Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevSecOps - Vom Unikum zur gut geölten Maschine
Search
Nicolas Byl
December 08, 2021
Technology
0
81
DevSecOps - Vom Unikum zur gut geölten Maschine
Nicolas Byl
December 08, 2021
Tweet
Share
More Decks by Nicolas Byl
See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
33
Lean Prototyping for Industrial-IoT Projects
nbyl
0
24
Securing your software supply chain
nbyl
0
330
Keeping-Up-WithUpstream.pdf
nbyl
0
120
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
98
Securing the "other" supply chain
nbyl
0
230
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
150
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
150
Other Decks in Technology
See All in Technology
Azureの開発で辛いところ
re3turn
0
240
EMConf JP の楽しみ方 / How to enjoy EMConf JP
pauli
2
150
ゼロからわかる!!AWSの構成図を書いてみようワークショップ 問題&解答解説 #デッカイギ #羽田デッカイギおつ
_mossann_t
0
1.5k
新卒1年目、はじめてのアプリケーションサーバー【IBM WebSphere Liberty】
ktgrryt
0
130
【NGK2025S】動物園(PINTO_model_zoo)に遊びに行こう
kazuhitotakahashi
0
240
20250116_JAWS_Osaka
takuyay0ne
2
200
AWS re:Invent 2024 recap in 20min / JAWSUG 千葉 2025.1.14
shimy
1
100
三菱電機で社内コミュニティを立ち上げた話
kurebayashi
1
360
シフトライトなテスト活動を適切に行うことで、無理な開発をせず、過剰にテストせず、顧客をビックリさせないプロダクトを作り上げているお話 #RSGT2025 / Shift Right
nihonbuson
3
2.1k
re:Invent2024 KeynoteのAmazon Q Developer考察
yusukeshimizu
1
150
自社 200 記事を元に整理した読みやすいテックブログを書くための Tips 集
masakihirose
2
330
CDKのコードレビューを楽にするパッケージcdk-mentorを作ってみた/cdk-mentor
tomoki10
0
210
Featured
See All Featured
Building Applications with DynamoDB
mza
93
6.2k
Being A Developer After 40
akosma
89
590k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.2k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
How to Think Like a Performance Engineer
csswizardry
22
1.3k
Building a Modern Day E-commerce SEO Strategy
aleyda
38
7k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
870
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.3k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
Transcript
1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE
2 INTRODUCTION
3 THE DEVSECOPS CYCLE
4 THE CASTLE ILLUSION
5 THE DEVSECOPS CYCLE
6 THE DEVSECOPS CYCLE
7 SECURE ARCHITECTURE
8 THREAT MODELLING
9 COMPLIANCE
10 PENTESTS
11 THE DEVSECOPS CYCLE
12 DESIGN PATTERNS
13 PRE-COMMIT HOOKS
14 CODE REVIEWS
15 COMMIT SIGNING
16 THE DEVSECOPS CYCLE
17 THE DEPENDENCY ICEBERG
18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •
SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate
19 THE DEVSECOPS CYCLE
20 POLICY OVER CHECKLISTS
21 THE KEY TO THE KINGDOM
22 ZERO-TRUST DEPLOYMENT
23 ROLLER COASTER PASSWORDS
24 INVENTORY SCANS
25 FIRE DRILLS & CHAOS ENGINEERING
26 HOW TO GET IN TOUCH
[email protected]
@ClusterBauer https://www.nexineer.io/career/ WE
ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…
27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching