a 200 year old company
play

A 200-Year-Old Company Inside Out or how we implemented security - PowerPoint PPT Presentation

A 200-Year-Old Company Inside Out or how we implemented security into software development 200 years ago ... Waterfall Problems Not Adopting to Change Once a plan is made, the waterfall follows that plan no matter what. No Feedback


  1. A 200-Year-Old Company Inside Out or how we implemented security into software development

  2. 200 years ago ...

  3. Waterfall Problems • Not Adopting to Change Once a plan is made, the waterfall follows that plan no matter what. • No Feedback from Downstream Stages The implementation phase does not get any feedback from the testing phase • Testing Only at the End The testing phase is one of the last phases. So the whole system is most probably built on a pile of bugs

  4. Scrum Problems • Mini Waterfall Sprint • Sprint Lengths are Arbitrary • Operations is not Calculated for

  5. Kanban

  6. Why Kanban? • Open • No Arbitrary Sprints • Operations Built-In

  7. The Three Ways System Fast Continuous Thinking Feedback Improvement

  8. Security?

  9. We Need More Security!

  10. 100 10 1 Dev Ops Sec

  11. DevSecOps

  12. Automate the Shit out of It

  13. The Equifax Breach

  14. Downloads of Vulnerable Struts Versions 120000 Struts Vulnerability announced / fixed Breach Discovered Breach Happened Breach Dislosed 100000 80000 60000 40000 20000 0 Mar.17 Apr.17 May.17 Jun.17 Jul.17 Aug.17 Sep.17 Oct.17 Nov.17 Dec.17 Jan.18 Feb.18 Downloads

  15. “ Emphasize performance of the entire system and never pass a defect downstream .“ (Gene Kim)

  16. Lots of Tools OWASP Sonatype Jfrog Xray Dependency Check Nexus Pro

  17. Integrate into Your Build Pipeline

  18. Visualize

  19. Break the Build

  20. How to Change?

  21. How to Change? • Get Management on Board • Bottom Up • Small Steps • Review Changes • Don‘t be afraid of Failure

Recommend


More recommend