DevSecOps March 2018 - Extract

Download as PPTX, PDF

•0 likes•59 views

This document outlines a software development security assurance model that includes centralized servers for building developer workstations, reporting vulnerabilities, and source code management. It describes performing various security tests like static code analysis, dynamic testing, interactive testing, open source component analysis, and manual penetration testing on applications and networks. Automated tests integrate with defect management and security tools provide controls.

Technology

Dev Workstation Build Server
Centralize Report (Vulnerability Management) Server
SCM
Static Code Analysis
(SAST)
Dynamic Testing
(DAST)
Interactive Testing
(IAST)
Open Source Component Security
Manual Penetration Testing – Out of Band
Scope: Application and Network layer – White/Black box
Defect
Management
AUTOMATION
INTEGRATION POINTS
SECURITYASSURANCEMODEL
Legend
Black Box: Development Stack
Blue Box: Automation - Integration
Red Box: Security Tools and Controls
Infrastructure Scanning

More Related Content

PDF

WhiteList Checker: An Eclipse Plugin to Improve Application Securityguest56b7565

PPTX

5 things i wish i knew about sast (DSO-LG July 2021)Michael Man

PDF

K8S Certifications - Exam CramMichael Man

PDF

DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)Michael Man

PDF

DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...Michael Man

PPTX

DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...Michael Man

PPTX

Extract Oct 2019: DSO-LG Rolling SlidesMichael Man

PPTX

Sept 2019 - DSO-LG Tooling ExamplesMichael Man

WhiteList Checker: An Eclipse Plugin to Improve Application Securityguest56b7565

5 things i wish i knew about sast (DSO-LG July 2021)Michael Man

K8S Certifications - Exam CramMichael Man

DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)Michael Man

DSO-LG March 2018: The mechanics behind how attackers exploit simple programm...Michael Man

DSO-LG Oct 2019: Modern Software Delivery: Supply Chain Security Critical (Ch...Michael Man

Extract Oct 2019: DSO-LG Rolling SlidesMichael Man

Sept 2019 - DSO-LG Tooling ExamplesMichael Man

More from Michael Man (15)

PPTX

DevSecOps Manchester - May 2019Michael Man

PDF

Chris Rutter: Avoiding The Security BrickMichael Man

PPTX

Extract: DevSecOps - London Gathering (March 2019)Michael Man

PDF

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man

PDF

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Michael Man

PDF

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Michael Man

PDF

August 2018: DevSecOps - London GatheringMichael Man

PPTX

DevSecOps - London Gathering : June 2018Michael Man

PDF

Continuous Security: From tins to containers - now what!Michael Man

PDF

The mechanics behind how attackers exploit simple programming mistakes ...Michael Man

PDF

Secret Management Journey - Here Be Dragons aka Secret DragonsMichael Man

PDF

DevSecOps The Evolution of DevOpsMichael Man

PDF

Dynaminet -DevSecOpsMichael Man

PPTX

DevSecOps: Test AutomationMichael Man

PPTX

Project management experience security in agile 1309Michael Man

DevSecOps Manchester - May 2019Michael Man

Chris Rutter: Avoiding The Security BrickMichael Man

Extract: DevSecOps - London Gathering (March 2019)Michael Man

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man

Matt Turner: Istio, The Packet's-Eye View (DevSecOps - London Gathering, Janu...Michael Man

Control Plane: Continuous Kubernetes Security (DevSecOps - London Gathering, ...Michael Man

August 2018: DevSecOps - London GatheringMichael Man

DevSecOps - London Gathering : June 2018Michael Man

Continuous Security: From tins to containers - now what!Michael Man

The mechanics behind how attackers exploit simple programming mistakes ...Michael Man

Secret Management Journey - Here Be Dragons aka Secret DragonsMichael Man

DevSecOps The Evolution of DevOpsMichael Man

Dynaminet -DevSecOpsMichael Man

DevSecOps: Test AutomationMichael Man

Project management experience security in agile 1309Michael Man

Recently uploaded (20)

PPTX

AI and Robotics for Human Well-being.pptxJAYMIN SUTHAR

PDF

Trying to figure out MCP by actually building an app from scratch with open s...Julien SIMON

PDF

Presentation about Hardware and Software in Computersnehamodhawadiya

PDF

The Future of Mobile Is Context-Aware—Are You Ready?iProgrammer Solutions Private Limited

PDF

Software Development Methodologies in 2025KodekX

PDF

Responsible AI and AI Ethics - By Sylvester EbhonuSylvester Ebhonu

PPTX

Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...AgileNetwork

PDF

The Future of Artificial Intelligence (AI)Mukul

PDF

Automating ArcGIS Content Discovery with FME: A Real World Use CaseSafe Software

PDF

AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdfArtjoker Software Development Company

PDF

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

PPTX

AI in Daily Life: How Artificial Intelligence Helps Us Every Dayvanshrpatil7

PPTX

OA presentation.pptx OA presentation.pptxpateldhruv002338

PPTX

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork

PDF

SparkLabs Primer on Artificial Intelligence 2025SparkLabs Group

PDF

Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...Sandesh Rao

PDF

A Strategic Analysis of the MVNO Wave in Emerging Markets.pdfIPLOOK Networks

PPTX

Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...AndreeaTom

PDF

Doc9.....................................SofiaCollazos

PDF

Structs to JSON: How Go Powers REST APIsEmily Achieng

AI and Robotics for Human Well-being.pptxJAYMIN SUTHAR

Trying to figure out MCP by actually building an app from scratch with open s...Julien SIMON

Presentation about Hardware and Software in Computersnehamodhawadiya

The Future of Mobile Is Context-Aware—Are You Ready?iProgrammer Solutions Private Limited

Software Development Methodologies in 2025KodekX

Responsible AI and AI Ethics - By Sylvester EbhonuSylvester Ebhonu

Agile Chennai 18-19 July 2025 Ideathon | AI Powered Microfinance Literacy Gui...AgileNetwork

The Future of Artificial Intelligence (AI)Mukul

Automating ArcGIS Content Discovery with FME: A Real World Use CaseSafe Software

AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdfArtjoker Software Development Company

Make GenAI investments go further with the Dell AI FactoryPrincipled Technologies

AI in Daily Life: How Artificial Intelligence Helps Us Every Dayvanshrpatil7

OA presentation.pptx OA presentation.pptxpateldhruv002338

Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...AgileNetwork

SparkLabs Primer on Artificial Intelligence 2025SparkLabs Group

Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...Sandesh Rao

A Strategic Analysis of the MVNO Wave in Emerging Markets.pdfIPLOOK Networks

Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...AndreeaTom

Doc9.....................................SofiaCollazos

Structs to JSON: How Go Powers REST APIsEmily Achieng

DevSecOps March 2018 - Extract

1. Dev Workstation Build Server Centralize Report (Vulnerability Management) Server SCM Static Code Analysis (SAST) Dynamic Testing (DAST) Interactive Testing (IAST) Open Source Component Security Manual Penetration Testing – Out of Band Scope: Application and Network layer – White/Black box Defect Management AUTOMATION INTEGRATION POINTS SECURITYASSURANCEMODEL Legend Black Box: Development Stack Blue Box: Automation - Integration Red Box: Security Tools and Controls Infrastructure Scanning