Submit Search
Upload
DevSecOps practices for small teams
•
0 likes
•
248 views
AI-enhanced title
Nico Meisenzahl
Follow
DevOps practices for small teams and organizations, with a focus on security
Read less
Read more
Technology
Report
Share
Report
Share
1 of 23
Download now
Download to read offline
Recommended
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Tasktop
Dev secops. Real experience.
Dev secops. Real experience.
Vitaly Balashov
DevSecOps for the DoD
DevSecOps for the DoD
JamesHarmison
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
Benefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
Recommended
DevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
Aarno Aukia
DevSecOps reference architectures 2018
DevSecOps reference architectures 2018
Sonatype
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Painless DevSecOps: Building Security Into Your DevOps Pipeline
Tasktop
Dev secops. Real experience.
Dev secops. Real experience.
Vitaly Balashov
DevSecOps for the DoD
DevSecOps for the DoD
JamesHarmison
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Strengthen and Scale Security Using DevSecOps - OWASP Indonesia
Mohammed A. Imran
Benefits of DevSecOps
Benefits of DevSecOps
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
Tej Luthra
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
Priyanka Aash
10 things to get right for successful dev secops
10 things to get right for successful dev secops
Mohammed Ahmed
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
Tushar Gupta
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
WhiteSource
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Hui (Henry) Chen
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
DevSecOps Days
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days
Introduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
Professional Cloud DevOps Engineer - Study Group - Week 1
Professional Cloud DevOps Engineer - Study Group - Week 1
Ervin Weber
DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
DevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
How to automate your DevSecOps successfully
How to automate your DevSecOps successfully
Manuel Pistner
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
More Related Content
What's hot
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
Priyanka Aash
10 things to get right for successful dev secops
10 things to get right for successful dev secops
Mohammed Ahmed
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
Tushar Gupta
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
PIACERE
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
Dag Rowe
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Mohamed Nizzad
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Mohammed A. Imran
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
WhiteSource
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Hui (Henry) Chen
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
DevSecOps Days
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days
Introduction to DevSecOps
Introduction to DevSecOps
Setu Parimi
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Tonex
Professional Cloud DevOps Engineer - Study Group - Week 1
Professional Cloud DevOps Engineer - Study Group - Week 1
Ervin Weber
DevSecOps 101
DevSecOps 101
Narudom Roongsiriwong, CISSP
DevSecOps : an Introduction
DevSecOps : an Introduction
Prashanth B. P.
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
kloia
How to automate your DevSecOps successfully
How to automate your DevSecOps successfully
Manuel Pistner
What's hot
(20)
Dos and Don'ts of DevSecOps
Dos and Don'ts of DevSecOps
10 things to get right for successful dev secops
10 things to get right for successful dev secops
Automating Security Compliance on AWS with DevSecOps
Automating Security Compliance on AWS with DevSecOps
PIACERE - DevSecOps Automated
PIACERE - DevSecOps Automated
Dev secops security and compliance at the speed of continuous delivery - owasp
Dev secops security and compliance at the speed of continuous delivery - owasp
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
DevSecops: Defined, tools, characteristics, tools, frameworks, benefits and c...
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
Practical DevSecOps Course - Part 1
Practical DevSecOps Course - Part 1
Barriers to Container Security and How to Overcome Them
Barriers to Container Security and How to Overcome Them
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
Zero to Ninety in Securing DevOps
Zero to Ninety in Securing DevOps
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
DevSecOps Days SF at RSA Conference 2018
DevSecOps Days SF at RSA Conference 2018
Introduction to DevSecOps
Introduction to DevSecOps
DevSecOps Training Bootcamp - A Practical DevSecOps Course
DevSecOps Training Bootcamp - A Practical DevSecOps Course
Professional Cloud DevOps Engineer - Study Group - Week 1
Professional Cloud DevOps Engineer - Study Group - Week 1
DevSecOps 101
DevSecOps 101
DevSecOps : an Introduction
DevSecOps : an Introduction
Secure Your Code Implement DevSecOps in Azure
Secure Your Code Implement DevSecOps in Azure
How to automate your DevSecOps successfully
How to automate your DevSecOps successfully
Similar to DevSecOps practices for small teams
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
Nico Meisenzahl
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
Cloud Native Rosenheim Meetup
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
Nico Meisenzahl
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
Nico Meisenzahl
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
Nico Meisenzahl
GitHub Actions 101
GitHub Actions 101
Nico Meisenzahl
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
Nico Meisenzahl
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
NGINX, Inc.
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Nico Meisenzahl
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Nico Meisenzahl
Mitigate potential compliance risks
Mitigate potential compliance risks
Jürgen Brüder
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Nico Meisenzahl
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Nico Meisenzahl
Cncf checkov and bridgecrew
Cncf checkov and bridgecrew
LibbySchulze
Similar to DevSecOps practices for small teams
(20)
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
KCD Munich 2022: How to Prevent Your Kubernetes Cluster From Being Hacked
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
Container Days: Hijack a Kubernetes Cluster - a Walkthrough
How to Prevent Your Kubernetes Cluster From Being Hacked
How to Prevent Your Kubernetes Cluster From Being Hacked
ContainerConf 2022: Hijack Kubernetes
ContainerConf 2022: Hijack Kubernetes
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & O...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
GitLab Remote Meetup: Enhance Your Kubernetes CI/CD Pipelines with GitLab & ...
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
KCD Munich 2022: Hijack a Kubernetes Cluster - a Walkthrough
Cloud Love Conference: Kubernetes is awesome, but...
Cloud Love Conference: Kubernetes is awesome, but...
Azure Rosenheim Meetup: Azure Service Operator
Azure Rosenheim Meetup: Azure Service Operator
GitHub Actions 101
GitHub Actions 101
ContainerConf 2022: Kubernetes is awesome - but...
ContainerConf 2022: Kubernetes is awesome - but...
Shift Left for More Secure Apps with F5 NGINX
Shift Left for More Secure Apps with F5 NGINX
Hijack a Kubernetes Cluster - a Walkthrough
Hijack a Kubernetes Cluster - a Walkthrough
azdevcom - Hijack a Kubernetes Cluster
azdevcom - Hijack a Kubernetes Cluster
Mitigate potential compliance risks
Mitigate potential compliance risks
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
Container Day Security: How to Prevent Your Kubernetes Cluster From Being Hacked
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
DevOpsCon Berlin: Helm vs Operators – Do I Need to Decide?
Cncf checkov and bridgecrew
Cncf checkov and bridgecrew
More from Nico Meisenzahl
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Nico Meisenzahl
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
Nico Meisenzahl
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Nico Meisenzahl
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Nico Meisenzahl
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
Nico Meisenzahl
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Nico Meisenzahl
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Nico Meisenzahl
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Nico Meisenzahl
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Nico Meisenzahl
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Nico Meisenzahl
Die Evolution von Container Image Builds
Die Evolution von Container Image Builds
Nico Meisenzahl
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Nico Meisenzahl
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Nico Meisenzahl
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
Nico Meisenzahl
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Nico Meisenzahl
More from Nico Meisenzahl
(15)
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Cloud-Native & Sustainability: How and Why to Build Sustainable Workloads
Festive Tech Calendar: Festive time with AKS networking
Festive Tech Calendar: Festive time with AKS networking
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Azure Zürich User Group: Azure Kubernetes Service – more than just a managed ...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Enhance Your Compliance and Governance With Policy-Base...
Continuous Lifecycle: Hijack Kubernetes
Continuous Lifecycle: Hijack Kubernetes
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
GitLab Commit: Enhance your Compliance with Policy-Based CI/CD
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
Azure Meetup Hamburg: Production-Ready Terraform Deployments on Azure
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
GitLab Commit DevOps: How GitLab Can Save your Kubernetes environment from Be...
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Azure Saturday Hamburg: Containerize Your .NET Microservice - the Right Way!
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Cloud Native Day: Cloud-native Anwendungsentwicklung im Jahr 2021
Die Evolution von Container Image Builds
Die Evolution von Container Image Builds
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Azure Service Operator - Provision Your Resources in a Cloud-Native Way
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
Effiziente CI/CD-Pipelines – mit den richtigen Tools klappt das
DevOpsCon London: How containerized Pipelines can boost your CI/CD
DevOpsCon London: How containerized Pipelines can boost your CI/CD
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure ...
Recently uploaded
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
HostedbyConfluent
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Recently uploaded
(20)
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
DevSecOps practices for small teams
1.
DevOps practices for
small teams and organizations, with a focus on security Microsoft DevOps Forum 2021 – DevOps & Security
2.
Nico Meisenzahl • Senior
Cloud & DevOps Consultant at white duck • Microsoft MVP, Docker Community Leader & GitLab Hero • Container, Kubernetes, Cloud-Native & DevOps © white duck GmbH 2021 Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org
3.
Agenda • Current state
of DevSecOps in small teams & orgs • Demo: Implementing quick wins • Get started with DevSecOps • Implement quick wins © white duck GmbH 2021
4.
Current state of
DevSecOps DevOps is now widely known and increasingly implemented in small teams & organizations. DevSecOps practices, on the other hand, are not well- known and typically not yet adopted. © white duck GmbH 2021
5.
Current state of
DevSecOps in small teams & orgs • overall low Cloud / Cloud-Native security knowledge • same “problems” with security as with QA • no big invests • no real focus until there is breach or issue • no shift-left and fail-fast cultures • no security baseline • like governance, policies and landing zones © white duck GmbH 2021
6.
What we see
at clients • traditional IT departments trying to secure cloud-native projects by relying on on-premises and outdated patterns • slowing down of projects & inovation, but no real increased security • an MVP (Minimum Viable Product) is leveraged as a long- term solution • skipped topics (in terms of time-to-market) are not considered anymore © white duck GmbH 2021
7.
What we see
at clients • self-managed resources are sometimes preferred over PaaS and SaaS • then, not maintained with the necessary staff to operate them safely • self-implemented Identity management (AuthN, AuthZ) • without utilizing common best practices, managed services, and libraries/frameworks © white duck GmbH 2021
8.
SANS 2021 Cloud
Security Survey © white duck GmbH 2021
9.
Demo – Implementing
quick wins • “Ping me app”, based on Golang, deployed to ACI and exposed via App Gateway © white duck GmbH 2021
10.
Demo recap • we
found a security vulnerability and injected commands • we consulted the docs for security recommendations • we implemented a Web Application Firewall (WAF) to secure our app • we enabled Code Scanning in our GitHub Repo to fix the issue as well as to find future security issues in earlier stages © white duck GmbH 2021
11.
Get started with
DevSecOps • start small and grow • introduce security into all DevOps stages • try to shift security to the left • implement zero-trust Tip: Security should be easy to use, integrated and automated © white duck GmbH 2021
12.
Educate yourself • consult
documentation • general docs • Cloud Adoption Framework • https://docs.microsoft.com/azure/cloud-adoption-framework • Azure & GitHub at Microsoft Learn • https://docs.microsoft.com/learn • join a local Meetup group • https://www.meetup.com/pro/azuretechgroups Tip: Get certified © white duck GmbH 2021
13.
Stay up-to-date • Azure
Updates • https://azure.microsoft.com/updates • GitHub Updates • https://github.blog/changelog • https://github.blog/category/product • Azure Friday • https://azure.microsoft.com/resources/videos/azure-friday © white duck GmbH 2021
14.
Security quick wins
through the DevOps cycle © white duck GmbH 2021
15.
Enable your team •
integrate security staff in your development lifecycle (Sprint) • educate developers to raise their security awareness • implement pair programming • enforce PR reviews © white duck GmbH 2021
16.
Ensure secure code •
automate and enforce code checks • check your code for secret • schedule dependency scanning • Dependabot • enforce Static Application Security Testing (SAST) in PRs • scans your code to identify potential security vulnerabilities © white duck GmbH 2021
17.
SAST Tooling • GitHub
CodeQL • https://codeql.github.com • .Net & .Net Core • https://security-code-scan.github.io • Golang • https://securego.io • Kubernetes manifests • https://kubesec.io • Terraform • https://github.com/tfsec/tfsec © white duck GmbH 2021
18.
Ensure secure code
(next stage) • implement automated Dynamic Application Security Testing (DAST) • black-box scanning against a running web application • scheduled scan your artifacts and containers • sign your artifacts and containers © white duck GmbH 2021
19.
App Vulnerability Management
Tooling • Zed Attack Proxy • https://www.zaproxy.org • DefectDojo • https://www.defectdojo.org © white duck GmbH 2021
20.
Ensure a secure
runtime • implement zero-trust • automate everything (App and infrastructure deployments) • prefer PaaS and SaaS over unmanaged services • review Azure Advisor recommendations • opt-in for Azure Security Center to get even more insights • design & implement a Cloud Governance strategy • IAM, Polices, Landing Zone, … © white duck GmbH 2021
21.
Monitor, review and
iterate • implementing security is not a one-time job • you need to stay up-to-date • think big, but start small and iterate • as we do in application development © white duck GmbH 2021
22.
Implement best practices •
https://docs.microsoft.com/de-de/azure/security/ • https://docs.microsoft.com/en-us/security/cybersecurity- reference-architecture/mcra • https://docs.microsoft.com/de- de/azure/architecture/solution-ideas/articles/devsecops-in- github © white duck GmbH 2021
23.
Questions? Nico Meisenzahl (Senior
Cloud & DevOps Consultant) Phone: +49 8031 230159 0 Email: nico.meisenzahl@whiteduck.de Twitter: @nmeisenzahl LinkedIn: https://www.linkedin.com/in/nicomeisenzahl Blog: https://meisenzahl.org © white duck GmbH 2021
Download now