SlideShare a Scribd company logo

DevOps and Application Security

Shahee Mirza, profile picture
Shahee Mirza

1. The document discusses introducing DevOpsSec which integrates security into the DevOps process. 2. It recommends making a plan for security, educating the entire team on security, and automating security testing and analysis within the continuous deployment pipeline. 3. The goal is to implement security earlier in the development process rather than as a last step, and establish a security-focused culture and team.

Technology
Related topics:
Information Security
1 of 24
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
DevOps and Application Security Shahee Mirza Co-Founder : BEETLES Twitter: @shaheemirza
DevOps?
But Where is the Security?
TRADITIONAL
QA and OPS: Devs:
Security is last task? • Security Testing • Firewall Configuration • Source Code Analysis
Security Testing, Firewall configuration and Code analysis – Takes time
But, the investor has no time
So, What have we got:
But, What we planned :
… is that end of everything?
Required: Security in DevOps
Welcome to DevOpsSec !!
But, How will I introduce DevOpsSec to my team?
Module 1: Make a plan for Security
Module 2: Connect entire Team
Module 3: Make a culture of Self- Learning about Security for Devs + QA.
Module 4: Automate everything.
Develop Code Commit Source Control Build Trigger Tests Deploy to ProductionDeploy to Test Env Report & Notify Publish to release repository Automatic security test SCA Test Security within Continuous Deployment
Module 5: Build a Security Team
Now, you have…
Summary
1. Make a plan for security 2. Educate your team 3. Integrate security into automatic build process.
Thank you

More Related Content

PPSX
Web application security
Akhil Raj
 
PPTX
Web Application Security 101
Jannis Kirschner
 
PPTX
Bug Bounty 101
Shahee Mirza
 
PPT
Introduction To OWASP
Marco Morana
 
PDF
Android Security
Lars Jacobs
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
PPTX
Threat modelling with_sample_application
Umut IŞIK
 
PPT
Application Security
Reggie Niccolo Santos
 
Web application security
Akhil Raj
 
Web Application Security 101
Jannis Kirschner
 
Bug Bounty 101
Shahee Mirza
 
Introduction To OWASP
Marco Morana
 
Android Security
Lars Jacobs
 
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Threat modelling with_sample_application
Umut IŞIK
 
Application Security
Reggie Niccolo Santos
 

What's hot (20)

PDF
Malware and security
Gurbakash Phonsa
 
PDF
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
PDF
Securisation des web services soap contre les attaques par injection
Zakaria SMAHI
 
PPTX
Web Application Security Vulnerability Management Framework
jpubal
 
PPTX
Cross Site Request Forgery (CSRF) Scripting Explained
Valency Networks
 
PDF
The Joy of Proactive Security
Andy Hoernecke
 
PDF
Mobile Application Security
cclark_isec
 
PDF
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
PPTX
Penetration testing reporting and methodology
Rashad Aliyev
 
PDF
Bug Bounty - Hackers Job
Arbin Godar
 
PDF
Malware classification and detection
Chong-Kuan Chen
 
PDF
Secure coding presentation Oct 3 2020
Moataz Kamel
 
PPTX
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
PPTX
System security
sommerville-videos
 
PDF
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
PPTX
OWASP Top 10 2021 What's New
Michael Furman
 
PDF
React Server Side Rendering with Next.js
Jamie Barton 👨🏻‍💻
 
PDF
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
PPT
Bypass file upload restrictions
Mukesh k.r
 
Malware and security
Gurbakash Phonsa
 
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Securisation des web services soap contre les attaques par injection
Zakaria SMAHI
 
Web Application Security Vulnerability Management Framework
jpubal
 
Cross Site Request Forgery (CSRF) Scripting Explained
Valency Networks
 
The Joy of Proactive Security
Andy Hoernecke
 
Mobile Application Security
cclark_isec
 
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Penetration testing reporting and methodology
Rashad Aliyev
 
Bug Bounty - Hackers Job
Arbin Godar
 
Malware classification and detection
Chong-Kuan Chen
 
Secure coding presentation Oct 3 2020
Moataz Kamel
 
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
 
System security
sommerville-videos
 
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
OWASP Top 10 2021 What's New
Michael Furman
 
React Server Side Rendering with Next.js
Jamie Barton 👨🏻‍💻
 
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Vulnerabilities in modern web applications
Niyas Nazar
 
Bypass file upload restrictions
Mukesh k.r
 
Ad

Viewers also liked (20)

PPTX
Responsible Disclosure Program: Why and How
Shahee Mirza
 
PDF
A simple model of consumer behavior
Md. Samid Razzak
 
PDF
Bug bounty programs
Dan Vasile
 
PDF
5 Tips to Successfully Running a Bug Bounty Program
bugcrowd
 
PDF
Icebreaking how to break the ice and give an awesome presentation
Imtiaz alam
 
