SlideShare una empresa de Scribd logo

TWISummit 2019 - Build Security In

Thoughtworks
Thoughtworks

With agile and faster delivery becoming a norm, building security into the software is the best way to deliver secure software at the pace of DevOps. Then, what are the different people aspects, processes, practices and tools that uphold security seamlessly?

Tecnología
1 de 40
©ThoughtWorks 2019
The Security Sandwich } Security discussions Secure Infrastructure Penetration testing A lot of changes Who is taking care of security? ©ThoughtWorks 2019Reference: https://speakerdeck.com/shirishp/building-a-continuous-secure-delivery-pipeline
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ ©ThoughtWorks 2019
“The idea of a perimeter defense isn’t necessarily wrong, it’s just not enough.” - Dave Elliman https://www.thoughtworks.com/insights/blog/lean-model-security-and-security-practices ©ThoughtWorks 2019
Defense in depth Reference: https://www.gannett-cdn.com/-mm- /9bb83c731e5249c4c7a85922094689d746a603a1/c=0-0-580-435/local/- /media/2016/10/04/Rochester/wp-ROC-RocNext-10744-Security-is-like-an- onion1.jpg ©ThoughtWorks 2019
The scale problem ©ThoughtWorks 2019
Delivery at speed needs security at speed ©ThoughtWorks 2019
Cost of fixing a defect Cost When defect was found ©ThoughtWorks 2019
It is an evolutionary world, always ©ThoughtWorks 2019
©ThoughtWorks 2019Reference: https://speakerdeck.com/shirishp/building-a-continuous-secure-delivery-pipeline
©ThoughtWorks 2019
BSI - BUILD SECURITY IN (PRACTICES) Planning Requirement Design Security training ● For stakeholders ● For development team ● Business level threat modeling ● Security Acceptance criteria ● Evil/Abuse stories ● Application threat modeling with delivery team ● Architecture review ● Security defaults ● SAST ● Dependency check ● Secrets scan ● Security unit test run Automated security checks and access controls ● Security framework, API ● Security code ● review ● Security Driven Development ● Security scan ● Automated ● Scanning ● DAST ● Security functional testing ● Continuous pen- testing Build Code Testing Deploy ● Penetration testing, certification ● Automated checks ● Access Controls ● Server side DOS prevention ● Server & data hardening ● Monitoring and auditing Deploy and Release ● Ensuring Secure Containerisation ● Privilege Management ● Automated Container Assessment ©ThoughtWorks 2019
You need both! ©ThoughtWorks 2019
Pre-development ©ThoughtWorks 2019
● Make it easy to write secure code and difficult to make mistakes ● Build on top of secure libraries and frameworks ● Build security in upfront and try to make it seamless ● Define a security low bar which all projects need to meet, such as, ○ All passwords must be hashed ○ Host, networks are hardened ○ Whitelist access ● Provide tools which identify if an insecure dependency is introduced Securing Defaults ©ThoughtWorks 2019
Threat Modelling ©ThoughtWorks 2019
During Development ©ThoughtWorks 2019
SAST: Static Application Security Testing (SAST) ©ThoughtWorks 2019
Dependency Checker https://www.owasp.org/index.php/OWASP_Dependency_Check ©ThoughtWorks 2019
SAST - Checkmarx (commercial) https://www.checkmarx.com/products/static-application-security-testing/ ©ThoughtWorks 2019
Pre-commit Hooks https://github.com/thoughtworks/talisman ©ThoughtWorks 2019
Assessing Security Posture: Testing ©ThoughtWorks 2019
Designed to scan web applications, normally from the outside Great to catch low hanging fruits eg. missing CORS headers Can’t validate logic flaw automatically DAST: Dynamic Application Security Testing (DAST) AutomationSecurity Testing/Pen-Testing Holistic behaviour analysis testing Catches Many relevant and logical flaws in app Requires both Manual and Automated testing Can find critical flaws such as business logic, session issues, authZ and AuthN ... ©ThoughtWorks 2019
DAST - Burp Suite(commercial) https://portswigger.net/burp ©ThoughtWorks 2019
DAST Vulnerability Scanners Source: ibm.com Source: netsparker.com ©ThoughtWorks 2019
IAST/RASP blog.secodis.com ©ThoughtWorks 2019
Securing Infrastructure ©ThoughtWorks 2019
Infrastructure as Code ● Must have to fix security problems at one place propagate everywhere ● Compliance using code ● Manage Security Baseline for Org ● Can write security tests for ○ unnecessary services are disabled ○ ports that do not need to be open are indeed not open ○ Review permissions on sensitive files and directories ©ThoughtWorks 2019
Infrastructure Hardening ©ThoughtWorks 2019
Container Security: Twistlock Source: twistlock.com ©ThoughtWorks 2019
Through the Definition of ‘Done’ ©ThoughtWorks 2019
Demo: Secure pipeline ©ThoughtWorks 2019
An Optimised & Secure Pipeline ©ThoughtWorks 2019
©ThoughtWorks 2019
©ThoughtWorks 2019
Equifax breach • Apache Struts 2, CVE-2017-5638 • Patch released in March 7, 2017 • 148 million US,15.2 million UK customers records compromised • $1.4 B losses till now for clean up, Overhauling InfoSec Program Source: imperva.com Apache Struts 2 ©ThoughtWorks 2019
©ThoughtWorks 2019
Heartbleed • TLS Heartbleed(OpenSSL 1.0.1) • CVE-20140-0160 • TLS ‘heartbeat’ Extension • Missing Bounds Check before a memcpy() call • Community Health Systems • Personal data of about 4.5 million patients stolen https://www.chsinc.com/ ©ThoughtWorks 2019
Takeaways Establish Security Baselines Simplify, Breakdown and Accelerate Move to encouraging subscriptions Automate when in Code Ensure Timely Human Intervention Everybody Is Responsible For Security ©ThoughtWorks 2019
#TWISummit Please reach out with your ideas @harinee_m @NeeluTripathy THANK YOU ©ThoughtWorks 2019

