achieving secure
play

Achieving Secure Continuous Delivery (cont..) --lightning talk-- - PowerPoint PPT Presentation

Jan 20, 2023 •178 likes •320 views

Achieving Secure Continuous Delivery (cont..) --lightning talk-- Nikos / Jesus / Lucian April 2018 Typical discussions X Pain points Same problem in 2018! Security requirements appear (dark magic!) when project is almost finished

  1. Achieving Secure 
 Continuous Delivery (cont..) 
 --lightning talk-- Nikos / Jesus / Lucian April 2018

  2. Typical discussions… X

  3. Pain points Same problem in 2018! Security requirements appear (dark magic!) when project is almost finished Difficult access to (uncorrelated) vulnerability data Security sign-off is a bottleneck [choke] No clear view on the security risk of a specific build or release Security testing tools! Lots of tools!! And reports!!! No real agreed security gate (no trigger threshold) When am I finally secure enough? Never! Short memory! Tools get easily forgotten or abandoned… says Mordac. Product has a Roadmap and Security is (always) not (always) part of it

  4. Tools!! SAST list HERE DAST list HERE Dependency Checking Tools list HERE Container Security tools HERE Google list HERE Others HERE Link HERE

  5. The Want Automation & centralisation of application security testing Risk based approach to application delivery & deployment Security Champions process and responsibilities

  6. Existing initiatives Lots!!! OWASP AppSec Pipeline OWASP OWTF OWASP Defect Dojo OWASP Israel Others talking about this HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE HERE STDD Christian Schneider SAMPLE OWASP AppSec Pipeline

  7. Where we are now Zed Attack Proxy Security

  8. Developer Jenkins

  9. Security Jenkins 1. How does Jenkins run tools 2. How does Threadfix receive results 4. How we inform 3. Check my policy

  10. Threadfix policies

  11. Fixing the stuff

  12. Next? What is best for you and your businesses‘ appetite? Get a DevSecOps team to build and maintain toolz&stuff for you £££ OWASP project (Pipelines?) to support all free tool inputs into one central repo (Somehow) work with commercial tool providers to support that Inspire and empower your Security Champions

  13. Q/A

Recommend

NCCoE: Mobile App Single-Sign On Achieving a secure, reliable, accessible SSO solution for Public

NCCoE: Mobile App Single-Sign On Achieving a secure, reliable, accessible SSO solution for Public

NCCoE: Mobile App Single-Sign On Achieving a secure, reliable, accessible SSO solution for Public Safety & First Responders 2017 PUBLIC SAFETY BROADBAND STAKEHOLDER MEETING 1 #PSCR2017 Introductions Bill Fisher NIST, National

453 views • 29 slides
Achieving Secure Contjnuous Delivery Chris Rutuer / Lucian Corlan July 2016 Problem statement -

Achieving Secure Contjnuous Delivery Chris Rutuer / Lucian Corlan July 2016 Problem statement -

Achieving Secure Contjnuous Delivery Chris Rutuer / Lucian Corlan July 2016 Problem statement - Security Diffjcult access to (uncorrelated) vulnerability data No clear view on the security risk of a specifjc build or release No real

256 views • 21 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

702 views • 54 slides
The National Adoption Service Suzanne Griffiths, Director of Achieving More Together Achieving

The National Adoption Service Suzanne Griffiths, Director of Achieving More Together Achieving

The National Adoption Service Suzanne Griffiths, Director of Achieving More Together Achieving More Together Operations Achieving More Together / Cyflawni Mwy Gydan Gilydd Y Dirprwy Weinidog dros y Gwasanaethau Cymdeithasol, Rhagfyr 2012

538 views • 14 slides
achieving better outcomes achieving better outcomes and some thoughts on wellbeing and

achieving better outcomes achieving better outcomes and some thoughts on wellbeing and

The role of science and modelling in achieving better outcomes achieving better outcomes and some thoughts on wellbeing and sustainability Professor Steve Hatfield-Dodds Presentation to ESCAP Study Tour, Canberra, 11 September 2013 CSIRO

224 views • 21 slides
NETWORK DETECTION & RESPONSE RISE ABOVE THE NOISE TO SECURE THE HYBRID ENTERPRISE

NETWORK DETECTION & RESPONSE RISE ABOVE THE NOISE TO SECURE THE HYBRID ENTERPRISE

ACHIEVING CYBER HYGIENE WITH CLOUD-NATIVE NETWORK DETECTION & RESPONSE RISE ABOVE THE NOISE TO SECURE THE HYBRID ENTERPRISE MEASURING CYBER HYGIENE REQUIRES COMPLETE VISIBILITY USERS, DEVICES, TRANSACTIONS, CONVERSATIONS, ENCRYPTION,

255 views • 8 slides
Action Work Groups By 2035 KwaZulu-Natal will be a prosperous Province with a healthy, secure and

Action Work Groups By 2035 KwaZulu-Natal will be a prosperous Province with a healthy, secure and

Action Work Groups By 2035 KwaZulu-Natal will be a prosperous Province with a healthy, secure and skilled population, living in dignity and harmony, acting as a gateway to Africa and the World. Moving KZN Towards Achieving Vision 2035

982 views • 87 slides
Achieving the Dream For Prospective Colleges Fall 2010 Achieving the Dream is a bold national

Achieving the Dream For Prospective Colleges Fall 2010 Achieving the Dream is a bold national

Achieving the Dream For Prospective Colleges Fall 2010 Achieving the Dream is a bold national effort to help community college students succeed ATD defines student success as earning degrees or certificates, or transferring to a four-year

584 views • 21 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
Achieving Operational Efficiency of Research Institutes using ICT 16 th April 2018 Achieving

Achieving Operational Efficiency of Research Institutes using ICT 16 th April 2018 Achieving

Achieving Operational Efficiency of Research Institutes using ICT 16 th April 2018 Achieving Operational Efciency using ICT Research at the Enabling Core services Finance provide support Human Collaboration Resource Research Funding

365 views • 9 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

One-Slide Summary Users often authenticate themselves by providing passwords. We store and compare hashes of passwords, Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state associated with a webpage

103 views • 9 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

202 views • 9 slides
Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Black-Box Constructions of Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC Secure MPC Goal: Allow a set of distrustful parties to compute ANY function f on their own Secure MPC Goal: Allow a set

1.11k views • 98 slides
Who tells you that your secure product is actually secure?

Who tells you that your secure product is actually secure?

Who tells you that your secure product is actually secure? Think about the 6me it stays on the field It went through a security evalua6on

866 views • 28 slides
What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering

What is Secure? Engineering Secure Software Last Revised: August 19, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recent Security Incidents Garmin Ransomware -- $10 million Sync servers down for many days

506 views • 21 slides
Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data

Secure and Efficient Access to Outsourced Data Secure and Efficient Access to Outsourced Data Weichao Wang, Zhiwei Li, Rodney Owens, Bharat Bhargava CCSW 2009: The ACM Cloud Computing Security Workshop 1 The Problem Providing secure and

414 views • 19 slides
U d Understanding & di & Achieving Achieving T T Chris Lawrence Virginia

U d Understanding & di & Achieving Achieving T T Chris Lawrence Virginia

U d Understanding & di & Achieving Achieving T T Chris Lawrence Virginia Cropland Agronomist, USDA-NRCS 804/287-1680 chris.lawrence@va.usda.gov [Resource management plans] shall include [Resource management plans] shall

805 views • 67 slides
Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of

Networking Secure apps Aims Crypto Basics Secure Client Applications HTTPS Secure Email Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 26 June 2014

389 views • 26 slides
SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE)

SECURE Act Brian Graff SECURE Act Setting Every Community Up for Retirement Security (SECURE) Act of 2019 (H.R. 1994) Introduced in the House March 29, 2019 Passed House Ways & Means Committee April 2, 2019 Passed House

354 views • 12 slides
Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka ,

Toward a Field Study on the Impact of Hacking Competitions on Secure Development Daniel Votipka , Hongyi Hu, Bryan Eastes, and Michelle L. Mazurek 12 Aug 2018 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE DEVELOPMENT 2 SECURE

566 views • 39 slides
Achieving Greatness In Your Negotatons 1 Confdentil ind Proprietiry-Diti Miy Not be Published,

Achieving Greatness In Your Negotatons 1 Confdentil ind Proprietiry-Diti Miy Not be Published,

Achieving Greatness In Your Negotatons 1 Confdentil ind Proprietiry-Diti Miy Not be Published, Reproduced or Redistributed without Writen Permission of ECHELON Pirtners Achieving Greatness in Your Negotatons Moderitor Speikers Lorenzo Corey

264 views • 12 slides

More recommend