SlideShare a Scribd company logo

8 Tips for Deploying DevSecOps

Felicia Haggarty, profile picture
Felicia Haggarty

Eight tips are provided for deploying DevSecOps: 1. Embrace automation and prepare security teams for automated integration with DevOps initiatives. 2. Enable security testing tools and processes earlier in the development process. 3. Prioritize automated tools that can quickly triage critical issues to reduce false positives. 4. Start identifying open source components and vulnerabilities in development as a high priority.

Technology
Related topics:
Application Security
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
8 Tips for8 Tips for DeployingDeploying DevSecOpsDevSecOps
#1 Embrace automation ■ Prepare security and risk management teams for automated integration with DevOps initiatives, and identify the primary skills and technology gaps. AUTOMATION IN 2020 IS KEY
■ “Shift left” and make security testing tools and processes available earlier in the development process, ideally as the developers are writing code. PROACTIVE DEVOPS #2 Enable Security Tools Sooner
#3 Auto- triage critical issues first ■ As zero vulnerability applications aren’t possible, favor automated tools with fast turnaround times with a focus on reducing false positives and allowing developers to concentrate on the most critical vulnerabilities first. PRIORITIZE ALERTS
#4 Jump start with 3rd party leaks (OSS & SDKs) ■ Start identifying OSS components and vulnerabilities in development as a high-priority project, as the biggest risk comes from known vulnerabilities and misconfigurations. JUMPSTART DEVSECOPS
#5 APIs and CI/CD integrations is a MUST ■ Invest in “out of the box” integration with common development toolchain vendors and also support full API enablement of their offerings for automation. CONNECT YOUR TOOLS
#6 DevOps orchestration for policy enforcement ■ Require security controls to understand and be capable of applying security policies in container and Kubernetes-based development and deployment environments. AUTOMATED WORKFLOWS
#7 Public cloud scripting drives auto-remediation ■ Experiment with DevSecOps workflows using public cloud infrastructure and programmatic ways that security policies can be integrated into templates, blueprints and recipes to avoid manual security policy configuration. CUT DOWN ON MANUAL TASKS
#8 Continuously auto-scan in pre-production to save your apps in production ■ Favor offerings that can link scanning in development (including containers) to correct configuration and protection at runtime. manual security policy configuration. BE EFFICIENT
Sign up for your DevSecOps Starter kit today.

More Related Content

PPTX
How to Get Started with DevSecOps
CYBRIC
 
PDF
DevSecOps : The Open Source Way by Yusuf Hadiwinata
Hananto Wibowo Soenarto
 
PPTX
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
PDF
Dev secops. Real experience.
Vitaly Balashov
 
PPTX
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
DOCX
10 things to get right for successful dev secops
Mohammed Ahmed
 
PPTX
DevSecOps : an Introduction
Prashanth B. P.
 
How to Get Started with DevSecOps
CYBRIC
 
DevSecOps : The Open Source Way by Yusuf Hadiwinata
Hananto Wibowo Soenarto
 
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Dev secops. Real experience.
Vitaly Balashov
 
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
 
10 things to get right for successful dev secops
Mohammed Ahmed
 
DevSecOps : an Introduction
Prashanth B. P.
 

What's hot (20)

PDF
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
 
PDF
Dos and Don'ts of DevSecOps
Priyanka Aash
 
PPTX
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
PPTX
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
PDF
DevSecOps | DevOps Sec
Rubal Jain
 
PDF
PIACERE - DevSecOps Automated
PIACERE
 
PPTX
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
PPT
Code Quality - Security
sedukull
 
PDF
Barriers to Container Security and How to Overcome Them
WhiteSource
 
PDF
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
 
PPTX
DevSecOps
Cheah Eng Soon
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
PDF
Introduction to DevSecOps
Setu Parimi
 
PDF
Zero to Ninety in Securing DevOps
DevSecOps Days
 
PDF
DevSecOps and the CI/CD Pipeline
James Wickett
 
PDF
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
PDF
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 
PDF
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
PPTX
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
PDF
DevSecOps - The big picture
DevSecOpsSg
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
 
Dos and Don'ts of DevSecOps
Priyanka Aash
 
ABN AMRO DevSecOps Journey
Derek E. Weeks
 
Implementing an Application Security Pipeline in Jenkins
Suman Sourav
 
DevSecOps | DevOps Sec
Rubal Jain
 
PIACERE - DevSecOps Automated
PIACERE
 
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
 
Code Quality - Security
sedukull
 
Barriers to Container Security and How to Overcome Them
WhiteSource
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
 
DevSecOps
Cheah Eng Soon
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Introduction to DevSecOps
Setu Parimi
 
Zero to Ninety in Securing DevOps
DevSecOps Days
 
DevSecOps and the CI/CD Pipeline
James Wickett
 
Practical DevSecOps Course - Part 1
Mohammed A. Imran
 
DevSecOps: Minimizing Risk, Improving Security
Franklin Mosley
 
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Denim Group
 
DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource
DevOps Indonesia
 
DevSecOps - The big picture
DevSecOpsSg
 
Ad

Similar to 8 Tips for Deploying DevSecOps (20)

PPTX
DevSecOps: Integrating Security Into Your SDLC
Dev Software
 
PDF
_Best practices towards a well-polished DevSecOps environment (1).pdf
Enov8
 
PDF
DevOps and Devsecops- Everything you need to know.
Techugo
 
PDF
Security's DevOps Transformation
Michele Chubirka
 
PDF
DevOps and Devsecops- What are the Differences.
Techugo
 
PDF
DevOps and Devsecops.pdf
Techugo
 
PDF
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
PDF
10 Tips to Keep Your Software a Step Ahead of the Hackers
Checkmarx
 
