DevSecOps - Vom Unikum zur gut geölten Maschine

December 08, 2021

110

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021

Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl

Platform Engineering ❤️ Developer Experience

0

19

Die Flucht aus der Prototypen-Hölle

0

44

Lean Prototyping for Industrial-IoT Projects

0

55

Securing your software supply chain

0

370

Keeping-Up-WithUpstream.pdf

0

170

Dr. Kube und der Helm - Anatomie einer CD-Pipeline

0

130

Securing the "other" supply chain

0

290

Kubernetes - Auf die Cluster, Fertig, Los!

0

190

Helm - Kubernetes Deployments richtig gemacht

0

130

Other Decks in Technology

See All in Technology

Oracle Database@Google Cloud：サービス概要のご紹介

oracle4engineer

PRO

1

760

AI駆動開発の実践とその未来

1

480

日本の AI 開発と世界の潮流 / GenAI Development in Japan

1

370

Bedrock AgentCore Evaluationsで学ぶLLM as a judge入門

2

240

ハッカソンから社内プロダクトへ AIエージェント ko☆shi 開発で学んだ4つの重要要素

0

110

ペアーズにおけるAIエージェント基盤とText to SQLツールの紹介

2

1.6k

ExpoのインダストリーブースでみたAWSが見せる製造業の未来

0

190

意外と知らない状態遷移テストの世界

PRO

1

240

AR Guitar: Expanding Guitar Performance from a Live House to Urban Space

0

150

たまに起きる外部サービスの障害に備えたり備えなかったりする話

0

400

Kiro を用いたペアプロのススメ

4

1.7k

通勤手当申請チェックエージェント開発のリアル

3

450

Featured

See All Featured

職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position

51

43k

How GitHub (no longer) Works

316

140k

Unsuck your backbone

671

58k

The Art of Programming - Codeland 2020

56

14k

How to build an LLM SEO readiness audit: a practical framework

1

580

Designing for Timeless Needs

0

93

4 Signs Your Business is Dying

186

22k

16th Malabo Montpellier Forum Presentation

PRO

0

29

Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline

PRO

0

73

Groundhog Day: Seeking Process in Gaming for Health

0

65

Color Theory Basics | Prateek | Gurzu

0

150

A Tale of Four Properties

162

23k

Transcript

1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE
2 INTRODUCTION
3 THE DEVSECOPS CYCLE
4 THE CASTLE ILLUSION
5 THE DEVSECOPS CYCLE
6 THE DEVSECOPS CYCLE
7 SECURE ARCHITECTURE
8 THREAT MODELLING
9 COMPLIANCE
10 PENTESTS
11 THE DEVSECOPS CYCLE
12 DESIGN PATTERNS
13 PRE-COMMIT HOOKS
14 CODE REVIEWS
15 COMMIT SIGNING
16 THE DEVSECOPS CYCLE
17 THE DEPENDENCY ICEBERG
18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •
SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate
19 THE DEVSECOPS CYCLE
20 POLICY OVER CHECKLISTS
21 THE KEY TO THE KINGDOM
22 ZERO-TRUST DEPLOYMENT
23 ROLLER COASTER PASSWORDS
24 INVENTORY SCANS
25 FIRE DRILLS & CHAOS ENGINEERING
26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE
ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…
27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching