Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevSecOps Best Practices- Secure Everything You...
Search
Sena Yakut
April 21, 2024
0
180
DevSecOps Best Practices- Secure Everything You Have
Sena Yakut
April 21, 2024
Tweet
Share
More Decks by Sena Yakut
See All by Sena Yakut
Dangerous by Design Cloud Security Flaws We Keep Repeating
senayakut
0
260
re:Inforce 2025 - Serverless Threat Response for Amazon S3 Malware Detection
senayakut
0
45
Falling in Love with the Cloud – Securely
senayakut
0
55
Amazon GuardDuty Energy - I See It. I Flag It. I Block It
senayakut
0
58
Exploring Innovations in Cloud Technologies
senayakut
0
18
Securing the Future- A Deep Dive into the re-Invent:2024 Security Announcements
senayakut
0
16
What I’ve Learned-My Top AWS WAF Tips for Stronger Protection
senayakut
0
21
Hacking the Cloud - AWS Pentesting in Action
senayakut
0
120
Next-Level Defense: What re: Invent 2024 Means for Your Security
senayakut
0
67
Featured
See All Featured
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Agile that works and the tools we love
rasmusluckow
329
21k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
2.9k
Thoughts on Productivity
jonyablonski
69
4.7k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Building Adaptive Systems
keathley
43
2.7k
The Invisible Side of Design
smashingmag
301
51k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
Transcript
DevSecOps Best Practices: Secure Everything You Have April 20, 2024
Sena Yakut
About me! DevSecOps Best Practices: Secure Everything You Have Sena
Yakut Senior Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio
Agenda My Recommendations What, Why and How? Secure in Every
Step
We don't live in a perfect world. Even the smallest
thing you do is worth its weight in gold.
We need lots of people to do all of these.
Do whatever you can.
We do not focus on tools. You can choose whatever
you want. Your architecture, Your team, Your budget
Plan - Threat modeling, - Secure code standards, - IDE
plugins
Plan You can read my blog: Use Amazon CodeWhisperer for
Your AWS Security
Code - Static Application Security Testing (SAST), - Software Composition
Analysis, - Supply Chain Attacks, - Secure Pipelines, - Secret Scanning
Code Static Application Security Testing (SAST)
Code Software Composition Analysis
Code Software Composition Analysis
Code Secret Scanning
Build and Test - Dynamic Application Security Testing (DAST): Mobile
apps, web apps - Cloud Configuration Checks, - Vulnerability Management, - Penetration Testing, - API Testing
Build and Test
Build and Test
Release and Deploy -Access management -Live site pentesting -Configuration checks
Operate and Monitor - Alerts and Monitoring, - Threat Intelligence,
- Log Analysis, - Asset Inventory and Monitoring
Operate and Monitor
Operate and Monitor
Cultural Aspect -Automation alone will not solve the problems. -Encourage
your security mindset. -Avoid the blame game. -Build relationships with teams, don’t isolate.
DevSecOps Best Practices: Secure Everything You Have Sena Yakut Senior
Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio