Secure your LINE Chatbot with DevSecOps

Transcript

1. Secure your LINE Chatbot with Jirayut Nimsaeng (Dear) CEO &

   Founder, Opsta (Thailand) Co.,Ltd.

2. Do you think you are secure?

3. Jirayut Nimsaeng (Dear) Jirayut has been involved in DevSecOps, Container,

   Cloud Technology and Open Source for over 10 years. He has experienced and succeeded in transforming several companies to deliver greater values and be more agile. • Founder and CEO of Opsta (Thailand) Co.,Ltd. • Cloud/DevSecOps Transformation Consultant and Solution Architecture • First Certified Kubernetes Administrator (CKA) and Certified Kubernetes Security Specialist (CKS) in Thailand • First Thai Google Cloud Developer Expert (GDE) in Thailand • Google Cloud Certified - Professional Cloud Architect and Associate Cloud Engineer #whoami

4. • What is DevSecOps? • Cloud Native Security • Live

   Demo Agenda

5. What is DevSecOps?

6. Generic DevOps Flow & Components Dev Ops VCS CI ARTIFACTS

   CD DEV UAT PRD LOAD TESTING MONITORING SUPPORT TOOLS AUTOMATION & INFRASTRUCTURE AS CODE COMMUNICATION INFRASTRUCTURE

7. Dev Ops Sec VCS CI ARTIFACTS CD COMMUNICATION DEV UAT

   PRD SECURITY LOAD TESTING MONITORING SUPPORT TOOLS AUTOMATION & INFRASTRUCTURE AS CODE When put Security into DevOps INFRASTRUCTURE

8. Dev Ops Sec VCS CI CD DEV UAT PRD LOAD

   TESTING MONITORING SUPPORT TOOLS AUTOMATION & INFRASTRUCTURE AS CODE COMMUNICATION DevSecOps Flow INFRASTRUCTURE SECURITY SHIFT LEFT WITH AUTOMATION ARTIFACTS

9. Dev Ops Sec VCS CI ARTIFACTS CD DEV UAT PRD

   INFRASTRUCTURE AUTOMATION SECURITY LOAD TESTING MONITORING SUPPORT TOOLS AUTOMATION & INFRASTRUCTURE AS CODE Automation Security COMMUNICATION

10. Secure Coding SAST SCA Vulnerability Assessment Penetration Testing IASTz Threat

    Intelligence Multi-Tenancy Landing Zone Secrets Management DAST Binary Analysis Threat Modeling SOC SOAR CWPP CSPM Security Automation in every steps Compliance Validation

11. Cloud Native Security

12. Cloud Native Technologies https://landscape.cncf.io

13. VCS CI ARTIFACTS CD DEV UAT PRD AUTOMATION SECURITY MONITORING

    AUTOMATION & INFRASTRUCTURE AS CODE Apps SUPPORT TOOLS Cloud Native and DevSecOps Components

14. Cloud-native application protection platforms (CNAPPs)

15. Shut up and Show me your CODE https://github.com/opsta/opsta-line-bot https://github.com/opsta/opsta-line-bot

16. • Are you sure you don’t have LINE channel secret

    in your code? • DevSecOps is not easy (but worth it) • DevSecOps will only benefit if you invest in it • You can learn something new when you fix vulnerability • START TODAY! Key Takeaways

17. What we offer DevSecOps Platform Engineering Portal (Subscription) End-to-end platform

    engineering ecosystem with self-service portal that provides a seamless experience from onboarding applications to day-2 operations. DevSecOps Transformation Security Automation Self-Service Automation Infrastructure Hybrid Multi-Cloud Infrastructure Kubernetes Service Provider Centralized Monitoring Training Consulting Service Centralized Application & DevSecOps Tools Management Streamline Access to All DevSecOps Tools, Build Application Structures, and Control Permissions. Security Governance Dashboard Centralized Dashboard for SAST, DAST, SCA, Container Scan, etc. Ready for Day 2 Operation Observability Dashboards to Quickly Identify Root Causes Best Practice DevSecOps Templates Zero-effort DevSecOps configuration on Cloud-Native application. Our Product Our Solution and Service

18. fb.me/DearJirayut www.linkedin.com/in/jirayut/ [email protected] www.opsta.co.th Jirayut Nimsaeng (Dear) Founder & CEO

    of Opsta https://github.com/opsta/opsta-line-bot https://github.com/opsta/opsta-line-bot
19. None