Diego Gabriel Cardoso, profile picture
Uploaded byDiego Gabriel Cardoso
PPTX, PDF162 views

2020 05-tech saturday-devsecops-#2-v03

This document discusses DevSecOps and integrating security into the development process. It begins with an introduction to methodologies like Waterfall and Agile development. It then explains how DevOps aims to improve speed and collaboration between developers and operations teams. However, security teams are often separate from this process. DevSecOps aims to shift security left into planning, design, and coding to catch vulnerabilities earlier. It outlines how to implement security practices throughout the development cycle, including threat modeling, security scanning tools, training, and testing. The conclusion is that DevSecOps is becoming more important as the need for secure and private software increases.

Embed presentation

Downloaded 12 times
Shaping the future of digital business 1CONFIDENTIALGFT GROUP 09/05/20 #Maio - 2020 DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil diego.cardoso@gft.com #DevSecOps #BeTransformationAgent #TechSaturday
• Orgulhoso Filho, Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • + 6 anos trabalhando na GFT • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
Shaping the future of digital business 3CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps Enablement 3. CyberSecurity 4. OWASP 5. DevSecOps
Shaping the future of digital business 4CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
Shaping the future of digital business 5CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
Shaping the future of digital business 6CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
Shaping the future of digital business 7CONFIDENTIALGFT GROUP 09/05/2020 DevOps – Landscape 2019
Shaping the future of digital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
Shaping the future of digital business 10CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
Shaping the future of digital business 11CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
Shaping the future of digital business 12CONFIDENTIALGFT GROUP DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps – The Evolution of Security Teams
Shaping the future of digital business 13CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #BeTransformationAgent #TechSaturday
Shaping the future of digital business 14CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DevSecOps = DevOps + Security
Shaping the future of digital business 15CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software BUILD insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software RELEASE insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
Shaping the future of digital business 16CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build Repositório de Binários Repositório Código Release Tests Quality Scan Security Scan Configuration Repo Key vault / configuration Branches Policies Monitor Optmize User Stories PO / BA DEV QA OPS SEC Feature Flag Promoção de Pacotes DEV HML PPD Infra Performance Infra Costs Observability PRD Penetration Tests Version = TAG Release = TAG Infra Automation DevSecOps Services: Development Cycle
Shaping the future of digital business 17CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build master hotfix develop feature bugfix Testes Scan Qualidade Scan Segurança TAG: 1.0.0 Repositório de Binários Versão: 1.0.0.20200318-01 Branch Gate Release HML PPD PRD DEV Repositório Configuração Branch Gate Pull-Request Pull-Request Pull-Request DevSecOps: Build & Release
Shaping the future of digital business 18CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Azure Artifacts Azure Pipelines DevSecOps: Build & Release
Shaping the future of digital business 19CONFIDENTIALGFT GROUP SAST DevSecOps – Security Scan Tools (part I) DAST
Shaping the future of digital business 20CONFIDENTIALGFT GROUP IAST DevSecOps – Security Scan Tools (part. II) OSS
Shaping the future of digital business 21CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness and training • Evil Stories ( ethical hacking) • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Are you aware about TOP risks/vulnerabilities (OWASP) ? • Is my application/product protected ? • Is my application/product/code exposing sensitive data or secrets ? • Are my dependencies (3rd party libraries) secure ? Test • SAST + DAST + IAST • Sensitive info scan (SIS) • Composition Analysis (SCA) • Fuzzing (random inputs) • Pen-Test DevSecOps – Leading the Transformation
Shaping the future of digital business 22CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2020
Shaping the future of digital business 23CONFIDENTIALGFT GROUP Maio - 2020 We Innovate, Transform, Deliver DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil diego.cardoso@gft.com Muito Obrigado! Perguntas? #DevSecOps #BeTransformationAgent #TechSaturday

More Related Content

PDF
DevSecOps: Colocando segurança na esteira
byDiego Gabriel Cardoso
 
PDF
DevSecOps - Colocando segurança na esteira
byDiego Gabriel Cardoso
 
PPTX
DevSecOps: Colocando segurança na esteira
byDiego Gabriel Cardoso
 
PDF
Bridging the Security Testing Gap in Your CI/CD Pipeline
byDevOps.com
 
PDF
Application Security in a DevOps World
byCA Technologies
 
PPTX
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
byRootedCON
 
PDF
Zero to Ninety in Securing DevOps
byDevSecOps Days
 
PDF
Csa Summit 2017 - Un viaje seguro hacia la nube
byCSA Argentina
 
DevSecOps: Colocando segurança na esteira
byDiego Gabriel Cardoso
 
DevSecOps - Colocando segurança na esteira
byDiego Gabriel Cardoso
 
DevSecOps: Colocando segurança na esteira
byDiego Gabriel Cardoso
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
byDevOps.com
 
