SlideShare a Scribd company logo

RSAC DevSecOpsDays 2018 - We are all Equifax

Sonatype
Sonatype

RSAC DevSecOpsDays 2018 - We are all Equifax

Technology
1 of 28
Download to read offline
We Are All Equifax Derek E. Weeks Vice President, Sonatype Co-founder, All Day DevOps @weekstweets
“Emphasize performance of the entire system and never pass a defect downstream.” Gene Kim The Phoenix Project 2013
Say Hello to Your Software Supply Chain… @weekstweets
THE SSC INDEX Open Source Component Download Requests, The Central Repository, 2008 - 2017 87 2017
80% to 90% of modern apps consist of assembled components.
80% to 90% of modern operations consist of assembled containers. Containers Hand-built applications and infrastructure
NOT ALL PARTS ARE CREATED EQUAL @weekstweets
@weekstweets CYBERSECURITY HYGIENE RATIO IS 1 IN 8 @weekstweets
170,000 Java component downloads annually 18,870 11.1% with known vulnerabilities 7,500 ORGANIZATIONS ANALYZED @weekstweets
6-IN-10 HAVE OPEN SOURCE POLICIES @weekstweets
DEFECT PERCENTAGES FOR JAVASCRIPT @weekstweets
5 Month Opportunity to Take Corrective Action Large Scale Exploit March 10 Equifax applications breached through Struts2 vulnerability AprMar May Jun Jul Aug Sept March 7 Apache Struts releases updated version to thwart vulnerability CVE-2017-5638 July 29 Breach is discovered by Equifax. Sept 7 A new RCE vulnerability is announced and fixed. CVE-2017-9805 Probing Hack Crisis Management
3 DAYS BEFORE EXPLOIT Source: Adapted from IBM X-Force / Analysis by Gartner Research (September 2016) Year of Date Reported 2006 2007 2008 2009 2010 2011 2012 2013 2104 2015 10 20 30 40 50 0 AverageDaystoExploit Average 45 15 2017
Struts vulnerability announced The breach Breach discovered. New Struts and Spring vulnerabilities. 12 months since Equifax breach. 0 20,000 40,000 60,000 80,000 100,000 120,000 Mar-17 Apr-17 May-17 Jun-17 Jul-17 Aug-17 Sep-17 Oct-17 Nov-17 Dec-17 Jan-18 Feb-18 Mar-18 Total Breach disclosed. 80% SHOW POOR CYBER HYGIENE Number of vulnerable Struts component downloads per month
Source: Maven Central Repository, March 2018 VULNERABLE SPRING FRAMEWORK DOWNLOADS CVE-2017-8046
72% see security pros in the role of “nag”.
Check in Trigger Feedback Trigger
Which application security tools are critical to your organization?
TRUSTED SOFTWARE SUPPLY CHAINS
The question is not: Can we build secure software?
Businesses decide where and how to invest in cybersecurity based on a cost-benefit assessment but they are ultimately liable for the security of their data and systems. U.K.’s National Cyber Security Strategy 2016 - 2021
“Emphasize performance of the entire system and never pass a defect downstream.” Gene Kim The Phoenix Project 2013
weeks@sonatype.com
RSAC DevSecOpsDays 2018 - We are all Equifax

Recommended

DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018DevSecOps Days
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
How to automate your DevSecOps successfully
How to automate your DevSecOps successfullyHow to automate your DevSecOps successfully
How to automate your DevSecOps successfullyManuel Pistner
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 

Recommended

DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018DevSecOps Days
 
The New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsThe New Security Playbook: DevSecOps
The New Security Playbook: DevSecOpsJames Wickett
 
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...
Introducing DevSecOps by Madhu Akula - Software Security Bangalore - May 27 2...SecureSoftwareDevOn SecureSoftwareDevOn
 
How to automate your DevSecOps successfully
How to automate your DevSecOps successfullyHow to automate your DevSecOps successfully
How to automate your DevSecOps successfullyManuel Pistner
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon
 
DevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineDevSecOps Singapore 2017 - Security in the Delivery Pipeline
DevSecOps Singapore 2017 - Security in the Delivery PipelineJames Wickett
 
Benefits of DevSecOps
Benefits of DevSecOpsBenefits of DevSecOps
Benefits of DevSecOpsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1Mohammed A. Imran
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOpsMichelangelo van Dam
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsMichael Man
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDFranklin Mosley
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
DevSecOps
DevSecOpsDevSecOps
DevSecOpsJoel Divekar
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)Hui (Henry) Chen
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon
 
DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019Sonatype
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOpsDevOps Indonesia
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureStefan Streichsbier
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101Narudom Roongsiriwong, CISSP
 
Hacker Games & DevSecOps
Hacker Games & DevSecOpsHacker Games & DevSecOps
Hacker Games & DevSecOpslokori
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 
Securing Modern Applications: The Data Behind DevSecOps
Securing Modern Applications: The Data Behind DevSecOpsSecuring Modern Applications: The Data Behind DevSecOps
Securing Modern Applications: The Data Behind DevSecOpsEficode
 
Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply Chain Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply Chain DevOps.com
 

More Related Content

What's hot

DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsMichael Man
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDFranklin Mosley
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an IntroductionPrashanth B. P.
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesSonatype
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsPriyanka Aash
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOpsArchana Joshi
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference ArchitecturesSonatype
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big pictureDevSecOpsSg
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018Sonatype
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)Hui (Henry) Chen
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon
 
DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019Sonatype
 
Hacker Games & DevSecOps
Hacker Games & DevSecOpsHacker Games & DevSecOps
Hacker Games & DevSecOpslokori
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsWhiteSource
 

What's hot (20)

DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
 
DevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOpsDevSecOps The Evolution of DevOps
DevSecOps The Evolution of DevOps
 
DevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CDDevSecOps: A New Hope for Security in CI/CD
DevSecOps: A New Hope for Security in CI/CD
 
DevSecOps : an Introduction
DevSecOps : an IntroductionDevSecOps : an Introduction
DevSecOps : an Introduction
 
DevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & MicroservicesDevOps Friendly Doc Publishing for APIs & Microservices
DevOps Friendly Doc Publishing for APIs & Microservices
 
PIACERE - DevSecOps Automated
PIACERE - DevSecOps AutomatedPIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
 
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOpsDos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
 
Demystifying DevSecOps
Demystifying DevSecOpsDemystifying DevSecOps
Demystifying DevSecOps
 
2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures2019 DevSecOps Reference Architectures
2019 DevSecOps Reference Architectures
 
DevSecOps
DevSecOpsDevSecOps
DevSecOps
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
 
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
DevSecCon Boston 2018: Building a practical DevSecOps pipeline for free by Je...
 
DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019DevOps Days Columbus - Derek Weeks - 2019
DevOps Days Columbus - Derek Weeks - 2019
 
The State of DevSecOps
The State of DevSecOpsThe State of DevSecOps
The State of DevSecOps
 
DevSecOps - The big picture
DevSecOps - The big pictureDevSecOps - The big picture
DevSecOps - The big picture
 
DevSecOps 101
DevSecOps 101DevSecOps 101
DevSecOps 101
 
Hacker Games & DevSecOps
Hacker Games & DevSecOpsHacker Games & DevSecOps
Hacker Games & DevSecOps
 
The Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOpsThe Challenges of Scaling DevSecOps
The Challenges of Scaling DevSecOps
 

Similar to RSAC DevSecOpsDays 2018 - We are all Equifax

Securing Modern Applications: The Data Behind DevSecOps
Securing Modern Applications: The Data Behind DevSecOpsSecuring Modern Applications: The Data Behind DevSecOps
Securing Modern Applications: The Data Behind DevSecOpsEficode
 
Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply Chain Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply Chain DevOps.com
 
Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply ChainPost-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply ChainDeborah Schalm
 
Lessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksLessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksDevSecCon
 
On the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemOn the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemTom Mens
 
Journey to the Modern App with Containers, Microservices and Big Data
Journey to the Modern App with Containers, Microservices and Big DataJourney to the Modern App with Containers, Microservices and Big Data
Journey to the Modern App with Containers, Microservices and Big DataLightbend
 
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018Adhitya Hartowo
 
State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017Matthew Howard
 
Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Ken Owens
 
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...Gene Kim
 
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018Larry Eichenbaum
 
Connect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionConnect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowAmien Harisen Rosyandino
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gatesEoin Keary
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Jeff Williams
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsStefan Streichsbier
 

Similar to RSAC DevSecOpsDays 2018 - We are all Equifax (20)

Securing Modern Applications: The Data Behind DevSecOps
Securing Modern Applications: The Data Behind DevSecOpsSecuring Modern Applications: The Data Behind DevSecOps
Securing Modern Applications: The Data Behind DevSecOps
 
Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply Chain Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply Chain
 
Post-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply ChainPost-Equifax: How to Trust But Verify Your Software Supply Chain
Post-Equifax: How to Trust But Verify Your Software Supply Chain
 
Lessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek WeeksLessons learned from Detroit to Deming by Derek Weeks
Lessons learned from Detroit to Deming by Derek Weeks
 
On the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemOn the health of the npm packaging ecosystem
On the health of the npm packaging ecosystem
 
Journey to the Modern App with Containers, Microservices and Big Data
Journey to the Modern App with Containers, Microservices and Big DataJourney to the Modern App with Containers, Microservices and Big Data
Journey to the Modern App with Containers, Microservices and Big Data
 
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
DevOps Night - Shifting Security to the Left - SCTV Tower - 19 September 2018
 
State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017
 
Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!Enabling application portability with the greatest of ease!
Enabling application portability with the greatest of ease!
 
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...
GitHub Universe: 2019: Exemplars, Laggards, and Hoarders A Data-driven Look a...
 
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
Chef Automating Everything-AWS-PubSec-SAO-WashDC_2018
 
Connect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API ProtectionConnect Ops and Security with Flexible Web App and API Protection
Connect Ops and Security with Flexible Web App and API Protection
 
Pentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrowPentest is yesterday, DevSecOps is tomorrow
Pentest is yesterday, DevSecOps is tomorrow
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gates
 
Ayanava cv latest
Ayanava cv latestAyanava cv latest
Ayanava cv latest
 
Ayanava cv latest
Ayanava cv latestAyanava cv latest
Ayanava cv latest
 
Going Reactive in Java with Typesafe Reactive Platform
Going Reactive in Java with Typesafe Reactive PlatformGoing Reactive in Java with Typesafe Reactive Platform
Going Reactive in Java with Typesafe Reactive Platform
 
Giri_WCS
Giri_WCSGiri_WCS
Giri_WCS
 
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...Continuous Application Security at Scale with IAST and RASP -- Transforming D...
Continuous Application Security at Scale with IAST and RASP -- Transforming D...
 
SCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOpsSCS DevSecOps Seminar - State of DevSecOps
SCS DevSecOps Seminar - State of DevSecOps
 

More from Sonatype

30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOpsSonatype
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps SurveySonatype
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseSonatype
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandSonatype
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealSonatype
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way ForwardSonatype
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizSonatype
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanSonatype
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsSonatype
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSSonatype
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using AnsibleSonatype
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsSonatype
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure AutomationSonatype
 
Continuous Everyone: Engaging People Across the Continuous Pipeline
Continuous Everyone: Engaging People Across the Continuous PipelineContinuous Everyone: Engaging People Across the Continuous Pipeline
Continuous Everyone: Engaging People Across the Continuous PipelineSonatype
 
The Road to Continuous Deployment
The Road to Continuous Deployment The Road to Continuous Deployment
The Road to Continuous Deployment Sonatype
 
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...Sonatype
 
I, For One, Welcome Our New Robot Overlords
I, For One, Welcome Our New Robot OverlordsI, For One, Welcome Our New Robot Overlords
I, For One, Welcome Our New Robot OverlordsSonatype
 
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...Sonatype
 

More from Sonatype (20)

30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps30+ Nexus Integrations to Accelerate DevOps
30+ Nexus Integrations to Accelerate DevOps
 
2017 DevSecOps Survey
2017 DevSecOps Survey2017 DevSecOps Survey
2017 DevSecOps Survey
 
Starting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the EnterpriseStarting and Scaling DevOps In the Enterprise
Starting and Scaling DevOps In the Enterprise
 
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason HandThe Unrealized Role of Monitoring & Alerting w/ Jason Hand
The Unrealized Role of Monitoring & Alerting w/ Jason Hand
 
DevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen BealDevOps and All the Continuouses w/ Helen Beal
DevOps and All the Continuouses w/ Helen Beal
 
Serverless and the Way Forward
Serverless and the Way ForwardServerless and the Way Forward
Serverless and the Way Forward
 
A Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward RuizA Small Association's Journey to DevOps w/ Edward Ruiz
A Small Association's Journey to DevOps w/ Edward Ruiz
 
What's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris SwanWhat's My Security Policy Doing to My Help Desk w/ Chris Swan
What's My Security Policy Doing to My Help Desk w/ Chris Swan
 
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-orsCharacterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
Characterizing and Contrasting Kuhn-tey-ner Awr-kuh-streyt-ors
 
Static Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin CollinsStatic Analysis For Security and DevOps Happiness w/ Justin Collins
Static Analysis For Security and DevOps Happiness w/ Justin Collins
 
Automated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSSAutomated Infrastructure Security: Monitoring using FOSS
Automated Infrastructure Security: Monitoring using FOSS
 
System Hardening Using Ansible
System Hardening Using AnsibleSystem Hardening Using Ansible
System Hardening Using Ansible
 
There is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless ArchitectureThere is No Server: Immutable Infrastructure and Serverless Architecture
There is No Server: Immutable Infrastructure and Serverless Architecture
 
Getting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with JenkinsGetting out of the Job Jungle with Jenkins
Getting out of the Job Jungle with Jenkins
 
Modern Infrastructure Automation
Modern Infrastructure AutomationModern Infrastructure Automation
Modern Infrastructure Automation
 
Continuous Everyone: Engaging People Across the Continuous Pipeline
Continuous Everyone: Engaging People Across the Continuous PipelineContinuous Everyone: Engaging People Across the Continuous Pipeline
Continuous Everyone: Engaging People Across the Continuous Pipeline
 
The Road to Continuous Deployment
The Road to Continuous Deployment The Road to Continuous Deployment
The Road to Continuous Deployment
 
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
Docker Inside/Out: The 'Real' Real- World World of Stacking Containers in pro...
 
I, For One, Welcome Our New Robot Overlords
I, For One, Welcome Our New Robot OverlordsI, For One, Welcome Our New Robot Overlords
I, For One, Welcome Our New Robot Overlords
 
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
Meta Infrastructure as Code: How Capital One Automated Our Automation Tools w...
 

Recently uploaded

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Recently uploaded (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

RSAC DevSecOpsDays 2018 - We are all Equifax