Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
DevSecOps - Vom Unikum zur gut geölten Maschine
Nicolas Byl
December 08, 2021
Technology
0
17
DevSecOps - Vom Unikum zur gut geölten Maschine
Nicolas Byl
December 08, 2021
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Lean Prototyping for Industrial-IoT Projects
nbyl
0
9
Securing your software supply chain
nbyl
0
140
Keeping-Up-WithUpstream.pdf
nbyl
0
56
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
58
Securing the "other" supply chain
nbyl
0
140
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
80
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
65
It's the developers, stupid!
nbyl
0
99
Das Gruselkabinett des Dr. Kube
nbyl
0
180
Other Decks in Technology
See All in Technology
AWSを使う上で意識しておきたい、クラウドセキュリティ超入門(駆け足版)
kkmory
0
220
データをコネコネ!メール配信用データ生成の仕組み
kappezoro
0
130
金融スタートアップの上場準備で大事にしたマインドセット / 2022-08-04-the-mindset-in-preparing-for-ipo
stajima
0
330
COSCUP x KCD Taiwan 2020 - 那些年我們在開源社群的日子 - Cloud Native Taiwan
pohsien
0
120
ぼくらが選んだ次のMySQL 8.0 / MySQL80 Which We Choose
line_developers
PRO
7
3.3k
インフラのテストに VPC Reachability Analyzer は外せないという話
nulabinc
PRO
3
780
Settlement simulation testing to ensure correct settlement processing
applepine1125
2
1.6k
eBPFで実現するコンテナランタイムセキュリティ / Container Runtime Security with eBPF
tobachi
PRO
5
1.9k
EKS AnywhereとIAM Anywhereを組み合わせてみた
regmarmcem
0
430
Learning to Solve Hard Minimal Problems
takmin
1
530
20220803投資先CXO候補者向け 会社紹介資料_合同会社BLUEPRINT
hik
0
620
Oblivious Online Monitoring for Safety LTL Specification via Fully Homomorphic Encryption
anqou
1
420
Featured
See All Featured
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
181
15k
The Pragmatic Product Professional
lauravandoore
19
3.1k
Done Done
chrislema
174
14k
What's new in Ruby 2.0
geeforr
335
30k
The Mythical Team-Month
searls
210
39k
Art, The Web, and Tiny UX
lynnandtonic
280
18k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
21
1.4k
What's in a price? How to price your products and services
michaelherold
229
9.4k
Bash Introduction
62gerente
598
210k
jQuery: Nuts, Bolts and Bling
dougneiner
56
6.5k
GitHub's CSS Performance
jonrohan
1020
420k
Three Pipe Problems
jasonvnalue
89
8.7k
Transcript
1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE
2 INTRODUCTION
3 THE DEVSECOPS CYCLE
4 THE CASTLE ILLUSION
5 THE DEVSECOPS CYCLE
6 THE DEVSECOPS CYCLE
7 SECURE ARCHITECTURE
8 THREAT MODELLING
9 COMPLIANCE
10 PENTESTS
11 THE DEVSECOPS CYCLE
12 DESIGN PATTERNS
13 PRE-COMMIT HOOKS
14 CODE REVIEWS
15 COMMIT SIGNING
16 THE DEVSECOPS CYCLE
17 THE DEPENDENCY ICEBERG
18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •
SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate
19 THE DEVSECOPS CYCLE
20 POLICY OVER CHECKLISTS
21 THE KEY TO THE KINGDOM
22 ZERO-TRUST DEPLOYMENT
23 ROLLER COASTER PASSWORDS
24 INVENTORY SCANS
25 FIRE DRILLS & CHAOS ENGINEERING
26 HOW TO GET IN TOUCH nicolas.byl@nexineer.io @ClusterBauer https://www.nexineer.io/career/ WE
ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…
27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching