Anton Boyko "DevSecOps for developers – why it’s important and how to get started?"
0 likes•501 views
The document discusses common causes of technical debt, emphasizing issues like insufficient upfront definition and last-minute specification changes, and illustrates the high cost of technical debt with the Samsung Note 7 incident. It mentions resources for improving software security, including OWASP and Microsoft's threat modeling tool, as well as Azure Key Vault for securely managing secrets. Various security tools, such as Whitesource Bolt and SonarQube, are also highlighted, along with links to their documentation.
Anton Boyko "DevSecOps for developers – why it’s important and how to get started?"
- 5. Common causes of technical debt Insufficient up- front definition Business pressures Lack of process or understanding Tightly-coupled components Lack of documentation Last minute specification changes
- 6. Cost of an error 0 5 10 15 20 25 30 35 Concept Design Develop Test Release A real-world example of catching a bug in production is the Samsung Note 7 fiasco. This bug fix cost them nearly $17 billion. Had the company caught the issue earlier, they could have saved a lot of money and headaches, as well as their reputation.
- 9. Define “secure” 0 ? 1 ?0.X ?
- 10. The Open Web Application Security Project is a nonprofit foundation that works to improve the security of software. OWASP • https://owasp.org/www-project-top-ten/ • https://owasp.org/www-project-mobile-top-10/ • https://owasp.org/www-project-zap/
- 12. STRIDE • AuthenticitySpoofing • IntegrityTampering • Non-repudiabilityRepudiation • ConfidentialityInformation disclosure • AvailabilityDenial of Service • AuthorizationElevation of Privilege
- 13. Microsoft threat modeling tool https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
- 16. Azure KeyVault Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. A vault is a logical group of secrets. Azure VM Code MSI extension Credentials Azure AD Azure KeyVault Azure platform 1 2 3
- 17. Azure KeyVault https://docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. A vault is a logical group of secrets.