Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl
December 08, 2021
Technology
0
31

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Lean Prototyping for Industrial-IoT Projects
nbyl
0
13
Securing your software supply chain
nbyl
0
180
Keeping-Up-WithUpstream.pdf
nbyl
0
60
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
63
Securing the "other" supply chain
nbyl
0
180
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
84
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
66
It's the developers, stupid!
nbyl
0
100
Das Gruselkabinett des Dr. Kube
nbyl
0
190

Other Decks in Technology

See All in Technology
QMファンネルとQAキャリア
gen519
PRO
1
130
チームで導入する Jetpack Compose あの素晴らしいLTをもう一度.ver
kako351
1
150
Swift 開発が楽になる道具たち
megabitsenmzq
1
290
チームにスクラムを導入してみた
sbtechnight
PRO
0
370
ChatGPTにR言語を教えてもらう(仮)
doradora09
1
170
Managing Test Data
eliasnogueira
0
110
エンジニアのためのマネジメント入門/Introduction to Management for Software Engineers
dskst
1
270
マネジメント3.0モデル入門(120分版)
takufujii
11
2.7k
GitHub Actionsと"仲良くなる"ための練習方法
tsubakimoto_s
10
2.5k
Finally_I_can_kichijojipm32
kaznishi
0
150
Kafka Consumers at Naver
dongjin
0
190
学びが形になる!〜DeNAで6年間プロダクト開発に携わって学んだこと〜
dena_tech
PRO
0
330

Featured

See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
22
1.7k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
11
1.4k
10 Git Anti Patterns You Should be Aware of
lemiorhan
643
55k
A Philosophy of Restraint
colly
193
15k
Designing on Purpose - Digital PM Summit 2013
jponch
108
5.9k
Creatively Recalculating Your Daily Design Routine
revolveconf
207
11k
Robots, Beer and Maslow
schacon
154
7.4k
Done Done
chrislema
178
15k
Fashionably flexible responsive web design (full day workshop)
malarkey
396
64k
Embracing the Ebb and Flow
colly
76
3.6k
Adopting Sorbet at Scale
ufuk
65
7.9k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
31
8.8k

Transcript

  1. 1
    NICOLAS BYL
    DEVSECOPS
    VOM UNIKUM ZUR GUT GEÖLTEN
    MASCHINE

    View Slide

  2. 2
    INTRODUCTION

    View Slide

  3. 3
    THE DEVSECOPS CYCLE

    View Slide

  4. 4
    THE CASTLE ILLUSION

    View Slide

  5. 5
    THE DEVSECOPS CYCLE

    View Slide

  6. 6
    THE DEVSECOPS CYCLE

    View Slide

  7. 7
    SECURE ARCHITECTURE

    View Slide

  8. 8
    THREAT MODELLING

    View Slide

  9. 9
    COMPLIANCE

    View Slide

  10. 10
    PENTESTS

    View Slide

  11. 11
    THE DEVSECOPS CYCLE

    View Slide

  12. 12
    DESIGN PATTERNS

    View Slide

  13. 13
    PRE-COMMIT HOOKS

    View Slide

  14. 14
    CODE REVIEWS

    View Slide

  15. 15
    COMMIT SIGNING

    View Slide

  16. 16
    THE DEVSECOPS CYCLE

    View Slide

  17. 17
    THE DEPENDENCY ICEBERG

    View Slide

  18. 18
    AUTOMATION IS KING
    SOURCE CODE ANALYSIS
    • FindBugs
    • SonarQube
    • SAST
    • DAST
    SOURCE CODE ANALYSIS
    DEPENDENCY ANALYSIS
    • Maven, npm, ...
    • Container Images
    • Operating System
    Packages
    UPDATE AUTOMATION
    • npm audit
    • Dependabot
    • Renovate

    View Slide

  19. 19
    THE DEVSECOPS CYCLE

    View Slide

  20. 20
    POLICY OVER CHECKLISTS

    View Slide

  21. 21
    THE KEY TO THE KINGDOM

    View Slide

  22. 22
    ZERO-TRUST DEPLOYMENT

    View Slide

  23. 23
    ROLLER COASTER
    PASSWORDS

    View Slide

  24. 24
    INVENTORY SCANS

    View Slide

  25. 25
    FIRE DRILLS & CHAOS
    ENGINEERING

    View Slide

  26. 26
    HOW TO GET IN TOUCH
    [email protected]
    @ClusterBauer
    https://www.nexineer.io/career/
    WE ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…

    View Slide

  27. 27
    PATCHING
    Sicheres Artefakt
    Artefakt
    mit bekannter
    Schwachstelle
    Scanning
    Patching

    View Slide