Professional Documents
Culture Documents
Zero To DevSecOps OWASP Meetup 02 19 19
Zero To DevSecOps OWASP Meetup 02 19 19
@jimmesta
Introduction to DevOps
Where to Go Next
§Version Control
§Deployment Automation
§Continuous Integration
§Trunk-Based Development
§Test Automation
§Test Data Management
§Shift Left on Security
§Continuous Delivery
COPYRIGHT ©2019 MANICODE SECURITY 8
Architecture Capabilities
§ Loosely Coupled Architecture
§ Empowered Teams
§ Customer Feedback
§ Working in Small Batches
§ Team Experimentation
Live
Extreme Programming
Development
Quality Software
Idea Testing Deployment
Development Live
Development
Continuous Continuous
Idea Integration Delivery Live
Development
Development
Continuous Continuous Microservices
Idea Integration Deployment
Development
Save $$$
Development Operations
Development Operations
Dev
Ops
Development Operations
Dev
Ops
Development Operations
Development Operations
Cross-Training
“Everything” as Code
Tools
Test, Measure, and Monitor
Build
Automation
Code Committed
Repository IaaS, PaaS,
On-Prem, etc.
Configuration management,
artifact creation, db
Peer review migrations, etc.
Monitoring
and alerting
https://github.com/awslabs/git-secrets
https://github.com/zaproxy/community-scripts/tree/master/api/mass-baseline
Infrastructure as a Service
Secrets Storage
Managed by Ops
Auto Scaling Amazon
Amazon EC2
DynamoDB
IaaS Provider
Physical VM Hosts
Network Hardware
5. Other
Long Term
Storage
IaaS
Query Interface
Anomaly
DevSecOps
Alerting System
COPYRIGHT ©2019 MANICODE SECURITY 77
Infrastructure as Code
Base
Version Catalog
Base Image
0.2
Image
0.2
Base OS
Instance 2
Packages Base
Image
0.2
Packages Base
Image
0.2
Instance n
Latest Code Base
Image
0.2
Base
Version Catalog
Base Image
0.2
Image
0.2
Base OS
Instance 2
Packages Base
Image
0.2
Base
Version Catalog
Base Image
0.3
Image
0.3
Base OS
Instance 2
Packages Base
Image
0.3
Physical Server
Host
VM
Guest Guest Guest
OS OS OS
Hypervisor
Hypervisor