Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl
December 08, 2021
Technology
0
81

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
33
Lean Prototyping for Industrial-IoT Projects
nbyl
0
24
Securing your software supply chain
nbyl
0
330
Keeping-Up-WithUpstream.pdf
nbyl
0
120
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
98
Securing the "other" supply chain
nbyl
0
230
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
150
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
150

Other Decks in Technology

See All in Technology
Azureの開発で辛いところ
re3turn
0
240
EMConf JP の楽しみ方 / How to enjoy EMConf JP
pauli
2
150
ゼロからわかる!!AWSの構成図を書いてみようワークショップ 問題&解答解説 #デッカイギ #羽田デッカイギおつ
_mossann_t
0
1.5k
新卒1年目、はじめてのアプリケーションサーバー【IBM WebSphere Liberty】
ktgrryt
0
130
【NGK2025S】動物園(PINTO_model_zoo)に遊びに行こう
kazuhitotakahashi
0
240
20250116_JAWS_Osaka
takuyay0ne
2
200
AWS re:Invent 2024 recap in 20min / JAWSUG 千葉 2025.1.14
shimy
1
100
三菱電機で社内コミュニティを立ち上げた話
kurebayashi
1
360
シフトライトなテスト活動を適切に行うことで、無理な開発をせず、過剰にテストせず、顧客をビックリさせないプロダクトを作り上げているお話 #RSGT2025 / Shift Right
nihonbuson
3
2.1k
re:Invent2024 KeynoteのAmazon Q Developer考察
yusukeshimizu
1
150
自社 200 記事を元に整理した読みやすいテックブログを書くための Tips 集
masakihirose
2
330
CDKのコードレビューを楽にするパッケージcdk-mentorを作ってみた/cdk-mentor
tomoki10
0
210

Featured

See All Featured
Building Applications with DynamoDB
mza
93
6.2k
Being A Developer After 40
akosma
89
590k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.2k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
7k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
870
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.3k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k

Transcript

  1. 1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE

  2. 2 INTRODUCTION

  3. 3 THE DEVSECOPS CYCLE

  4. 4 THE CASTLE ILLUSION

  5. 5 THE DEVSECOPS CYCLE

  6. 6 THE DEVSECOPS CYCLE

  7. 7 SECURE ARCHITECTURE

  8. 8 THREAT MODELLING

  9. 9 COMPLIANCE

  10. 10 PENTESTS

  11. 11 THE DEVSECOPS CYCLE

  12. 12 DESIGN PATTERNS

  13. 13 PRE-COMMIT HOOKS

  14. 14 CODE REVIEWS

  15. 15 COMMIT SIGNING

  16. 16 THE DEVSECOPS CYCLE

  17. 17 THE DEPENDENCY ICEBERG

  18. 18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •

    SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate

  19. 19 THE DEVSECOPS CYCLE

  20. 20 POLICY OVER CHECKLISTS

  21. 21 THE KEY TO THE KINGDOM

  22. 22 ZERO-TRUST DEPLOYMENT

  23. 23 ROLLER COASTER PASSWORDS

  24. 24 INVENTORY SCANS

  25. 25 FIRE DRILLS & CHAOS ENGINEERING

  26. 26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE

    ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…

  27. 27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching