DevSecOps Best Practices- Secure Everything You Have

Transcript

1. DevSecOps Best Practices: Secure Everything You Have April 20, 2024

   Sena Yakut

2. About me! DevSecOps Best Practices: Secure Everything You Have Sena

   Yakut Senior Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio

3. Agenda My Recommendations What, Why and How? Secure in Every

   Step

4. We don't live in a perfect world. Even the smallest

   thing you do is worth its weight in gold.

5. We need lots of people to do all of these.

   Do whatever you can.

6. We do not focus on tools. You can choose whatever

   you want. Your architecture, Your team, Your budget

7. Plan - Threat modeling, - Secure code standards, - IDE

   plugins

8. Plan You can read my blog: Use Amazon CodeWhisperer for

   Your AWS Security

9. Code - Static Application Security Testing (SAST), - Software Composition

   Analysis, - Supply Chain Attacks, - Secure Pipelines, - Secret Scanning

10. Code Static Application Security Testing (SAST)

11. Code Software Composition Analysis

12. Code Software Composition Analysis

13. Code Secret Scanning

14. Build and Test - Dynamic Application Security Testing (DAST): Mobile

    apps, web apps - Cloud Configuration Checks, - Vulnerability Management, - Penetration Testing, - API Testing

15. Build and Test

16. Build and Test

17. Release and Deploy -Access management -Live site pentesting -Configuration checks

18. Operate and Monitor - Alerts and Monitoring, - Threat Intelligence,

    - Log Analysis, - Asset Inventory and Monitoring

19. Operate and Monitor

20. Operate and Monitor

21. Cultural Aspect -Automation alone will not solve the problems. -Encourage

    your security mindset. -Avoid the blame game. -Build relationships with teams, don’t isolate.

22. DevSecOps Best Practices: Secure Everything You Have Sena Yakut Senior

    Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio