Continuous Security
-
Upload
equal-experts -
Category
Software
-
view
415 -
download
0
Transcript of Continuous Security
![Page 1: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/1.jpg)
CONTINUOUS SECURITY
THANK YOU!
![Page 2: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/2.jpg)
@parker0phil
![Page 3: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/3.jpg)
@parker0phil
How do we achieve Security in aContinuous Delivery environment?
![Page 4: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/4.jpg)
@parker0phil
3. Continuous Delivery IS MORE secure!
![Page 5: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/5.jpg)
@parker0phil
2. Continuous Delivery IS MORE secure!
![Page 6: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/6.jpg)
@parker0phil
2. Continuous Delivery IS MORE secure!
![Page 7: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/7.jpg)
@parker0phil
2. Continuous Delivery IS MORE secure!
![Page 8: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/8.jpg)
@parker0phil
1. Continuous Delivery IS MORE secure!
Mean Time toDetect(MTTD)
Mean Time toResolve(MTTR)
RELEASE
FINDVULN
FIXVULN
Attack Window
MTTD MTTE
![Page 9: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/9.jpg)
@parker0phil
Continuous Delivery IS MORE secure!
![Page 10: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/10.jpg)
@parker0phil
3. Thinking about Security
![Page 11: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/11.jpg)
@parker0phil
3. Thinking about Security
![Page 12: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/12.jpg)
@parker0phil
2. Thinking about Security
Exploitability Impact
![Page 13: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/13.jpg)
@parker0phil
1. Thinking about Security
1. Rely on developers and testers more than security specialists.
2. Secure while we work more than after we’re done.3. Implement features securely more than adding on
security features.4. Mitigate risks more than fix bugs.
![Page 14: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/14.jpg)
@parker0phil
Thinkingabout Security
![Page 15: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/15.jpg)
@parker0phil
Pet Hate #3
![Page 16: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/16.jpg)
@parker0phil
Encoding Hashing
Encryption Signing
Pet Hate #2
b2JmdXNjYXRpb24=
%3Cscript%3Ealert(0)%3C%2Fscript%3E
Integrity +Non-repudiation
Confidentiality
![Page 17: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/17.jpg)
@parker0phil
Pet Hate #1
![Page 18: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/18.jpg)
@parker0phil
Pet Hates!
![Page 19: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/19.jpg)
@parker0phil
3. Enumeration of Usernames
![Page 20: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/20.jpg)
@parker0phil
3. Enumeration of Usernames
![Page 21: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/21.jpg)
@parker0phil
2. Unvalidated Redirects
?queryString=param
Cookie:value
Persisted
![Page 22: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/22.jpg)
@parker0phil
2. Unvalidated Redirects
?queryString=param
Cookie:value
Persisted
![Page 23: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/23.jpg)
@parker0phil
1. Cross-Site Request Forgery (CSRF)
![Page 24: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/24.jpg)
@parker0phil
BONUS. SelfXSS
![Page 25: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/25.jpg)
@parker0phil
BONUS. SelfXSS
![Page 26: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/26.jpg)
@parker0phil
My Favouriteattacks!
![Page 27: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/27.jpg)
@parker0phil
Continuous Delivery IS MORE secure
How we achieve Security in a CD environment
Mental Models for Security
Pet Hates
My Favourite attacks
![Page 28: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/28.jpg)
@parker0phil
Security is HARD
![Page 29: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/29.jpg)
#DevSecOpsDevSecOps#DevSecOps
![Page 30: Continuous Security](https://reader031.fdocuments.in/reader031/viewer/2022022411/58e941b81a28ab84768b5f3f/html5/thumbnails/30.jpg)
CONTINUOUSSECURITY