SlideShare a Scribd company logo

DevSecOps March 2018 - Extract

Download as PPTX, PDF
M
Michael Man

This document outlines a software development security assurance model that includes centralized servers for building developer workstations, reporting vulnerabilities, and source code management. It describes performing various security tests like static code analysis, dynamic testing, interactive testing, open source component analysis, and manual penetration testing on applications and networks. Automated tests integrate with defect management and security tools provide controls.

Technology
Related topics:
Application Security
1 of 1
Download to read offline
1
Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Legend Black Box: Development Stack Blue Box: Automation - Integration Red Box: Security Tools and Controls Infrastructure Scanning

More Related Content

PDF
WhiteList Checker: An Eclipse Plugin to Improve Application Security
guest56b7565
 
PPTX
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
PDF
K8S Certifications - Exam Cram
Michael Man
 
PDF
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
PDF
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
PPTX
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
PPTX
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
PPTX
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 
WhiteList Checker: An Eclipse Plugin to Improve Application Security
guest56b7565
 
5 things i wish i knew about sast (DSO-LG July 2021)
Michael Man
 
K8S Certifications - Exam Cram
Michael Man
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
Michael Man
 
DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...
Michael Man
 
DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...
Michael Man
 
Extract Oct 2019: DSO-LG Rolling Slides
Michael Man
 
Sept 2019 - DSO-LG Tooling Examples
Michael Man
 

More from Michael Man (15)

PPTX
DevSecOps Manchester - May 2019
Michael Man
 
PDF
Chris Rutter: Avoiding The Security Brick
Michael Man
 
PPTX
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
PDF
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
PDF
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
PDF
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
PDF
August 2018: DevSecOps - London Gathering
Michael Man
 
PPTX
DevSecOps - London Gathering : June 2018
Michael Man
 
PDF
Continuous Security: From tins to containers - now what!
Michael Man
 
PDF
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
PDF
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
PDF
DevSecOps The Evolution of DevOps
Michael Man
 
PDF
Dynaminet -DevSecOps
Michael Man
 
PPTX
DevSecOps: Test Automation
Michael Man
 
PPTX
Project management experience security in agile 1309
Michael Man
 
DevSecOps Manchester - May 2019
Michael Man
 
Chris Rutter: Avoiding The Security Brick
Michael Man
 
Extract: DevSecOps - London Gathering (March 2019)
Michael Man
 
Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...
Michael Man
 
Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...
Michael Man
 
Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...
Michael Man
 
August 2018: DevSecOps - London Gathering
Michael Man
 
DevSecOps - London Gathering : June 2018
Michael Man
 
Continuous Security: From tins to containers - now what!
Michael Man
 
The mechanics behind how attackers exploit simple programming mistakes ...
Michael Man
 
Secret Management Journey - Here Be Dragons aka Secret Dragons
Michael Man
 
DevSecOps The Evolution of DevOps
Michael Man
 
Dynaminet -DevSecOps
Michael Man
 
DevSecOps: Test Automation
Michael Man
 
Project management experience security in agile 1309
Michael Man
 
Ad

Recently uploaded (20)

PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
A Presentation on Touch Screen Technology
memembruh336
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
August Patch Tuesday
Ivanti
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Ad

DevSecOps March 2018 - Extract

  • 1. Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Legend Black Box: Development Stack Blue Box: Automation - Integration Red Box: Security Tools and Controls Infrastructure Scanning