Application Security in a DevOps World
byCA Technologies
 
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
byRootedCON
 
Zero to Ninety in Securing DevOps
byDevSecOps Days
 
Csa Summit 2017 - Un viaje seguro hacia la nube
byCSA Argentina
 

What's hot

PDF
DevSecOps - Building continuous security into it and app infrastructures
byPriyanka Aash
 
PDF
Take Control: Design a Complete DevSecOps Program
byDeborah Schalm
 
PDF
Containers and Kubernetes without limits
byAntje Barth
 
PDF
E bpf and profilers
byLibbySchulze
 
PDF
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
byOWASP
 
PDF
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
byAarno Aukia
 
PPTX
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
byAgile Testing Alliance
 
PDF
Top 10 Practices of Highly Successful DevOps Incident Management Teams
byDeborah Schalm
 
PDF
A worldwide journey to build a secure development environment
byPriyanka Aash
 
PDF
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
PDF
Release Your Inner DevSecOp
byJames Wickett
 
PPTX
Defining DevSecOps
byUchit Vyas ☁
 
PDF
Building a DevSecOps Pipeline Around Your Spring Boot Application
byVMware Tanzu
 
PDF
Maturing DevSecOps: From Easy to High Impact
bySBWebinars
 
PDF
Api gitlab: configurazione dei progetti as a service
byEmerasoft, solutions to collaborate
 
PDF
Managing Compliance in Container Environments
byTwistlock
 
PDF
The New Ways of DevSecOps - The Secure Dev 2019
byJames Wickett
 
PDF
General presentation - Bitcraft
byKamila Katyal
 
DOCX
Jose_Casorla_resume
byJoseCasorla1
 
PDF
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
byLogico
 
DevSecOps - Building continuous security into it and app infrastructures
byPriyanka Aash
 
Take Control: Design a Complete DevSecOps Program
byDeborah Schalm
 
Containers and Kubernetes without limits
byAntje Barth
 
E bpf and profilers
byLibbySchulze
 
OWASP Poland 13 November 2018 - Martin Knobloch - Building Secure Software
byOWASP
 
IT Governance and Security Architecture in Docker, Kubernetes, OpenShift
byAarno Aukia
 
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...
byAgile Testing Alliance
 
Top 10 Practices of Highly Successful DevOps Incident Management Teams
byDeborah Schalm
 
A worldwide journey to build a secure development environment
byPriyanka Aash
 
Pentest is yesterday, DevSecOps is tomorrow
byAmien Harisen Rosyandino
 
Release Your Inner DevSecOp
byJames Wickett
 
Defining DevSecOps
byUchit Vyas ☁
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
byVMware Tanzu
 
Maturing DevSecOps: From Easy to High Impact
bySBWebinars
 
Api gitlab: configurazione dei progetti as a service
byEmerasoft, solutions to collaborate
 
Managing Compliance in Container Environments
byTwistlock
 
The New Ways of DevSecOps - The Secure Dev 2019
byJames Wickett
 
General presentation - Bitcraft
byKamila Katyal
 
Jose_Casorla_resume
byJoseCasorla1
 
CDI 2.0 (JSR 365) - Java Day Tokyo 2017 (English)
byLogico
 

Similar to 2020 05-tech saturday-devsecops-#2-v03

PDF
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
byDiego Gabriel Cardoso
 
PPT
Applying DevOps for more reliable Public Sector Software Delivery
bySanjeev Sharma
 
PDF
Security & DevOps - What We Have Here Is a Failure to Communicate!
byDevOps.com
 
PPT
DevOps for Enterprise Systems - Rosalind Radcliffe
byDevOps for Enterprise Systems
 
PPTX
DellEMC Forum NYC - DevOps and Digital Trans vPublic
byDon Demcsak
 
PDF
What Are The Top 5 Trending Technologies In DevOps?.pdf
bySmith Daniel
 
PPTX
DevOps for dummies study sharing - part II
byChen-Tien Tsai
 
PDF
IBM Innovate - Uderstanding DevOps
bySanjeev Sharma
 
PDF
DevOps Services 2025 Pioneering Trends Redefining Software Delivery
bySeasiaInfotech2
 
PPTX
WinOps - Lessons learned from Enterprise DevOps with Microsoft technologies
byDevOpsGroup
 
PPTX
Gartner EA Architecting for DevOps and Hybrid Cloud
byRosalind Radcliffe
 
PPTX
Adopting DevOps @ Scale: Lessons learned at Hertz, Kaiser Permanente and lBM
byJules Pierre-Louis
 
PDF
How Security can be the Next Force Multiplier in DevOps
byAndrew Storms
 
PDF
DevOps: The IT Revolution Era
byDiego Pacheco
 
PDF
Blueprinting DevOps for Digital Transformation_v4
byAswin Kumar
 
PPTX
Devops - Bringing real benefits to the business.
byPaul Glavich
 
PDF
DevOps: Retooling the End-to-End IT Model
byCA Technologies
 
PDF
DevOps for Enterprise Systems : Innovate like a Startup
byDevOps for Enterprise Systems
 
PDF
Unleashing the Power of DevOps: Streamline, Automate, and Innovate!
byCatherine William
 
PDF
DevOps trends to look out for in 2022.pdf
byEnov8
 
2019 Global Azure Bootcamp: AzureDevops + NET Core + Clean Architecture
byDiego Gabriel Cardoso
 
Applying DevOps for more reliable Public Sector Software Delivery
bySanjeev Sharma
 
Security & DevOps - What We Have Here Is a Failure to Communicate!
byDevOps.com
 
DevOps for Enterprise Systems - Rosalind Radcliffe
byDevOps for Enterprise Systems
 
DellEMC Forum NYC - DevOps and Digital Trans vPublic
byDon Demcsak
 
What Are The Top 5 Trending Technologies In DevOps?.pdf
bySmith Daniel
 
DevOps for dummies study sharing - part II
byChen-Tien Tsai
 
IBM Innovate - Uderstanding DevOps
bySanjeev Sharma
 
DevOps Services 2025 Pioneering Trends Redefining Software Delivery
bySeasiaInfotech2
 
WinOps - Lessons learned from Enterprise DevOps with Microsoft technologies
byDevOpsGroup
 
Gartner EA Architecting for DevOps and Hybrid Cloud
byRosalind Radcliffe
 
Adopting DevOps @ Scale: Lessons learned at Hertz, Kaiser Permanente and lBM
byJules Pierre-Louis
 
How Security can be the Next Force Multiplier in DevOps
byAndrew Storms
 
DevOps: The IT Revolution Era
byDiego Pacheco
 
Blueprinting DevOps for Digital Transformation_v4
byAswin Kumar
 
Devops - Bringing real benefits to the business.
byPaul Glavich
 
DevOps: Retooling the End-to-End IT Model
byCA Technologies
 
DevOps for Enterprise Systems : Innovate like a Startup
byDevOps for Enterprise Systems
 
Unleashing the Power of DevOps: Streamline, Automate, and Innovate!
byCatherine William
 
DevOps trends to look out for in 2022.pdf
byEnov8
 

More from Diego Gabriel Cardoso

PPTX
2024 Facens Semana Academica Carreira e o mercado de TI
byDiego Gabriel Cardoso
 
PPTX
Facens - Plugin - A Evolução na carreira de TI
byDiego Gabriel Cardoso
 
PPTX
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
byDiego Gabriel Cardoso
 
PDF
TDC SP 2019 - Trilha .NET - Clean Architecture
byDiego Gabriel Cardoso
 
PDF
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
byDiego Gabriel Cardoso
 
PDF
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
byDiego Gabriel Cardoso
 
PPTX
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
byDiego Gabriel Cardoso
 
PPTX
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
byDiego Gabriel Cardoso
 
2024 Facens Semana Academica Carreira e o mercado de TI
byDiego Gabriel Cardoso
 
Facens - Plugin - A Evolução na carreira de TI
byDiego Gabriel Cardoso
 
Facens - Plugin - Usando Inteligência Artificial para aprimorar seus conheci...
byDiego Gabriel Cardoso
 
TDC SP 2019 - Trilha .NET - Clean Architecture
byDiego Gabriel Cardoso
 
2019 MVPConf Entenda como DevOps pode ajudar a visão e controle sobre desenvo...
byDiego Gabriel Cardoso
 
2019 Facens Semana Tecnologia- Arquitetura distribuída na Nuvem
byDiego Gabriel Cardoso
 
TDC SP 2017 Trilha .NET - TechWar: Threads, ThreadPools e Tasks em C#
byDiego Gabriel Cardoso
 
TDC2016 - SP - Trilha Xamarin - Entrega Contínua com Xamarin #MonteSuaEsteira
byDiego Gabriel Cardoso
 

Recently uploaded

PDF
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
PDF
DevOps Cloud Services- Impressico business solutions.pdf
byalexendrascott01
 
PDF
Preface to the 41 LLM Documents Collection
byBob Marcus
 
PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PPTX
Perangkat Pembelajaran_BAKRI_45241081469.pptx
byakhiruddin96
 
PDF
How Much Does It Cost To Build Software
bycollinmishell2
 
PPTX
The Business Benefits of Databricks Unity Catalog_ A Comprehensive Guide.pptx
bytrumpemma15
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
PDF
Genesys Vision & CX Trends 2026 Unlocking Business Value in the Experience Ec...
byUni Systems S.M.S.A.
 
PPTX
LESSON 07 COMPROG.pptx COMPUTER PROGRAMMING
byboyjainalabirin
 
PPTX
Agentic ai and evolution of agentic ai agentic ai vs gen ai
byvikrammadhad
 
PDF
Top 10 Local IT Managed Service Providers in Los Angeles
byCaptain IT
 
PDF
Single prompt response by ChatGPT to a product strategy-related task
byusha477423
 
PPTX
System Software_CIE_AS_LEVEL_CS_9618 .pptx
byJawaad BM
 
PDF
Supercharging Grafana with Community Plugins
byImma Valls Bernaus
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 4
byVICTOR MAESTRE RAMIREZ
 
PDF
How to Conduct a Comprehensive Network Penetration Test.pdf
byhoploninfosec
 
PPTX
The Beginner-Friendly Guide to Web Scraping with Rust - Unlocking the Power o...
byRobertBrown631492
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
Links to 42 Recently Posted LLM Documents at https://tinyurl.com/mpavkr8z
byBob Marcus
 
How Much Does It Cost to Build an eCommerce Website in 2025.pdf
byPixlogix Infotech
 
DevOps Cloud Services- Impressico business solutions.pdf
byalexendrascott01
 
Preface to the 41 LLM Documents Collection
byBob Marcus
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
Perangkat Pembelajaran_BAKRI_45241081469.pptx
byakhiruddin96
 
How Much Does It Cost To Build Software
bycollinmishell2
 
The Business Benefits of Databricks Unity Catalog_ A Comprehensive Guide.pptx
bytrumpemma15
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
Genesys Vision & CX Trends 2026 Unlocking Business Value in the Experience Ec...
byUni Systems S.M.S.A.
 
LESSON 07 COMPROG.pptx COMPUTER PROGRAMMING
byboyjainalabirin
 
Agentic ai and evolution of agentic ai agentic ai vs gen ai
byvikrammadhad
 
Top 10 Local IT Managed Service Providers in Los Angeles
byCaptain IT
 
Single prompt response by ChatGPT to a product strategy-related task
byusha477423
 
System Software_CIE_AS_LEVEL_CS_9618 .pptx
byJawaad BM
 
Supercharging Grafana with Community Plugins
byImma Valls Bernaus
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 4
byVICTOR MAESTRE RAMIREZ
 
How to Conduct a Comprehensive Network Penetration Test.pdf
byhoploninfosec
 
The Beginner-Friendly Guide to Web Scraping with Rust - Unlocking the Power o...
byRobertBrown631492
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
Links to 42 Recently Posted LLM Documents at https://tinyurl.com/mpavkr8z
byBob Marcus
 

2020 05-tech saturday-devsecops-#2-v03

  • 1.
    Shaping the future ofdigital business 1CONFIDENTIALGFT GROUP 09/05/20 #Maio - 2020 DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Practices Brazil [email protected] #DevSecOps #BeTransformationAgent #TechSaturday
  • 2.
    • Orgulhoso Filho,Marido e Pai • Graduado em Sistemas da Informação na FSA • Pós-Graduado em Arquitetura de Software na FIAP • Certificado Microsoft: MCTS • + 6 anos trabalhando na GFT • +15 anos Analisando, Codificando e Migrando • Entusiasta com foco em Arquitetura e Metodologias Ágeis • Guitarrista enferrujado e gamer nas horas vagas
  • 3.
    Shaping the future ofdigital business 3CONFIDENTIALGFT GROUP Agenda 1. Software Development 2. DevOps Enablement 3. CyberSecurity 4. OWASP 5. DevSecOps
  • 4.
    Shaping the future ofdigital business 4CONFIDENTIALGFT GROUP API Management Aspects Waterfall • Over Planning • Risk Mitigation • High Costs • Delivery everything in the end Agile : • Experiments and Prototype • Fail Fast and Low Costs • Continuous and Evolutive Delivery Software Development – Methodologies
  • 5.
    Shaping the future ofdigital business 5CONFIDENTIALGFT GROUP API Management Aspects Software Development – Before DevOps
  • 6.
    Shaping the future ofdigital business 6CONFIDENTIALGFT GROUP API Management Aspects Software Development – DevOps Enablement • Squads: Dev + Ops + QA • Engineering (automating) Agile process • Quick time to market (ROI)
  • 7.
    Shaping the future ofdigital business 7CONFIDENTIALGFT GROUP 09/05/2020 DevOps – Landscape 2019
  • 8.
    Shaping the future ofdigital business 8CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 9.
    Shaping the future ofdigital business 9CONFIDENTIALGFT GROUP API Management Aspects Software Development - But where is security team ?
  • 10.
    Shaping the future ofdigital business 10CONFIDENTIALGFT GROUP API Management Aspects CyberSecurity – Let’s check the News
  • 11.
    Shaping the future ofdigital business 11CONFIDENTIALGFT GROUP CyberSecurity – Landscape 2019
  • 12.
    Shaping the future ofdigital business 12CONFIDENTIALGFT GROUP DEVELOPERS : OPERATIONS : SECURITY 100 : 10 : 1 DevSecOps – The Evolution of Security Teams
  • 13.
    Shaping the future ofdigital business 13CONFIDENTIALGFT GROUP Understanding Concepts #DevSecOps #BeTransformationAgent #TechSaturday
  • 14.
    Shaping the future ofdigital business 14CONFIDENTIALGFT GROUP Mindset: everyone is responsible for security Goal: privacy and secure by design Mission: delivery at speed and scale without sacrificing the safety required by the context. DevSecOps = DevOps + Security
  • 15.
    Shaping the future ofdigital business 15CONFIDENTIALGFT GROUP API Management Aspects DevSecOps – Security shifting to the left Requirements Design/ Architecture Testing 15X Coding 7X Deployments/ Maintenance 30X CosttoRemediate We convince & pay the developer to fix it thereby delaying the release QA finds vulnerabilities in software BUILD insecure software We convince and pay the developer to fix it We are breached or pay to have someone tell us our code is bad IT deploys the insecure software RELEASE insecure software Application scan: SAST DAST Create Evil Stories High Level of Test Coverage
  • 16.
    Shaping the future ofdigital business 16CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build Repositório de Binários Repositório Código Release Tests Quality Scan Security Scan Configuration Repo Key vault / configuration Branches Policies Monitor Optmize User Stories PO / BA DEV QA OPS SEC Feature Flag Promoção de Pacotes DEV HML PPD Infra Performance Infra Costs Observability PRD Penetration Tests Version = TAG Release = TAG Infra Automation DevSecOps Services: Development Cycle
  • 17.
    Shaping the future ofdigital business 17CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Build master hotfix develop feature bugfix Testes Scan Qualidade Scan Segurança TAG: 1.0.0 Repositório de Binários Versão: 1.0.0.20200318-01 Branch Gate Release HML PPD PRD DEV Repositório Configuração Branch Gate Pull-Request Pull-Request Pull-Request DevSecOps: Build & Release
  • 18.
    Shaping the future ofdigital business 18CONFIDENTIALGFT GROUP 09/05/2020 Type here if add info needed for every slide Azure Artifacts Azure Pipelines DevSecOps: Build & Release
  • 19.
    Shaping the future ofdigital business 19CONFIDENTIALGFT GROUP SAST DevSecOps – Security Scan Tools (part I) DAST
  • 20.
    Shaping the future ofdigital business 20CONFIDENTIALGFT GROUP IAST DevSecOps – Security Scan Tools (part. II) OSS
  • 21.
    Shaping the future ofdigital business 21CONFIDENTIALGFT GROUP Creating the Mindset : • Security Awareness and training • Evil Stories ( ethical hacking) • Shared knowledge base • Focused Hackathons Questions you should be able to answer: • Are you aware about TOP risks/vulnerabilities (OWASP) ? • Is my application/product protected ? • Is my application/product/code exposing sensitive data or secrets ? • Are my dependencies (3rd party libraries) secure ? Test • SAST + DAST + IAST • Sensitive info scan (SIS) • Composition Analysis (SCA) • Fuzzing (random inputs) • Pen-Test DevSecOps – Leading the Transformation
  • 22.
    Shaping the future ofdigital business 22CONFIDENTIALGFT GROUP Conclusion – State of DevSecOps 2020
  • 23.
    Shaping the future ofdigital business 23CONFIDENTIALGFT GROUP Maio - 2020 We Innovate, Transform, Deliver DevSecOps Colocando segurança na esteira ___________________________________________ Diego Cardoso – Head of DevSecOps Brazil [email protected] Muito Obrigado! Perguntas? #DevSecOps #BeTransformationAgent #TechSaturday