Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
DevSecOps Best Practices- Secure Everything You...
Search
Sena Yakut
April 21, 2024
0
130
DevSecOps Best Practices- Secure Everything You Have
Sena Yakut
April 21, 2024
Tweet
Share
More Decks by Sena Yakut
See All by Sena Yakut
Securing Large Language Models- Threats and Mitigations
senayakut
0
13
Cloud Security Engineering: The Profession of the Future
senayakut
0
26
Gateway to Cloud Security Heaven: Our AWS Expedition
senayakut
0
280
Securing The Sky Strategies For Protecting Against Cloud Hacking
senayakut
0
90
Cloud Security From Scratch
senayakut
0
78
Cloud Security 101: Ultimate weapon against cyber threats
senayakut
0
110
Journey to the Cloud: An Introduction and Security Overview
senayakut
0
40
Explore Ten Ways to Secure The Cloud
senayakut
0
53
PartyRock-Your Security Supporters
senayakut
0
46
Featured
See All Featured
Become a Pro
speakerdeck
PRO
24
4.9k
For a Future-Friendly Web
brad_frost
174
9.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
26
5.1k
KATA
mclloyd
28
13k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
191
16k
Designing for humans not robots
tammielis
249
25k
BBQ
matthewcrist
85
9.2k
Unsuck your backbone
ammeep
668
57k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
23k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
105
48k
What the flash - Photography Introduction
edds
67
11k
Building an army of robots
kneath
302
42k
Transcript
DevSecOps Best Practices: Secure Everything You Have April 20, 2024
Sena Yakut
About me! DevSecOps Best Practices: Secure Everything You Have Sena
Yakut Senior Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio
Agenda My Recommendations What, Why and How? Secure in Every
Step
We don't live in a perfect world. Even the smallest
thing you do is worth its weight in gold.
We need lots of people to do all of these.
Do whatever you can.
We do not focus on tools. You can choose whatever
you want. Your architecture, Your team, Your budget
Plan - Threat modeling, - Secure code standards, - IDE
plugins
Plan You can read my blog: Use Amazon CodeWhisperer for
Your AWS Security
Code - Static Application Security Testing (SAST), - Software Composition
Analysis, - Supply Chain Attacks, - Secure Pipelines, - Secret Scanning
Code Static Application Security Testing (SAST)
Code Software Composition Analysis
Code Software Composition Analysis
Code Secret Scanning
Build and Test - Dynamic Application Security Testing (DAST): Mobile
apps, web apps - Cloud Configuration Checks, - Vulnerability Management, - Penetration Testing, - API Testing
Build and Test
Build and Test
Release and Deploy -Access management -Live site pentesting -Configuration checks
Operate and Monitor - Alerts and Monitoring, - Threat Intelligence,
- Log Analysis, - Asset Inventory and Monitoring
Operate and Monitor
Operate and Monitor
Cultural Aspect -Automation alone will not solve the problems. -Encourage
your security mindset. -Avoid the blame game. -Build relationships with teams, don’t isolate.
DevSecOps Best Practices: Secure Everything You Have Sena Yakut Senior
Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio