Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl
December 08, 2021
Technology
0
81

DevSecOps - Vom Unikum zur gut geölten Maschine

Nicolas Byl

December 08, 2021
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Die Flucht aus der Prototypen-Hölle
nbyl
0
29
Lean Prototyping for Industrial-IoT Projects
nbyl
0
21
Securing your software supply chain
nbyl
0
310
Keeping-Up-WithUpstream.pdf
nbyl
0
110
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
94
Securing the "other" supply chain
nbyl
0
210
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
140
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
110
It's the developers, stupid!
nbyl
0
140

Other Decks in Technology

See All in Technology
誰も全体を知らない ~ ロールの垣根を超えて引き上げる開発生産性 / Boosting Development Productivity Across Roles
kakehashi
1
220
【Pycon mini 東海 2024】Google Colaboratoryで試すVLM
kazuhitotakahashi
2
500
Taming you application's environments
salaboy
0
180
Application Development WG Intro at AppDeveloperCon
salaboy
0
180
Can We Measure Developer Productivity?
ewolff
1
150
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
550
OCI Security サービス 概要
oracle4engineer
PRO
0
6.5k
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
複雑なState管理からの脱却
sansantech
PRO
1
140
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
370
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
フルカイテン株式会社 採用資料
fullkaiten
0
40k

Featured

See All Featured
Code Review Best Practice
trishagee
64
17k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Measuring & Analyzing Core Web Vitals
bluesmoon
4
120
Typedesign – Prime Four
hannesfritz
40
2.4k
How GitHub (no longer) Works
holman
310
140k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Designing the Hi-DPI Web
ddemaree
280
34k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.5k

Transcript

  1. 1 NICOLAS BYL DEVSECOPS VOM UNIKUM ZUR GUT GEÖLTEN MASCHINE

  2. 2 INTRODUCTION

  3. 3 THE DEVSECOPS CYCLE

  4. 4 THE CASTLE ILLUSION

  5. 5 THE DEVSECOPS CYCLE

  6. 6 THE DEVSECOPS CYCLE

  7. 7 SECURE ARCHITECTURE

  8. 8 THREAT MODELLING

  9. 9 COMPLIANCE

  10. 10 PENTESTS

  11. 11 THE DEVSECOPS CYCLE

  12. 12 DESIGN PATTERNS

  13. 13 PRE-COMMIT HOOKS

  14. 14 CODE REVIEWS

  15. 15 COMMIT SIGNING

  16. 16 THE DEVSECOPS CYCLE

  17. 17 THE DEPENDENCY ICEBERG

  18. 18 AUTOMATION IS KING SOURCE CODE ANALYSIS • FindBugs •

    SonarQube • SAST • DAST SOURCE CODE ANALYSIS DEPENDENCY ANALYSIS • Maven, npm, ... • Container Images • Operating System Packages UPDATE AUTOMATION • npm audit • Dependabot • Renovate

  19. 19 THE DEVSECOPS CYCLE

  20. 20 POLICY OVER CHECKLISTS

  21. 21 THE KEY TO THE KINGDOM

  22. 22 ZERO-TRUST DEPLOYMENT

  23. 23 ROLLER COASTER PASSWORDS

  24. 24 INVENTORY SCANS

  25. 25 FIRE DRILLS & CHAOS ENGINEERING

  26. 26 HOW TO GET IN TOUCH [email protected] @ClusterBauer https://www.nexineer.io/career/ WE

    ARE ALWAYS LOOKING FOR GREAT COLLEAGUES…

  27. 27 PATCHING Sicheres Artefakt Artefakt mit bekannter Schwachstelle Scanning Patching