DevOps and IT security
- 1. DEVOPS = CI + CD + Continuous Security
- 2. H OW CAN I P USH T H E COD E I N T O P R OD AS EAR LY BY T H I S WEEK EN D M OR E N EW 10 FEAT UR ES T O BE R ELEASED WI T H I N T H E CH R I STM AS H OLI D AY S ! SH ALL I GO FOR P ER FOR M AN CE T EST I NG BEFOR E R ELEASI N G T H E COD E D O I R EALLY N EED R ELEASE AN D BUI LD M AN AGER T O AD D COST I N T O M Y T EAM I N EED T H E AP P LI CAT I ON BUI LD T O BE AUT OM AT I C..GR R R !! I H AD COM M I T TED T H E COD E AGES BACK ! WH ER E I S T H E BUI LD GUY M I SSI N G ? ? 20 15 15 20 25 5 DEVELOPER OH M Y GOD ! H E H AS AGAI N COM E BACK FOR SY ST EM ACCESS HOW DO I ASCER T AI N T HAT T HE COD E I S N OT FUN CT I ONIN G D UE … I N EED T O P AT CH T H E LI N UX SER VER S WI T H T H E BASH VULN ER ABI LI TY … SECUR I TY M EETI NGS ! H OW CAN I H AN D LE SO M AN Y T H I N GS AT ON E … LOG M AN AGEM EN T AN D P ASSWOR D M AN AGEM EN T N EED S I M POR TAN CE I WAN T T O WR I T E R ECI P ES AN D P LAY BOOK S AN D WAN T T O M AK E … 20 10 25 10 20 15 OPERATIONS
- 3. Security Absorption in DevOps GITHUB Nexus Jenkins TEST ELK SECURITY PenTest the underlying Operating system AppScan using OWASP ZAP scanning Monitor and block on weblayer. Use strict baselining standards23% 49% 78%
- 4. DEVOPS Continuous Development Business requirements Continuous Security Continuous Integration & Deployment What should be automated What should help ITIL process What should bring Agility What will bring affordability to business How to bring resiliency Which is the way to say No dependencies
- 5. OLD school Advanced Continuous Integration -Jenkins , CircleCI , Travis CI,Bamboo Continuous Deployment -Chef , puppet , Ansible Continuous Monitoring - Splunk , ELK , Nagios Continuous Security - OWASP ZAP,McAfee,Trend Micro