PDF
Case solving Tips shown in Brandwitz'15 RoadShow
Akib Hasan Srabon
 
PPTX
Sending a for ahuh. win32 exploit development old school
Nahidul Kibria
 
PPTX
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
Abhijeth D
 
PDF
A designer resume
Md. Samid Razzak
 
PPTX
Bug Bounty for - Beginners
Himanshu Kumar Das
 
PDF
Brandwitz'14 biggest branding competition of the country
Ayman Sadiq
 
PDF
10 Mind blowing facts about Greece's Economy
Md. Samid Razzak
 
PDF
10 Life Lessons by Bill Gates
Md. Samid Razzak
 
PDF
Brandwitz'15 Semi Finals-Team 360 degree
Azizul Hasan
 
PDF
Team Dexters-Socio Camp Slides
Md. Samid Razzak
 
PPTX
My Little Webap - DevOpsSec is Magic
Apollo Clark
 
PDF
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
 
PDF
Devops security
Logicaltrust pl
 
PDF
The Retail Enterprise - And the rise of the omni-present consumer Part 2
Zensar Technologies Ltd.
 
PDF
Devops/Sysops security
Logicaltrust pl
 
Responsible Disclosure Program: Why and How
Shahee Mirza
 
A simple model of consumer behavior
Md. Samid Razzak
 
Bug bounty programs
Dan Vasile
 
5 Tips to Successfully Running a Bug Bounty Program
bugcrowd
 
Icebreaking how to break the ice and give an awesome presentation
Imtiaz alam
 
Case solving Tips shown in Brandwitz'15 RoadShow
Akib Hasan Srabon
 
Sending a for ahuh. win32 exploit development old school
Nahidul Kibria
 
How to do well in Bug bounty programs. Presentation at @nullhyd by Abhijeth
Abhijeth D
 
A designer resume
Md. Samid Razzak
 
Bug Bounty for - Beginners
Himanshu Kumar Das
 
Brandwitz'14 biggest branding competition of the country
Ayman Sadiq
 
10 Mind blowing facts about Greece's Economy
Md. Samid Razzak
 
10 Life Lessons by Bill Gates
Md. Samid Razzak
 
Brandwitz'15 Semi Finals-Team 360 degree
Azizul Hasan
 
Team Dexters-Socio Camp Slides
Md. Samid Razzak
 
My Little Webap - DevOpsSec is Magic
Apollo Clark
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
Sonatype
 
Devops security
Logicaltrust pl
 
The Retail Enterprise - And the rise of the omni-present consumer Part 2
Zensar Technologies Ltd.
 
Devops/Sysops security
Logicaltrust pl
 
Ad

Similar to DevOps and Application Security (20)

PDF
Scale security for a dollar or less
Mohammed A. Imran
 
PDF
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
PDF
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
PPTX
DevSecOps presentation explaining what is devsecops
amalsalah25
 
PPTX
What is devsecops and how it works and best practices
amalsalah25
 
PPTX
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
Introduction to DevSecOps OWASP Ahmedabad
kunwaratul hax0r
 
PDF
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
PPTX
Time To Get Your DevOps E-Degree Now !!
John Alex
 
PDF
DevSecOps - The big picture
Stefan Streichsbier
 
PDF
DevSecOps - The big picture
DevSecOpsSg
 
PPTX
Devops Engineer E-Degree In Just 3 Months
John Alex
 
PDF
DevSecOps - Background, Status and Future Challenges
dsc71656
 
PDF
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Edureka!
 
PDF
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Wouter Bloeyaert
 
PDF
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
PDF
SecDevOps Risk Workflow - v0.6
Dinis Cruz
 
PPTX
DevOps to DevSecOps Journey..
Siddharth Joshi
 
PPTX
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24
 
PDF
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
Duran Hsieh
 
Scale security for a dollar or less
Mohammed A. Imran
 
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
 
Strengthen and Scale Security for a dollar or less
Mohammed A. Imran
 
DevSecOps presentation explaining what is devsecops
amalsalah25
 
What is devsecops and how it works and best practices
amalsalah25
 
The Unlikely Couple, DevOps and Security. Can it work?
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Introduction to DevSecOps OWASP Ahmedabad
kunwaratul hax0r
 
DevSecOps Basics with Azure Pipelines
Abdul_Mujeeb
 
Time To Get Your DevOps E-Degree Now !!
John Alex
 
DevSecOps - The big picture
Stefan Streichsbier
 
DevSecOps - The big picture
DevSecOpsSg
 
Devops Engineer E-Degree In Just 3 Months
John Alex
 
DevSecOps - Background, Status and Future Challenges
dsc71656
 
Introduction to DevOps Tools | DevOps Training | DevOps Tutorial for Beginner...
Edureka!
 
JSCONF 2018 - Baking security into DevOps - a tale of hunting down bugs befor...
Wouter Bloeyaert
 
Outpost24 webinar: Turning DevOps and security into DevSecOps
Outpost24
 
SecDevOps Risk Workflow - v0.6
Dinis Cruz
 
DevOps to DevSecOps Journey..
Siddharth Joshi
 
Outpost24 webinar - application security in a dev ops world-08-2018
Outpost24
 
DevSecOps 實踐與 GitHub 進階安全: 建立安全的開發流程
Duran Hsieh
 

Recently uploaded (20)

PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
KodekX | Application Modernization Development
KodekX
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Approach and Philosophy of On baking technology
30anthuong17
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

DevOps and Application Security