achieving secure
play

Achieving Secure Continuous Delivery (cont..) --lightning talk-- - PowerPoint PPT Presentation

Jan 20, 2023 •178 likes •320 views

Achieving Secure Continuous Delivery (cont..) --lightning talk-- Nikos / Jesus / Lucian April 2018 Typical discussions X Pain points Same problem in 2018! Security requirements appear (dark magic!) when project is almost finished

  1. Achieving Secure 
 Continuous Delivery (cont..) 
 --lightning talk-- Nikos / Jesus / Lucian April 2018

  2. Typical discussions… X

  3. Pain points Same problem in 2018! Security requirements appear (dark magic!) when project is almost finished Difficult access to (uncorrelated) vulnerability data Security sign-off is a bottleneck [choke] No clear view on the security risk of a specific build or release Security testing tools! Lots of tools!! And reports!!! No real agreed security gate (no trigger threshold) When am I finally secure enough? Never! Short memory! Tools get easily forgotten or abandoned… says Mordac. Product has a Roadmap and Security is (always) not (always) part of it

  4. Tools!! SAST list HERE DAST list HERE Dependency Checking Tools list HERE Container Security tools HERE Google list HERE Others HERE Link HERE

  5. The Want Automation & centralisation of application security testing Risk based approach to application delivery & deployment Security Champions process and responsibilities

  6. Existing initiatives Lots!!! OWASP AppSec Pipeline OWASP OWTF OWASP Defect Dojo OWASP Israel Others talking about this HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE STDD Christian Schneider SAMPLE OWASP AppSec Pipeline

  7. Where we are now Zed Attack Proxy Security

  8. Developer Jenkins

  9. Security Jenkins 1. How does Jenkins run tools 2. How does Threadfix receive results 4. How we inform 3. Check my policy

  10. Threadfix policies

  11. Fixing the stuff

  12. Next? What is best for you and your businesses‘ appetite? Get a DevSecOps team to build and maintain toolz&stuff for you £££ OWASP project (Pipelines?) to support all free tool inputs into one central repo (Somehow) work with commercial tool providers to support that Inspire and empower your Security Champions

  13. Q/A

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NCCoE: Mobile App Single-Sign On Achieving a secure, reliable, accessible SSO solution for Public

NCCoE: Mobile App Single-Sign On Achieving a secure, reliable, accessible SSO solution for Public

NCCoE: Mobile App Single-Sign On Achieving a secure, reliable, accessible SSO solution for Public Safety & First Responders 2017 PUBLIC SAFETY BROADBAND STAKEHOLDER MEETING 1 #PSCR2017 Introductions Bill Fisher NIST, National

453 views • 29 slides
Achieving Secure Contjnuous Delivery Chris Rutuer / Lucian Corlan July 2016 Problem statement -

Achieving Secure Contjnuous Delivery Chris Rutuer / Lucian Corlan July 2016 Problem statement -

Achieving Secure Contjnuous Delivery Chris Rutuer / Lucian Corlan July 2016 Problem statement - Security Diffjcult access to (uncorrelated) vulnerability data No clear view on the security risk of a specifjc build or release No real

256 views • 21 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
The National Adoption Service Suzanne Griffiths, Director of Achieving More Together Achieving

The National Adoption Service Suzanne Griffiths, Director of Achieving More Together Achieving

The National Adoption Service Suzanne Griffiths, Director of Achieving More Together Achieving More Together Operations Achieving More Together / Cyflawni Mwy Gydan Gilydd Y Dirprwy Weinidog dros y Gwasanaethau Cymdeithasol, Rhagfyr 2012

538 views • 14 slides
achieving better outcomes achieving better outcomes and some thoughts on wellbeing and

achieving better outcomes achieving better outcomes and some thoughts on wellbeing and

The role of science and modelling in achieving better outcomes achieving better outcomes and some thoughts on wellbeing and sustainability Professor Steve Hatfield-Dodds Presentation to ESCAP Study Tour, Canberra, 11 September 2013 CSIRO

224 views • 21 slides
NETWORK DETECTION & RESPONSE RISE ABOVE THE NOISE TO SECURE THE HYBRID ENTERPRISE

NETWORK DETECTION & RESPONSE RISE ABOVE THE NOISE TO SECURE THE HYBRID ENTERPRISE

ACHIEVING CYBER HYGIENE WITH CLOUD-NATIVE NETWORK DETECTION & RESPONSE RISE ABOVE THE NOISE TO SECURE THE HYBRID ENTERPRISE MEASURING CYBER HYGIENE REQUIRES COMPLETE VISIBILITY USERS, DEVICES, TRANSACTIONS, CONVERSATIONS, ENCRYPTION,

255 views • 8 slides
Action Work Groups By 2035 KwaZulu-Natal will be a prosperous Province with a healthy, secure and

Action Work Groups By 2035 KwaZulu-Natal will be a prosperous Province with a healthy, secure and

Action Work Groups By 2035 KwaZulu-Natal will be a prosperous Province with a healthy, secure and skilled population, living in dignity and harmony, acting as a gateway to Africa and the World. Moving KZN Towards Achieving Vision 2035

982 views • 87 slides
Achieving the Dream For Prospective Colleges Fall 2010 Achieving the Dream is a bold national

Achieving the Dream For Prospective Colleges Fall 2010 Achieving the Dream is a bold national

Achieving the Dream For Prospective Colleges Fall 2010 Achieving the Dream is a bold national effort to help community college students succeed ATD defines student success as earning degrees or certificates, or transferring to a four-year

584 views • 21 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
Achieving Operational Efficiency of Research Institutes using ICT 16 th April 2018 Achieving

Achieving Operational Efficiency of Research Institutes using ICT 16 th April 2018 Achieving

Achieving Operational Efficiency of Research Institutes using ICT 16 th April 2018 Achieving Operational Efciency using ICT Research at the Enabling Core services Finance provide support Human Collaboration Resource Research Funding

365 views • 9 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

One-Slide Summary Users often authenticate themselves by providing passwords. We store and compare hashes of passwords, Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state associated with a webpage

103 views • 9 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

202 views • 9 slides
Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Black-Box Constructions of Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC Secure MPC Goal: Allow a set of distrustful parties to compute ANY function f on their own Secure MPC Goal: Allow a set

1.11k views • 98 slides
VIRTUAL LEGAL ROUNDTABLE 2019 EFS MASTER CLINICAL TRIAL AGREEMENT Liliana Rincon-Gonzalez,

VIRTUAL LEGAL ROUNDTABLE 2019 EFS MASTER CLINICAL TRIAL AGREEMENT Liliana Rincon-Gonzalez,

VIRTUAL LEGAL ROUNDTABLE 2019 EFS MASTER CLINICAL TRIAL AGREEMENT Liliana Rincon-Gonzalez, PhD Program Director, Clinical Science Medical Device Innovation Consortium Jaime Walkowiak, JD Chief Operating Officer, Baylor Scott & White

413 views • 19 slides
Legalism Excessive adherence to law or formula Are We Swallowing the Camel? Are we making it

Legalism Excessive adherence to law or formula Are We Swallowing the Camel? Are we making it

The Statement You blind guides! You strain out a gnat but swallow a camel Matthew 23:24 Legalism Excessive adherence to law or formula Are We Swallowing the Camel? Are we making it hard for people to follow? Matthew 23:13 Are we trying

489 views • 15 slides
Network Control: Firewalls CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Network Control: Firewalls CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman,

Network Control: Firewalls CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 14, 2013 Game Plan Network

734 views • 38 slides
4/8/2017 Proctor/Speaker - Abbott, Cook, Spectranetics, Medtronic. Stockholder

4/8/2017 Proctor/Speaker - Abbott, Cook, Spectranetics, Medtronic. Stockholder

4/8/2017 Proctor/Speaker - Abbott, Cook, Spectranetics, Medtronic. Stockholder Thermopeutics/PROFUSA Below the ankle interventions Montero-Baker, Miguel Associate Professor of Surgery Division of Vascular and Endovascular Surgery Baylor

463 views • 12 slides
TheCOMOProject PereBarletRos,UPCBarcelona

TheCOMOProject PereBarletRos,UPCBarcelona

TheCOMOProject PereBarletRos,UPCBarcelona GianlucaIannaccone,IntelResearchBerkeley Disclaimer Thispresenta@onfocusesonCOMOv2.0thatis

482 views • 19 slides
CHALLENGE HANDLING MASSIVE STREAMING DATA COLIN MACNAUGTHON NEEVE RESEACH WHO IS NEEVE

CHALLENGE HANDLING MASSIVE STREAMING DATA COLIN MACNAUGTHON NEEVE RESEACH WHO IS NEEVE

THE IOT APPLICATION CHALLENGE HANDLING MASSIVE STREAMING DATA COLIN MACNAUGTHON NEEVE RESEACH WHO IS NEEVE RESEARCH? Headquartered in Silicon Valley Creators of the X Platform - Memory Oriented Application Platform. Passionate

607 views • 26 slides
Brave, Privacy, and Standards Peter Snyder, Privacy Researcher, pes@brave.com Pranjal Jumde,

Brave, Privacy, and Standards Peter Snyder, Privacy Researcher, pes@brave.com Pranjal Jumde,

Brave, Privacy, and Standards Peter Snyder, Privacy Researcher, pes@brave.com Pranjal Jumde, Security Engineer, pranjal@brave.com Overview Brave's goals on the Web How Brave protects privacy today How the standards process

1.01k views • 54 slides
Unde nderstandi nding ng the he Evolvi ving ng Interne rnet Ram Durairajan Assistant

Unde nderstandi nding ng the he Evolvi ving ng Interne rnet Ram Durairajan Assistant

Unde nderstandi nding ng the he Evolvi ving ng Interne rnet Ram Durairajan Assistant Professor, Computer and Information Science Co-director, Oregon Networking Research Group University of Oregon 0 In Inter erne net t is is a a co

742 views • 26 slides

More recommend