DevSecOps Best
Practices: Secure
Everything You Have
April 20, 2024
Sena Yakut
Slide 2
Slide 2 text
About me!
DevSecOps Best Practices: Secure Everything You Have
Sena Yakut
Senior Cloud Security
Engineer
senayakut.com
sena_yakutt
sena-yakut
Lyrebird Studio
Slide 3
Slide 3 text
Agenda
My Recommendations
What, Why and How?
Secure in Every Step
Slide 4
Slide 4 text
We don't live in
a perfect world.
Even the smallest
thing you do is
worth its weight
in gold.
Slide 5
Slide 5 text
We need lots of
people to do all of
these.
Do whatever you can.
Slide 6
Slide 6 text
We do not focus on
tools. You can
choose whatever
you want.
Your architecture,
Your team,
Your budget
Slide 7
Slide 7 text
Plan
- Threat modeling,
- Secure code standards,
- IDE plugins
Slide 8
Slide 8 text
Plan
You can read my blog: Use Amazon CodeWhisperer for Your AWS Security
Build and Test
- Dynamic Application Security
Testing (DAST): Mobile apps,
web apps
- Cloud Configuration Checks,
- Vulnerability Management,
- Penetration Testing,
- API Testing
Slide 15
Slide 15 text
Build and Test
Slide 16
Slide 16 text
Build and Test
Slide 17
Slide 17 text
Release and Deploy
-Access management
-Live site pentesting
-Configuration checks
Slide 18
Slide 18 text
Operate and Monitor
- Alerts and Monitoring,
- Threat Intelligence,
- Log Analysis,
- Asset Inventory and Monitoring
Slide 19
Slide 19 text
Operate and Monitor
Slide 20
Slide 20 text
Operate and Monitor
Slide 21
Slide 21 text
Cultural
Aspect
-Automation alone will not solve the
problems.
-Encourage your security mindset.
-Avoid the blame game.
-Build relationships with teams, don’t
isolate.
Slide 22
Slide 22 text
DevSecOps Best Practices: Secure Everything You Have
Sena Yakut
Senior Cloud Security
Engineer
senayakut.com
sena_yakutt
sena-yakut
Lyrebird Studio