Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl
December 08, 2021
Technology
0
81

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
30
Lean Prototyping for Industrial-IoT Projects
nbyl
0
22
Securing your software supply chain
nbyl
0
320
Keeping-Up-WithUpstream.pdf
nbyl
0
120
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
96
Securing the "other" supply chain
nbyl
0
220
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
140
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
140

Other Decks in Technology

See All in Technology
サイボウズフロントエンドエキスパートチームについて / FrontendExpert Team
cybozuinsideout
PRO
5
38k
ゼロから創る横断SREチーム 挑戦と進化の軌跡
rvirus0817
2
260
1等無人航空機操縦士一発試験 合格までの道のり ドローンミートアップ@大阪 2024/12/18
excdinc
0
150
Oracle Cloud Infrastructure:2024年12月度サービス・アップデート
oracle4engineer
PRO
0
170
コンテナセキュリティのためのLandlock入門
nullpo_head
2
320
OpenShift Virtualizationのネットワーク構成を真剣に考えてみた/OpenShift Virtualization's Network Configuration
tnk4on
0
130
Jetpack Composeで始めるServer Cache State
ogaclejapan
2
160
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k
20241214_WACATE2024冬_テスト設計技法をチョット俯瞰してみよう
kzsuzuki
3
440
KubeCon NA 2024 Recap: How to Move from Ingress to Gateway API with Minimal Hassle
ysakotch
0
200
統計データで2024年の クラウド・インフラ動向を眺める
ysknsid25
2
840
20241220_S3 tablesの使い方を検証してみた
handy
3
320

Featured

See All Featured
We Have a Design System, Now What?
morganepeng
51
7.3k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
What's in a price? How to price your products and services
michaelherold
243
12k
How GitHub (no longer) Works
holman
311
140k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
330
21k
How to Ace a Technical Interview
jacobian
276
23k
Adopting Sorbet at Scale
ufuk
73
9.1k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
[RailsConf 2023] Rails as a piece of cake
palkan
53
5k

Transcript

  1. 1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE

  2. 2 INTRODUCTION

  3. 3 THE DEVSECOPS CYCLE

  4. 4 THE CASTLE ILLUSION

  5. 5 THE DEVSECOPS CYCLE

  6. 6 THE DEVSECOPS CYCLE

  7. 7 SECURE ARCHITECTURE

  8. 8 THREAT MODELLING

  9. 9 COMPLIANCE

  10. 10 PENTESTS

  11. 11 THE DEVSECOPS CYCLE

  12. 12 DESIGN PATTERNS

  13. 13 PRE-COMMIT HOOKS

  14. 14 CODE REVIEWS

  15. 15 COMMIT SIGNING

  16. 16 THE DEVSECOPS CYCLE

  17. 17 THE DEPENDENCY ICEBERG

  18. 18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •

    SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate

  19. 19 THE DEVSECOPS CYCLE

  20. 20 POLICY OVER CHECKLISTS

  21. 21 THE KEY TO THE KINGDOM

  22. 22 ZERO-TRUST DEPLOYMENT

  23. 23 ROLLER COASTER PASSWORDS

  24. 24 INVENTORY SCANS

  25. 25 FIRE DRILLS & CHAOS ENGINEERING

  26. 26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE

    ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…

  27. 27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching