Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevSecOps - Vom Unikum zur gut geölten Maschine

Avatar for Nicolas Byl Nicolas Byl
December 08, 2021
Technology
0
91

DevSecOps - Vom Unikum zur gut geölten Maschine

Avatar for Nicolas Byl

Nicolas Byl

December 08, 2021
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
Avatar for Nicolas Byl nbyl
0
41
Lean Prototyping for Industrial-IoT Projects
Avatar for Nicolas Byl nbyl
0
38
Securing your software supply chain
Avatar for Nicolas Byl nbyl
0
350
Keeping-Up-WithUpstream.pdf
Avatar for Nicolas Byl nbyl
0
150
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
Avatar for Nicolas Byl nbyl
0
110
Securing the "other" supply chain
Avatar for Nicolas Byl nbyl
0
250
Kubernetes - Auf die Cluster, Fertig, Los!
Avatar for Nicolas Byl nbyl
0
170
Helm - Kubernetes Deployments richtig gemacht
Avatar for Nicolas Byl nbyl
0
120
It's the developers, stupid!
Avatar for Nicolas Byl nbyl
0
180

Other Decks in Technology

See All in Technology
ビズリーチにおけるリアーキテクティング実践事例 / JJUG CCC 2025 Spring
Avatar for Visional Engineering & Design visional_engineering_and_design
1
110
KubeCon + CloudNativeCon Japan 2025 Recap Opening & Choose Your Own Adventureシリーズまとめ
Avatar for mm-matsuda mmmatsuda
0
260
Zephyr RTOSを使った開発コンペに参加した件
Avatar for misoji engineer iotengineer22
1
200
作曲家がボカロを使うようにPdMはAIを使え
Avatar for Takuya Ito itotaxi
0
440
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
Avatar for soudai sone soudai
PRO
21
7.2k
【5分でわかる】セーフィー エンジニア向け会社紹介
Avatar for Safie safie_recruit
0
27k
Model Mondays S2E03: SLMs & Reasoning
Avatar for Nitya Narasimhan, PhD nitya
0
350
AI時代の開発生産性を加速させるアーキテクチャ設計
Avatar for PLAID Tech plaidtech
PRO
3
120
生成AI活用の組織格差を解消する 〜ビジネス職のCursor導入が開発効率に与えた好循環〜 / Closing the Organizational Gap in AI Adoption
Avatar for upamune / Yu SERIZAWA upamune
7
5.1k
なぜ私はいま、ここにいるのか? #もがく中堅デザイナー #プロダクトデザイナー
Avatar for 弁護士ドットコム bengo4com
0
1.3k
高速なプロダクト開発を実現、創業期から掲げるエンタープライズアーキテクチャ
Avatar for かわうそ kawauso
2
8.4k
ゼロからはじめる採用広報
Avatar for Yuta Horii yutadayo
2
540

Featured

See All Featured
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
357
30k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
130
19k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
94
14k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
329
21k
Side Projects
Avatar for Sacha Greif sachag
455
42k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
271
27k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
Adopting Sorbet at Scale
Avatar for Ufuk Kayserilioglu ufuk
77
9.4k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
231
18k
The Power of CSS Pseudo Elements
Avatar for Geoffrey Crofte geoffreycrofte
77
5.8k

Transcript

  1. 1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE

  2. 2 INTRODUCTION

  3. 3 THE DEVSECOPS CYCLE

  4. 4 THE CASTLE ILLUSION

  5. 5 THE DEVSECOPS CYCLE

  6. 6 THE DEVSECOPS CYCLE

  7. 7 SECURE ARCHITECTURE

  8. 8 THREAT MODELLING

  9. 9 COMPLIANCE

  10. 10 PENTESTS

  11. 11 THE DEVSECOPS CYCLE

  12. 12 DESIGN PATTERNS

  13. 13 PRE-COMMIT HOOKS

  14. 14 CODE REVIEWS

  15. 15 COMMIT SIGNING

  16. 16 THE DEVSECOPS CYCLE

  17. 17 THE DEPENDENCY ICEBERG

  18. 18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •

    SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate

  19. 19 THE DEVSECOPS CYCLE

  20. 20 POLICY OVER CHECKLISTS

  21. 21 THE KEY TO THE KINGDOM

  22. 22 ZERO-TRUST DEPLOYMENT

  23. 23 ROLLER COASTER PASSWORDS

  24. 24 INVENTORY SCANS

  25. 25 FIRE DRILLS & CHAOS ENGINEERING

  26. 26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE

    ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…

  27. 27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching