Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevSecOps Best Practices- Secure Everything You Have

Sena Yakut
April 21, 2024
0
93

DevSecOps Best Practices- Secure Everything You Have

Sena Yakut

April 21, 2024
Tweet

More Decks by Sena Yakut

See All by Sena Yakut
Securing The Sky Strategies For Protecting Against Cloud Hacking
senayakut
0
67
Cloud Security From Scratch
senayakut
0
66
Cloud Security 101: Ultimate weapon against cyber threats
senayakut
0
92
Journey to the Cloud: An Introduction and Security Overview
senayakut
0
20
Explore Ten Ways to Secure The Cloud
senayakut
0
38
PartyRock-Your Security Supporters
senayakut
0
32
AWS_Security_Best_Practices.pdf
senayakut
0
570
Exploring Cloud Security in the Landscape of Future Technologies
senayakut
0
30
Are Your APIs Really Secure? Are You Sure?
senayakut
0
23

Featured

See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Code Reviewing Like a Champion
maltzj
515
39k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
660
120k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
14
8.4k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
What the flash - Photography Introduction
edds
64
11k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.9k
Visualization
eitanlees
137
14k
jQuery: Nuts, Bolts and Bling
dougneiner
60
7.2k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
21
1.6k

Transcript

  1. DevSecOps Best Practices: Secure Everything You Have April 20, 2024

    Sena Yakut

  2. About me! DevSecOps Best Practices: Secure Everything You Have Sena

    Yakut Senior Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio

  3. Agenda My Recommendations What, Why and How? Secure in Every

    Step

  4. We don't live in a perfect world. Even the smallest

    thing you do is worth its weight in gold.

  5. We need lots of people to do all of these.

    Do whatever you can.

  6. We do not focus on tools. You can choose whatever

    you want. Your architecture, Your team, Your budget

  7. Plan - Threat modeling, - Secure code standards, - IDE

    plugins

  8. Plan You can read my blog: Use Amazon CodeWhisperer for

    Your AWS Security

  9. Code - Static Application Security Testing (SAST), - Software Composition

    Analysis, - Supply Chain Attacks, - Secure Pipelines, - Secret Scanning

  10. Code Static Application Security Testing (SAST)

  11. Code Software Composition Analysis

  12. Code Software Composition Analysis

  13. Code Secret Scanning

  14. Build and Test - Dynamic Application Security Testing (DAST): Mobile

    apps, web apps - Cloud Configuration Checks, - Vulnerability Management, - Penetration Testing, - API Testing

  15. Build and Test

  16. Build and Test

  17. Release and Deploy -Access management -Live site pentesting -Configuration checks

  18. Operate and Monitor - Alerts and Monitoring, - Threat Intelligence,

    - Log Analysis, - Asset Inventory and Monitoring

  19. Operate and Monitor

  20. Operate and Monitor

  21. Cultural Aspect -Automation alone will not solve the problems. -Encourage

    your security mindset. -Avoid the blame game. -Build relationships with teams, don’t isolate.

  22. DevSecOps Best Practices: Secure Everything You Have Sena Yakut Senior

    Cloud Security Engineer senayakut.com sena_yakutt sena-yakut Lyrebird Studio