SlideShare a Scribd company logo

August 2018: DevSecOps - London Gathering

M
Michael Man

The document outlines a presentation by Geoffrey Hill on integrating rapid prototyping into threat modeling within the DevSecOps framework, detailing the evolution and events of the DevSecOps London gathering starting in September 2017. It highlights past presentations, current and future sessions, and emphasizes the importance of collaboration across teams to optimize delivery and maintain security. The document also includes information about discounted conference tickets and a reminder for participants to engage with one another.

Technology
1 of 12
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
DevSecOps – London Gathering 4th July 2018
TONIGHT’S PRESENTATION “Bringing Rapid Prototyping To The Threat Model Process” Geoffrey Hill @Tutamantic_Sec geoff@tutamantic.com
WAYS TO STAY IN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/groups/8630205
THE JOURNEY SO FAR … 1 • September 2017 • DevSecOps Engineer http://slides.com/chossrutter/securing#/17 • Project Management Experience: Security in Agile https://www.slideshare.net/MichaelMan11/project-management-experience-security-in-agile-1309 • October 2017 • Practical Threat Modelling http://slides.com/chossrutter/securing-6 • Threat Modelling Automation http://slides.com/mattjoyce/automatetm#/ • December 2017 • Security Automation in DevOps https://www.slideshare.net/MichaelMan11/dev-secops-testautomation https://www.slideshare.net/MichaelMan11/dynaminet-devsecops
THE JOURNEY SO FAR … 2 • February 2018 • DevSecOps: The Evolution of DevOps https://www.slideshare.net/MichaelMan11/devsecops-the-evolution-of-devops • March 2018 • The mechanics behind how attackers exploit simple programming mistakes https://www.slideshare.net/MichaelMan11/the-mechanics-behind-how-attackers-exploit-simple- programming-mistakes • April 2018 Secret Dragons – Harder To Execute • https://www.slideshare.net/MichaelMan11/vulnerability-management-in-devsecops-easy- concept-but-harder-to-execute • https://www.slideshare.net/MichaelMan11/secret-management-journey-here-be-dragons-aka- secret-dragons
THE JOURNEY SO FAR … 3 • May 2018 • Continuous Security: From tins to containers - now what! https://www.slideshare.net/MichaelMan11/continuous-security-from-tins-to-containers-now-what • June 2018 • The Bastion Server That Isn't There ... https://www.slideshare.net/MichaelMan11/the-bastion-server-that-isnt-there-joshua-kite • July 2018 • Scale Security For A Dollar Or Less https://www.slideshare.net/secfigo/scale-security-for-a-dollar-or-less/ • Threat Modelling: The Ultimate DevSecOps https://speakerdeck.com/zeroxten/threat-modeling-the-ultimate-devsecops • Practical Steps For Securing Containers https://www.slideshare.net/MichaelMan11/practical-steps-for-securing-containers-liz-rice
WHAT’S HAPPENING IN SEPTEMBER 1200 – Doors Open: Location CONFIRMED Session 1 1230 - Culture, People and Workflow CONFIRMED 1330 - Real life experience implementing SAST – MM J CONFIRMED 1430 - Refreshments & Network Session 2 1500 - Repeat A Past Presentation CONFIRMED 1600 – Supporters of this community (30min each) CONFIRMED Session 3 1730 - Food & Network 1800 - DevSecOps Maturity 1 CONFIRMED 1845 - DevSecOps Maturity 2 1930 - DevSecOps Maturity 3 CLOSING 2015 - Network 2100 - Crash the other conference J
DISCOUNTS: CONFERENCES 20% Off Discount Code: PCDSOL20
DevSecOps – People & Culture • Break down the silo; no change here, just like the original DevOps movement • Not aware of what is going on – likely you are not part of the “DevSecOps” team; leave your ivory tower and build relationships • Conduct a Value Stream Mapping exercise to optimize your delivery (rinse and repeat) • Drill down and sketch out the details of each workflow before solutionising • Try new checks/controls as part of the pipeline
IDE Static Code Analysis SCM Dynamic Analysis Open Source Software Security Security Testing Framework Binary Repository Define Security Test Cases Threat Modeling Security Standards Automation Tools: Passing Criteria Risk Management Out of Band Security Testing Security Champions DevSecOps Engineer Security Audit Artifacts CI Build Server DevSecOps – Tooling & Assurance Examples (Shift Left) curl nmap sslyze sqlmap Interactive Testing Reporting Dashboard Infrastructure Assurance Threat Modeling
Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Legend Black Box: Development Stack Blue Box: Automation - Integration Red Box: Security Tools and Controls Infrastructure Scanning
REMINDER – I KEEP FORGETTING • Are you a Developer • Are you from Security • Are you from Operations • Other roles • First time here at The Gathering • Take a group picture • What other prizes or stuff would you like

More Related Content

PDF
A Secure DevOps Journey
Sonatype
 
PDF
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Tasktop
 
PDF
DevSecOps - The big picture
DevSecOpsSg
 
PPTX
Be a User first; then a Tester
YOGESH KHAIRNAR, CTFL, CSM, SFC, CP-MAT, TKP
 
PPTX
ATAGTR2017 Security Test Driven Development (STDD)
Agile Testing Alliance
 
PDF
Ast in CI/CD by Ofer Maor
DevSecCon
 
PDF
Dev secops. Real experience.
Vitaly Balashov
 
PDF
NodeJS security - still unsafe at most speeds - v1.0
Dinis Cruz
 
A Secure DevOps Journey
Sonatype
 
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Tasktop
 
DevSecOps - The big picture
DevSecOpsSg
 
Be a User first; then a Tester
YOGESH KHAIRNAR, CTFL, CSM, SFC, CP-MAT, TKP
 
ATAGTR2017 Security Test Driven Development (STDD)
Agile Testing Alliance
 
Ast in CI/CD by Ofer Maor
DevSecCon
 
Dev secops. Real experience.
Vitaly Balashov
 
NodeJS security - still unsafe at most speeds - v1.0
Dinis Cruz
 

What's hot (20)

PPTX
ATAGTR2017 Test the REST
Agile Testing Alliance
 
PPTX
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
 
PDF
Design Microservice Architectures the Right Way
Michael Bryzek
 
PDF
Integrating DevOps and Security
Stijn Muylle
 
PPTX
ATAGTR2017 Performance Automation in Dev-Ops
Agile Testing Alliance
 
PDF
NYC Continuous Delivery Meetup - Introducing delta
Michael Bryzek
 
PDF
Production - Designing for Testability
Michael Bryzek
 
PDF
Security in a Continuous Delivery World
Dinis Cruz
 
PPTX
SecDevOps: The New Black of IT
CloudPassage
 
PPT
Sri monthly presentation 2015
Akash Rajguru
 
PPT
Sri monthly presentation 2016
Akash Rajguru
 
PPTX
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps_Fest
 
PPTX
DevSecOps
Cheah Eng Soon
 
PDF
You build it - Cyber Chicago Keynote
John Willis
 
PPTX
ATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
Agile Testing Alliance
 
PPTX
Automated Testing in Continuous Change Management
Perforce
 
PPTX
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
 
PDF
Embracing the Rise of SecDevOps
Tom Cappetta
 
PDF
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
Gina Bustos
 
PPTX
DevOps and All the Continuouses w/ Helen Beal
Sonatype
 
ATAGTR2017 Test the REST
Agile Testing Alliance
 
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
 
Design Microservice Architectures the Right Way
Michael Bryzek
 
Integrating DevOps and Security
Stijn Muylle
 
ATAGTR2017 Performance Automation in Dev-Ops
Agile Testing Alliance
 
NYC Continuous Delivery Meetup - Introducing delta
Michael Bryzek
 
Production - Designing for Testability
Michael Bryzek
 
Security in a Continuous Delivery World
Dinis Cruz
 
SecDevOps: The New Black of IT
CloudPassage
 
Sri monthly presentation 2015
Akash Rajguru
 
Sri monthly presentation 2016
Akash Rajguru
 
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CD
DevOps_Fest
 
DevSecOps
Cheah Eng Soon
 
You build it - Cyber Chicago Keynote
John Willis
 
ATAGTR2017 Machine Learning telepathy for Shift Right approach of testing
Agile Testing Alliance
 
Automated Testing in Continuous Change Management
Perforce
 
DevOps Friendly Doc Publishing for APIs & Microservices
Sonatype
 
Embracing the Rise of SecDevOps
Tom Cappetta
 
Git in the Enterprise: How to succeed at DevOps using Git and a monorepo
Gina Bustos
 
DevOps and All the Continuouses w/ Helen Beal
Sonatype
 
Ad

Similar to August 2018: DevSecOps - London Gathering (20)

PPTX
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
PDF
SecDevOps Risk Workflow - v0.6
Dinis Cruz
 
PDF
DevSecOps - Background, Status and Future Challenges
dsc71656
 
PPTX
Dev{sec}ops
Steven Carlson
 
PPTX
Cross Platform Angular 2 and TypeScript Development
Jeremy Likness
 
PPTX
DevSecOps Story with added security controls
HareeshNani5
 
PDF
DevSecOps - The big picture
Stefan Streichsbier
 
PPTX
Security for developers
Abdelrhman Shawky
 
PDF
Threat Modelling in DevSecOps Cultures
DevOps Indonesia
 
PPTX
Threat Modeling All Day!
Steven Carlson
 
PDF
Weaponizing Your DevOps Pipeline
Puma Security, LLC
 
PDF
Devops security-An Insight into Secure-SDLC
Suman Sourav
 
PPTX
Alexey Sintsov- SDLC - try me to implement
DefconRussia
 
PDF
Scale security for a dollar or less
Mohammed A. Imran
 
PDF
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
PDF
Modern Web 2019 從零開始加入自動化資安測試
Secview
 
PPTX
DevSecOps - London Gathering : June 2018
Michael Man
 
PDF
Scaling security in a cloud environment v0.5 (Sep 2017)
Dinis Cruz
 
PDF
AI-assisted development: how to build and ship with confidence
Maxim Salnikov
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
SecDevOps Risk Workflow - v0.6
Dinis Cruz
 
DevSecOps - Background, Status and Future Challenges
dsc71656
 
Dev{sec}ops
Steven Carlson
 
Cross Platform Angular 2 and TypeScript Development
Jeremy Likness
 
DevSecOps Story with added security controls
HareeshNani5
 
DevSecOps - The big picture
Stefan Streichsbier
 
Security for developers
Abdelrhman Shawky
 
Threat Modelling in DevSecOps Cultures
DevOps Indonesia
 
Threat Modeling All Day!
Steven Carlson
 
Weaponizing Your DevOps Pipeline
Puma Security, LLC
 
Devops security-An Insight into Secure-SDLC
Suman Sourav
 
Alexey Sintsov- SDLC - try me to implement
DefconRussia
 
Scale security for a dollar or less
Mohammed A. Imran
 
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
Modern Web 2019 從零開始加入自動化資安測試
Secview
 
DevSecOps - London Gathering : June 2018
Michael Man
 
Scaling security in a cloud environment v0.5 (Sep 2017)
Dinis Cruz
 
AI-assisted development: how to build and ship with confidence
Maxim Salnikov
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Ad

More from Michael Man (20)

PPTX
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
PDF
K8S Certifications - Exam Cram
Michael Man
 
PDF
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
PDF
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
PPTX
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
PPTX
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 
PPTX
DevSecOps Manchester - May 2019
Michael Man
 
PDF
Chris Rutter: Avoiding The Security Brick
Michael Man
 
PPTX
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
PDF
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
PDF
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
PDF
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
PDF
Continuous Security: From tins to containers - now what!
Michael Man
 
PDF
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
PDF
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
PPTX
DevSecOps March 2018 - Extract
Michael Man
 
PDF
DevSecOps The Evolution of DevOps
Michael Man
 
PDF
Dynaminet -DevSecOps
Michael Man
 
PPTX
DevSecOps: Test Automation
Michael Man
 
PPTX
Project management experience security in agile 1309
Michael Man
 
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
K8S Certifications - Exam Cram
Michael Man
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 
DevSecOps Manchester - May 2019
Michael Man
 
Chris Rutter: Avoiding The Security Brick
Michael Man
 
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
Continuous Security: From tins to containers - now what!
Michael Man
 
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
DevSecOps March 2018 - Extract
Michael Man
 
DevSecOps The Evolution of DevOps
Michael Man
 
Dynaminet -DevSecOps
Michael Man
 
DevSecOps: Test Automation
Michael Man
 
Project management experience security in agile 1309
Michael Man
 

Recently uploaded (20)

PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPT
Teaching material agriculture food technology
LiaRayya
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Teaching material agriculture food technology
LiaRayya
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 

August 2018: DevSecOps - London Gathering

  • 1. DevSecOps – London Gathering 4th July 2018
  • 2. TONIGHT’S PRESENTATION “Bringing Rapid Prototyping To The Threat Model Process” Geoffrey Hill @Tutamantic_Sec geoff@tutamantic.com
  • 3. WAYS TO STAY IN TOUCH https://www.meetup.com/DevSecOps-London-Gathering https://twitter.com/DevSecOps_LG https://www.linkedin.com/groups/8630205
  • 4. THE JOURNEY SO FAR … 1 • September 2017 • DevSecOps Engineer http://slides.com/chossrutter/securing#/17 • Project Management Experience: Security in Agile https://www.slideshare.net/MichaelMan11/project-management-experience-security-in-agile-1309 • October 2017 • Practical Threat Modelling http://slides.com/chossrutter/securing-6 • Threat Modelling Automation http://slides.com/mattjoyce/automatetm#/ • December 2017 • Security Automation in DevOps https://www.slideshare.net/MichaelMan11/dev-secops-testautomation https://www.slideshare.net/MichaelMan11/dynaminet-devsecops
  • 5. THE JOURNEY SO FAR … 2 • February 2018 • DevSecOps: The Evolution of DevOps https://www.slideshare.net/MichaelMan11/devsecops-the-evolution-of-devops • March 2018 • The mechanics behind how attackers exploit simple programming mistakes https://www.slideshare.net/MichaelMan11/the-mechanics-behind-how-attackers-exploit-simple- programming-mistakes • April 2018 Secret Dragons – Harder To Execute • https://www.slideshare.net/MichaelMan11/vulnerability-management-in-devsecops-easy- concept-but-harder-to-execute • https://www.slideshare.net/MichaelMan11/secret-management-journey-here-be-dragons-aka- secret-dragons
  • 6. THE JOURNEY SO FAR … 3 • May 2018 • Continuous Security: From tins to containers - now what! https://www.slideshare.net/MichaelMan11/continuous-security-from-tins-to-containers-now-what • June 2018 • The Bastion Server That Isn't There ... https://www.slideshare.net/MichaelMan11/the-bastion-server-that-isnt-there-joshua-kite • July 2018 • Scale Security For A Dollar Or Less https://www.slideshare.net/secfigo/scale-security-for-a-dollar-or-less/ • Threat Modelling: The Ultimate DevSecOps https://speakerdeck.com/zeroxten/threat-modeling-the-ultimate-devsecops • Practical Steps For Securing Containers https://www.slideshare.net/MichaelMan11/practical-steps-for-securing-containers-liz-rice
  • 7. WHAT’S HAPPENING IN SEPTEMBER 1200 – Doors Open: Location CONFIRMED Session 1 1230 - Culture, People and Workflow CONFIRMED 1330 - Real life experience implementing SAST – MM J CONFIRMED 1430 - Refreshments & Network Session 2 1500 - Repeat A Past Presentation CONFIRMED 1600 – Supporters of this community (30min each) CONFIRMED Session 3 1730 - Food & Network 1800 - DevSecOps Maturity 1 CONFIRMED 1845 - DevSecOps Maturity 2 1930 - DevSecOps Maturity 3 CLOSING 2015 - Network 2100 - Crash the other conference J
  • 9. DevSecOps – People & Culture • Break down the silo; no change here, just like the original DevOps movement • Not aware of what is going on – likely you are not part of the “DevSecOps” team; leave your ivory tower and build relationships • Conduct a Value Stream Mapping exercise to optimize your delivery (rinse and repeat) • Drill down and sketch out the details of each workflow before solutionising • Try new checks/controls as part of the pipeline
  • 10. IDE Static Code Analysis SCM Dynamic Analysis Open Source Software Security Security Testing Framework Binary Repository Define Security Test Cases Threat Modeling Security Standards Automation Tools: Passing Criteria Risk Management Out of Band Security Testing Security Champions DevSecOps Engineer Security Audit Artifacts CI Build Server DevSecOps – Tooling & Assurance Examples (Shift Left) curl nmap sslyze sqlmap Interactive Testing Reporting Dashboard Infrastructure Assurance Threat Modeling
  • 11. Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Legend Black Box: Development Stack Blue Box: Automation - Integration Red Box: Security Tools and Controls Infrastructure Scanning
  • 12. REMINDER – I KEEP FORGETTING • Are you a Developer • Are you from Security • Are you from Operations • Other roles • First time here at The Gathering • Take a group picture • What other prizes or stuff would you like