Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl
December 08, 2021
Technology
0
83

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
35
Lean Prototyping for Industrial-IoT Projects
nbyl
0
27
Securing your software supply chain
nbyl
0
330
Keeping-Up-WithUpstream.pdf
nbyl
0
130
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
100
Securing the "other" supply chain
nbyl
0
230
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
150
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
120
It's the developers, stupid!
nbyl
0
160

Other Decks in Technology

See All in Technology
ハッキングの世界に迫る~攻撃者の思考で考えるセキュリティ~
nomizone
13
4.7k
Nekko Cloud、 これまでとこれから ~学生サークルが作る、 小さなクラウド
logica0419
2
790
モノレポ開発のエラー、誰が見る?Datadog で実現する適切なトリアージとエスカレーション
biwashi
6
780
飲食店予約台帳を支えるインタラクティブ UI 設計と実装
siropaca
7
1.4k
自動テストの世界に、この5年間で起きたこと
autifyhq
10
7.5k
Postmanを使いこなす!2025年ぜひとも押さえておきたいPostmanの10の機能
nagix
2
130
まだ間に合う! エンジニアのための生成AIアプリ開発入門 on AWS
minorun365
PRO
5
590
Classmethod AI Talks(CATs) #15 司会進行スライド(2025.02.06) / classmethod-ai-talks-aka-cats_moderator-slides_vol15_2025-02-06
shinyaa31
0
170
偶然 × 行動で人生の可能性を広げよう / Serendipity × Action: Discover Your Possibilities
ar_tama
1
830
事業継続を支える自動テストの考え方
tsuemura
0
310
目の前の仕事と向き合うことで成長できる - 仕事とスキルを広げる / Every little bit counts
soudai
23
6.1k
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
15
5.8k

Featured

See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
20
2.4k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Optimising Largest Contentful Paint
csswizardry
34
3.1k
Gamification - CAS2011
davidbonilla
80
5.1k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
400
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
GraphQLとの向き合い方2022年版
quramy
44
13k

Transcript

  1. 1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE

  2. 2 INTRODUCTION

  3. 3 THE DEVSECOPS CYCLE

  4. 4 THE CASTLE ILLUSION

  5. 5 THE DEVSECOPS CYCLE

  6. 6 THE DEVSECOPS CYCLE

  7. 7 SECURE ARCHITECTURE

  8. 8 THREAT MODELLING

  9. 9 COMPLIANCE

  10. 10 PENTESTS

  11. 11 THE DEVSECOPS CYCLE

  12. 12 DESIGN PATTERNS

  13. 13 PRE-COMMIT HOOKS

  14. 14 CODE REVIEWS

  15. 15 COMMIT SIGNING

  16. 16 THE DEVSECOPS CYCLE

  17. 17 THE DEPENDENCY ICEBERG

  18. 18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •

    SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate

  19. 19 THE DEVSECOPS CYCLE

  20. 20 POLICY OVER CHECKLISTS

  21. 21 THE KEY TO THE KINGDOM

  22. 22 ZERO-TRUST DEPLOYMENT

  23. 23 ROLLER COASTER PASSWORDS

  24. 24 INVENTORY SCANS

  25. 25 FIRE DRILLS & CHAOS ENGINEERING

  26. 26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE

    ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…

  27. 27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching