SlideShare a Scribd company logo

TWISummit 2019 - Build Security In

Thoughtworks
Thoughtworks

With agile and faster delivery becoming a norm, building security into the software is the best way to deliver secure software at the pace of DevOps. Then, what are the different people aspects, processes, practices and tools that uphold security seamlessly?

Technology
1 of 40
©ThoughtWorks 2019
The Security Sandwich } Security discussions Secure Infrastructure Penetration testing A lot of changes Who is taking care of security? ©ThoughtWorks 2019Reference: https://speakerdeck.com/shirishp/building-a-continuous-secure-delivery-pipeline
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ ©ThoughtWorks 2019
“The idea of a perimeter defense isn’t necessarily wrong, it’s just not enough.” - Dave Elliman https://www.thoughtworks.com/insights/blog/lean-model-security-and-security-practices ©ThoughtWorks 2019
Defense in depth Reference: https://www.gannett-cdn.com/-mm- /9bb83c731e5249c4c7a85922094689d746a603a1/c=0-0-580-435/local/- /media/2016/10/04/Rochester/wp-ROC-RocNext-10744-Security-is-like-an- onion1.jpg ©ThoughtWorks 2019
The scale problem ©ThoughtWorks 2019
Delivery at speed needs security at speed ©ThoughtWorks 2019
Cost of fixing a defect Cost When defect was found ©ThoughtWorks 2019
It is an evolutionary world, always ©ThoughtWorks 2019
©ThoughtWorks 2019Reference: https://speakerdeck.com/shirishp/building-a-continuous-secure-delivery-pipeline
©ThoughtWorks 2019
BSI - BUILD SECURITY IN (PRACTICES) Planning Requirement Design Security training ● For stakeholders ● For development team ● Business level threat modeling ● Security Acceptance criteria ● Evil/Abuse stories ● Application threat modeling with delivery team ● Architecture review ● Security defaults ● SAST ● Dependency check ● Secrets scan ● Security unit test run Automated security checks and access controls ● Security framework, API ● Security code ● review ● Security Driven Development ● Security scan ● Automated ● Scanning ● DAST ● Security functional testing ● Continuous pen- testing Build Code Testing Deploy ● Penetration testing, certification ● Automated checks ● Access Controls ● Server side DOS prevention ● Server & data hardening ● Monitoring and auditing Deploy and Release ● Ensuring Secure Containerisation ● Privilege Management ● Automated Container Assessment ©ThoughtWorks 2019
You need both! ©ThoughtWorks 2019
Pre-development ©ThoughtWorks 2019
● Make it easy to write secure code and difficult to make mistakes ● Build on top of secure libraries and frameworks ● Build security in upfront and try to make it seamless ● Define a security low bar which all projects need to meet, such as, ○ All passwords must be hashed ○ Host, networks are hardened ○ Whitelist access ● Provide tools which identify if an insecure dependency is introduced Securing Defaults ©ThoughtWorks 2019
Threat Modelling ©ThoughtWorks 2019
During Development ©ThoughtWorks 2019
SAST: Static Application Security Testing (SAST) ©ThoughtWorks 2019
Dependency Checker https://www.owasp.org/index.php/OWASP_Dependency_Check ©ThoughtWorks 2019
SAST - Checkmarx (commercial) https://www.checkmarx.com/products/static-application-security-testing/ ©ThoughtWorks 2019
Pre-commit Hooks https://github.com/thoughtworks/talisman ©ThoughtWorks 2019
Assessing Security Posture: Testing ©ThoughtWorks 2019
Designed to scan web applications, normally from the outside Great to catch low hanging fruits eg. missing CORS headers Can’t validate logic flaw automatically DAST: Dynamic Application Security Testing (DAST) AutomationSecurity Testing/Pen-Testing Holistic behaviour analysis testing Catches Many relevant and logical flaws in app Requires both Manual and Automated testing Can find critical flaws such as business logic, session issues, authZ and AuthN ... ©ThoughtWorks 2019
DAST - Burp Suite(commercial) https://portswigger.net/burp ©ThoughtWorks 2019
DAST Vulnerability Scanners Source: ibm.com Source: netsparker.com ©ThoughtWorks 2019
IAST/RASP blog.secodis.com ©ThoughtWorks 2019
Securing Infrastructure ©ThoughtWorks 2019
Infrastructure as Code ● Must have to fix security problems at one place propagate everywhere ● Compliance using code ● Manage Security Baseline for Org ● Can write security tests for ○ unnecessary services are disabled ○ ports that do not need to be open are indeed not open ○ Review permissions on sensitive files and directories ©ThoughtWorks 2019
Infrastructure Hardening ©ThoughtWorks 2019
Container Security: Twistlock Source: twistlock.com ©ThoughtWorks 2019
Through the Definition of ‘Done’ ©ThoughtWorks 2019
Demo: Secure pipeline ©ThoughtWorks 2019
An Optimised & Secure Pipeline ©ThoughtWorks 2019
©ThoughtWorks 2019
©ThoughtWorks 2019
Equifax breach • Apache Struts 2, CVE-2017-5638 • Patch released in March 7, 2017 • 148 million US,15.2 million UK customers records compromised • $1.4 B losses till now for clean up, Overhauling InfoSec Program Source: imperva.com Apache Struts 2 ©ThoughtWorks 2019
©ThoughtWorks 2019
Heartbleed • TLS Heartbleed(OpenSSL 1.0.1) • CVE-20140-0160 • TLS ‘heartbeat’ Extension • Missing Bounds Check before a memcpy() call • Community Health Systems • Personal data of about 4.5 million patients stolen https://www.chsinc.com/ ©ThoughtWorks 2019
Takeaways Establish Security Baselines Simplify, Breakdown and Accelerate Move to encouraging subscriptions Automate when in Code Ensure Timely Human Intervention Everybody Is Responsible For Security ©ThoughtWorks 2019
#TWISummit Please reach out with your ideas @harinee_m @NeeluTripathy THANK YOU ©ThoughtWorks 2019

Recommended

TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!Thoughtworks
 
TWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingTWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingThoughtworks
 
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!NETWAYS
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXDevOps.com
 
Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Cisco DevNet
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Serverless survival kit
Serverless survival kitServerless survival kit
Serverless survival kitSteve Houël
 
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Cisco DevNet
 

Recommended

TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!Thoughtworks
 
TWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingTWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingThoughtworks
 
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!NETWAYS
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXDevOps.com
 
Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Cisco DevNet
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Serverless survival kit
Serverless survival kitServerless survival kit
Serverless survival kitSteve Houël
 
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Cisco DevNet
 
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Cisco DevNet
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Research
 
From Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryFrom Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryNordic APIs
 
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...Cisco DevNet
 
Meeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningMeeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningCisco DevNet
 
Streaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingStreaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingAlexandre Gouaillard
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Research
 
2015 Q4 webrtc standards update
2015 Q4 webrtc standards update2015 Q4 webrtc standards update
2015 Q4 webrtc standards updateAlexandre Gouaillard
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Thomas Malmberg
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceAlexandre Gouaillard
 
The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas MaurerITCamp
 
NSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsNSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsAlan Sill
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology InnovationsImesh Gunaratne
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudIRJET Journal
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Build vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementBuild vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementKim Pike
 

More Related Content

What's hot

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Cisco DevNet
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Research
 
From Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryFrom Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryNordic APIs
 
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...Cisco DevNet
 
Meeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningMeeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningCisco DevNet
 
Streaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingStreaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingAlexandre Gouaillard
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Research
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Thomas Malmberg
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceAlexandre Gouaillard
 
The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas MaurerITCamp
 
NSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsNSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsAlan Sill
 

What's hot (12)

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
 
From Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryFrom Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM Story
 
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
 
Meeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningMeeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listening
 
Streaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingStreaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streaming
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
 
2015 Q4 webrtc standards update
2015 Q4 webrtc standards update2015 Q4 webrtc standards update
2015 Q4 webrtc standards update
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming service
 
The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer
 
NSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsNSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed Projects
 

Similar to TWISummit 2019 - Build Security In

A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology InnovationsImesh Gunaratne
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudIRJET Journal
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Build vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementBuild vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementKim Pike
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Chris Swan
 
IRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and IssuesIRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and IssuesIRJET Journal
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesHugo Rodrigues
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
Software-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOpsSoftware-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOpsVMware Tanzu
 
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsAgile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsTechWell
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuNixu Corporation
 

Similar to TWISummit 2019 - Build Security In (20)

A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical Systems
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Build vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementBuild vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access Management
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021
 
IRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and IssuesIRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and Issues
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 
Software-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOpsSoftware-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOps
 
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsAgile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 

More from Thoughtworks

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a ProductThoughtworks
 
Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & DogsThoughtworks
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovationThoughtworks
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teamsThoughtworks
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of InnovationThoughtworks
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer ExperienceThoughtworks
 
When we design together
When we design togetherWhen we design together
When we design togetherThoughtworks
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)Thoughtworks
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloudThoughtworks
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of InnovationThoughtworks
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go liveThoughtworks
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the RubiconThoughtworks
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!Thoughtworks
 
Docker container security
Docker container securityDocker container security
Docker container securityThoughtworks
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unitThoughtworks
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Thoughtworks
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to TuringThoughtworks
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked outThoughtworks
 

More from Thoughtworks (20)

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a Product
 
Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & Dogs
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovation
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teams
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of Innovation
 
Dual-Track Agile
Dual-Track AgileDual-Track Agile
Dual-Track Agile
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer Experience
 
When we design together
When we design togetherWhen we design together
When we design together
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of Innovation
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go live
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the Rubicon
 
Error handling
Error handlingError handling
Error handling
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!
 
Docker container security
Docker container securityDocker container security
Docker container security
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unit
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to Turing
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked out
 

Recently uploaded

Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Recently uploaded (20)

Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

TWISummit 2019 - Build Security In