PDF
Collaborative security : Securing open source software
Priyanka Aash
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PDF
Application Security Services | ProCern Technology
ProCern
 
PPTX
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24
 
PDF
DevOps and Devsecops What are the Differences.pdf
Techugo
 
PPTX
Navigating agile automotive software development
Rogue Wave Software
 
PPTX
DevSecOps: Integrating Security Into DevOps! {Business Security}
Algoworks Inc
 
PDF
Top 5 best practice for delivering secure in-vehicle software
Rogue Wave Software
 
PPTX
DevSecOps Powerpoint Presentation for Students
poonawala2303
 
PPTX
Create code confidence for better application security
Rogue Wave Software
 
PDF
AppSec How-To: Achieving Security in DevOps
Checkmarx
 
PDF
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Perforce
 
DevSecOps: Integrating Security Into Your SDLC
Dev Software
 
_Best practices towards a well-polished DevSecOps environment (1).pdf
Enov8
 
DevOps and Devsecops- Everything you need to know.
Techugo
 
Security's DevOps Transformation
Michele Chubirka
 
DevOps and Devsecops- What are the Differences.
Techugo
 
DevOps and Devsecops.pdf
Techugo
 
Pentest is yesterday, DevSecOps is tomorrow
Amien Harisen Rosyandino
 
10 Tips to Keep Your Software a Step Ahead of the Hackers
Checkmarx
 
Collaborative security : Securing open source software
Priyanka Aash
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Application Security Services | ProCern Technology
ProCern
 
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24
 
DevOps and Devsecops What are the Differences.pdf
Techugo
 
Navigating agile automotive software development
Rogue Wave Software
 
DevSecOps: Integrating Security Into DevOps! {Business Security}
Algoworks Inc
 
Top 5 best practice for delivering secure in-vehicle software
Rogue Wave Software
 
DevSecOps Powerpoint Presentation for Students
poonawala2303
 
Create code confidence for better application security
Rogue Wave Software
 
AppSec How-To: Achieving Security in DevOps
Checkmarx
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Perforce
 
Ad

More from Felicia Haggarty (8)

PDF
Yarn presentation - DFW CUG - December 2015
Felicia Haggarty
 
PDF
Building a system for machine and event-oriented data - SF HUG Nov 2015
Felicia Haggarty
 
PDF
Kudu austin oct 2015.pptx
Felicia Haggarty
 
PPTX
IoT Austin CUG talk
Felicia Haggarty
 
PPTX
SFHUG Kudu Talk
Felicia Haggarty
 
PDF
Impala tech-talk by Dimitris Tsirogiannis
Felicia Haggarty
 
PDF
Data revolution by Doug Cutting
Felicia Haggarty
 
PDF
Whither the Hadoop Developer Experience, June Hadoop Meetup, Nitin Motgi
Felicia Haggarty
 
Yarn presentation - DFW CUG - December 2015
Felicia Haggarty
 
Building a system for machine and event-oriented data - SF HUG Nov 2015
Felicia Haggarty
 
Kudu austin oct 2015.pptx
Felicia Haggarty
 
IoT Austin CUG talk
Felicia Haggarty
 
SFHUG Kudu Talk
Felicia Haggarty
 
Impala tech-talk by Dimitris Tsirogiannis
Felicia Haggarty
 
Data revolution by Doug Cutting
Felicia Haggarty
 
Whither the Hadoop Developer Experience, June Hadoop Meetup, Nitin Motgi
Felicia Haggarty
 

Recently uploaded (20)

PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Teaching material agriculture food technology
LiaRayya
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 

8 Tips for Deploying DevSecOps

  • 1. 8 Tips for8 Tips for DeployingDeploying DevSecOpsDevSecOps
  • 2. #1 Embrace automation ■ Prepare security and risk management teams for automated integration with DevOps initiatives, and identify the primary skills and technology gaps. AUTOMATION IN 2020 IS KEY
  • 3. ■ “Shift left” and make security testing tools and processes available earlier in the development process, ideally as the developers are writing code. PROACTIVE DEVOPS #2 Enable Security Tools Sooner
  • 4. #3 Auto- triage critical issues first ■ As zero vulnerability applications aren’t possible, favor automated tools with fast turnaround times with a focus on reducing false positives and allowing developers to concentrate on the most critical vulnerabilities first. PRIORITIZE ALERTS
  • 5. #4 Jump start with 3rd party leaks (OSS & SDKs) ■ Start identifying OSS components and vulnerabilities in development as a high-priority project, as the biggest risk comes from known vulnerabilities and misconfigurations. JUMPSTART DEVSECOPS
  • 6. #5 APIs and CI/CD integrations is a MUST ■ Invest in “out of the box” integration with common development toolchain vendors and also support full API enablement of their offerings for automation. CONNECT YOUR TOOLS
  • 7. #6 DevOps orchestration for policy enforcement ■ Require security controls to understand and be capable of applying security policies in container and Kubernetes-based development and deployment environments. AUTOMATED WORKFLOWS
  • 8. #7 Public cloud scripting drives auto-remediation ■ Experiment with DevSecOps workflows using public cloud infrastructure and programmatic ways that security policies can be integrated into templates, blueprints and recipes to avoid manual security policy configuration. CUT DOWN ON MANUAL TASKS
  • 9. #8 Continuously auto-scan in pre-production to save your apps in production ■ Favor offerings that can link scanning in development (including containers) to correct configuration and protection at runtime. manual security policy configuration. BE EFFICIENT
  • 10. Sign up for your DevSecOps Starter kit today.