
The New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOpsThe New Ways of Chaos, Security, and DevOps
The New Ways of Chaos, Security, and DevOps
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
The Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the WorldThe Security, DevOps, and Chaos Playbook to Change the World
The Security, DevOps, and Chaos Playbook to Change the World
 

Viewers also liked

Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?James Wickett
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
 
Continous Integration of (JS) projects & check-build philosophy
Continous Integration of (JS) projects & check-build philosophyContinous Integration of (JS) projects & check-build philosophy
Continous Integration of (JS) projects & check-build philosophyFrançois-Guillaume Ribreau
 
Pythonista も ls を読むべきか?
Pythonista も ls を読むべきか?Pythonista も ls を読むべきか?
Pythonista も ls を読むべきか?Katsunori FUJIWARA
 
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on DataAppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on DataDenim Group
 
Rugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsRugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsJames Wickett
 
DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015Aaron Weaver
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testingseleniumconf
 
Continuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinkiContinuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinkiStephen de Vries
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And AnalysisLalit Kale
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityStephen de Vries
 
Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architectureiasaglobal
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous IntegrationStephen de Vries
 
Integración contínua con Jenkins
Integración contínua con JenkinsIntegración contínua con Jenkins
Integración contínua con JenkinsCésar Hernández
 
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014Amazon Web Services
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!Matt Tesauro
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleNCC Group
 

Viewers also liked (20)

Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...
 
Continous Integration of (JS) projects & check-build philosophy
Continous Integration of (JS) projects & check-build philosophyContinous Integration of (JS) projects & check-build philosophy
Continous Integration of (JS) projects & check-build philosophy
 
Pythonista も ls を読むべきか?
Pythonista も ls を読むべきか?Pythonista も ls を読むべきか?
Pythonista も ls を読むべきか?
 
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on DataAppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
AppSec Survey 2.0 Fine-Tuning an AppSec Training Program Based on Data
 
Rugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOpsRugged DevOps: Bridging Security and DevOps
Rugged DevOps: Bridging Security and DevOps
 
DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testing
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
 
Continuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinkiContinuous Security Testing in a Devops World #OWASPHelsinki
Continuous Security Testing in a Devops World #OWASPHelsinki
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Threat Modeling And Analysis
Threat Modeling And AnalysisThreat Modeling And Analysis
Threat Modeling And Analysis
 
Continuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-SecurityContinuous and Visible Security Testing with BDD-Security
Continuous and Visible Security Testing with BDD-Security
 
Building Risk Management into Enterprise Architecture
Building Risk Management into Enterprise ArchitectureBuilding Risk Management into Enterprise Architecture
Building Risk Management into Enterprise Architecture
 
Automating security tests for Continuous Integration
Automating security tests for Continuous IntegrationAutomating security tests for Continuous Integration
Automating security tests for Continuous Integration
 
Integración contínua con Jenkins
Integración contínua con JenkinsIntegración contínua con Jenkins
Integración contínua con Jenkins
 
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
 
OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!OWASP WTE - Now in the Cloud!
OWASP WTE - Now in the Cloud!
 
Real World Application Threat Modelling By Example
Real World Application Threat Modelling By ExampleReal World Application Threat Modelling By Example
Real World Application Threat Modelling By Example
 

Similar to New Farming Methods in the Epistemological Wasteland of Application Security

NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsJames Wickett
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseJames Wickett
 
Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful ServerlessLeon Stigter
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentVMware Tanzu
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDiego Gabriel Cardoso
 
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecInnotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecJames Wickett
 
DevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDiego Gabriel Cardoso
 
Microservices the Good Bad and the Ugly
Microservices the Good Bad and the UglyMicroservices the Good Bad and the Ugly
Microservices the Good Bad and the UglyAdrian Cockcroft
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
 
2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03Diego Gabriel Cardoso
 
DevOps in an IoT World - Brighton Web Development - 29-10-20
DevOps in an IoT World - Brighton Web Development - 29-10-20DevOps in an IoT World - Brighton Web Development - 29-10-20
DevOps in an IoT World - Brighton Web Development - 29-10-20Peter Gallagher
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDJames Wickett
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD PipelineJames Wickett
 
Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Ken Owens
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...CA Technologies
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
The future of (Windows) operations #WinOps #DevOps
The future of (Windows) operations #WinOps #DevOpsThe future of (Windows) operations #WinOps #DevOps
The future of (Windows) operations #WinOps #DevOpsDevOpsGroup
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessJames Wickett
 

Similar to New Farming Methods in the Epistemological Wasteland of Application Security (20)

NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOpsNewOps Days 2019: The New Ways of Chaos, Security, and DevOps
NewOps Days 2019: The New Ways of Chaos, Security, and DevOps
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
Thinking Stateful Serverless
Thinking Stateful ServerlessThinking Stateful Serverless
Thinking Stateful Serverless
 
Defense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software DevelopmentDefense-Oriented DevOps for Modern Software Development
Defense-Oriented DevOps for Modern Software Development
 
DevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteiraDevSecOps: Colocando segurança na esteira
DevSecOps: Colocando segurança na esteira
 
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSecInnotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
 
DevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteiraDevSecOps - Colocando segurança na esteira
DevSecOps - Colocando segurança na esteira
 
Microservices the Good Bad and the Ugly
Microservices the Good Bad and the UglyMicroservices the Good Bad and the Ugly
Microservices the Good Bad and the Ugly
 
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD PipelineThe DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
 
2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
 
DevOps in an IoT World - Brighton Web Development - 29-10-20
DevOps in an IoT World - Brighton Web Development - 29-10-20DevOps in an IoT World - Brighton Web Development - 29-10-20
DevOps in an IoT World - Brighton Web Development - 29-10-20
 
The Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CDThe Emergent Cloud Security Toolchain for CI/CD
The Emergent Cloud Security Toolchain for CI/CD
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline DevSecOps and the CI/CD Pipeline
DevSecOps and the CI/CD Pipeline
 
Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!
 
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
 
The future of (Windows) operations #WinOps #DevOps
The future of (Windows) operations #WinOps #DevOpsThe future of (Windows) operations #WinOps #DevOps
The future of (Windows) operations #WinOps #DevOps
 
A Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and BusinessA Tale of Woe, Chaos, and Business
A Tale of Woe, Chaos, and Business
 

More from James Wickett

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREJames Wickett
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREJames Wickett
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldJames Wickett
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018James Wickett
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018James Wickett
 
Serverless Security at LASCON 2017
Serverless Security at LASCON 2017Serverless Security at LASCON 2017
Serverless Security at LASCON 2017James Wickett
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecJames Wickett
 

More from James Wickett (8)

A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
A Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASUREA Way to Think about DevSecOps: MEASURE
A Way to Think about DevSecOps: MEASURE
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOps
 
Adversary Driven Defense in the Real World
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
 
The State of DevSecOps in 2018
The State of DevSecOps in 2018The State of DevSecOps in 2018
The State of DevSecOps in 2018
 
DevSecOps in the Year 2018
DevSecOps in the Year 2018DevSecOps in the Year 2018
DevSecOps in the Year 2018
 
Serverless Security at LASCON 2017
Serverless Security at LASCON 2017Serverless Security at LASCON 2017
Serverless Security at LASCON 2017
 
The Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSecThe Path of DevOps Enlightenment for InfoSec
The Path of DevOps Enlightenment for InfoSec
 

Recently uploaded

VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingShane Coughlan
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...OnePlan Solutions
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecturerahul_net
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Anthony Dahanne
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profileakrivarotava
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 

Recently uploaded (20)

VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024
 
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full RecordingOpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
OpenChain Education Work Group Monthly Meeting - 2024-04-10 - Full Recording
 
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
Revolutionizing the Digital Transformation Office - Leveraging OnePlan’s AI a...
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Understanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM ArchitectureUnderstanding Flamingo - DeepMind's VLM Architecture
Understanding Flamingo - DeepMind's VLM Architecture
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News UpdateVictoriaMetrics Q1 Meet Up '24 - Community & News Update
VictoriaMetrics Q1 Meet Up '24 - Community & News Update
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
 
SoftTeco - Software Development Company Profile
SoftTeco - Software Development Company ProfileSoftTeco - Software Development Company Profile
SoftTeco - Software Development Company Profile
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 

New Farming Methods in the Epistemological Wasteland of Application Security