Continuous Security
-
Upload
equal-experts -
Category
Software
-
view
57 -
download
0
Transcript of Continuous Security
![Page 1: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/1.jpg)
CONTINUOUSSECURITY
![Page 2: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/2.jpg)
#DevSecOpsDevSecOps#DevSecOps
![Page 3: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/3.jpg)
@parker0phil
Thinkingabout Security
![Page 4: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/4.jpg)
@parker0phil
OWASP Top 10
![Page 5: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/5.jpg)
![Page 6: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/6.jpg)
@parker0phil
CVSS
Exploitability Impact
![Page 7: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/7.jpg)
@parker0phil
Security Agile Manifesto
1. Rely on developers and testers more than security specialists.
2. Secure while we work more than after we’re done.3. Implement features securely more than adding on
security features.4. Mitigate risks more than fix bugs.
![Page 8: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/8.jpg)
@parker0phil
Pet Hates!
![Page 9: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/9.jpg)
@parker0phil
Pet Hate #3
![Page 10: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/10.jpg)
@parker0phil
Encoding Hashing
Encryption Signing
Pet Hate #2
b2JmdXNjYXRpb24=
https%3A%2F%2Fowasp.org%2F
Integrity +Non-repudiation
Confidentiality
![Page 11: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/11.jpg)
@parker0phil
Pet Hate #1
![Page 12: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/12.jpg)
@parker0phil
My Favouriteattacks!
![Page 13: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/13.jpg)
@parker0phil
My Favouriteattacks!
![Page 14: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/14.jpg)
@parker0phil
Enumeration of Usernames
![Page 15: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/15.jpg)
@parker0phil
Enumeration of Usernames
![Page 16: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/16.jpg)
@parker0phil
Unvalidated Redirects
?queryString=param
Cookie:value
Persisted
![Page 17: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/17.jpg)
@parker0phil
Cross-Site Request Forgery (CSRF)
![Page 18: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/18.jpg)
@parker0phil
SelfXSS
![Page 19: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/19.jpg)
@parker0phil
SelfXSS
![Page 20: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/20.jpg)
@parker0phil
How we achieve Security in a Traditional Delivery environment.
How we achieve Security in a Continuous Delivery environment.
How we achieve security.
LOSE IT!
BETTER!
![Page 21: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/21.jpg)
@parker0phil
Continuous Delivery IS MORE secure!
![Page 22: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/22.jpg)
@parker0phil
Batch Size
![Page 23: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/23.jpg)
@parker0phil
Isolation of Cause and Effect
![Page 24: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/24.jpg)
@parker0phil
Isolation of Cause and Effect
![Page 25: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/25.jpg)
@parker0phil
Continuous Delivery IS MORE secure!
Mean Time toDetect(MTTD)
Mean Time toResolve(MTTR)
RELEASE
FINDVULN
FIXVULN
Attack Window
MTTD MTTE
![Page 26: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/26.jpg)
@parker0phil
How do we achieve Security in aContinuous Delivery environment?
![Page 27: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/27.jpg)
@parker0phil
![Page 28: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022021814/58e941841a28ab84768b5ef1/html5/thumbnails/28.jpg)
CONTINUOUS SECURITY
THANK YOU!