Recomendados

TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!Thoughtworks
 
TWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingTWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingThoughtworks
 
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!NETWAYS
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXDevOps.com
 
Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Cisco DevNet
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Serverless survival kit
Serverless survival kitServerless survival kit
Serverless survival kitSteve Houël
 
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Cisco DevNet
 

Recomendados

TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!TWISummit 2019 - Take the Pain out of Browser Automation!
TWISummit 2019 - Take the Pain out of Browser Automation!Thoughtworks
 
TWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingTWISummit 2019 - Return of Reconfigurable Computing
TWISummit 2019 - Return of Reconfigurable ComputingThoughtworks
 
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!
stackconf 2021 | Fuzzing: Finding Your Own Bugs and 0days!NETWAYS
 
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXContinuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOX
Continuous Compliance and DevSecOps in Times of GDPR, HIPAA and SOXDevOps.com
 
Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Meeting rooms are talking! are you listening?
Meeting rooms are talking! are you listening?Cisco DevNet
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Serverless survival kit
Serverless survival kitServerless survival kit
Serverless survival kitSteve Houël
 
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...
Integrated, Automated Video Room Systems - Webex Devices - Cisco Live Orlando...Cisco DevNet
 
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Cisco DevNet
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Research
 
From Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryFrom Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryNordic APIs
 
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...Cisco DevNet
 
Meeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningMeeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningCisco DevNet
 
Streaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingStreaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingAlexandre Gouaillard
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Research
 
2015 Q4 webrtc standards update
2015 Q4 webrtc standards update2015 Q4 webrtc standards update
2015 Q4 webrtc standards updateAlexandre Gouaillard
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Thomas Malmberg
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceAlexandre Gouaillard
 
The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas MaurerITCamp
 
NSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsNSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsAlan Sill
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology InnovationsImesh Gunaratne
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudIRJET Journal
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Build vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementBuild vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementKim Pike
 

Más contenido relacionado

La actualidad más candente

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Cisco DevNet
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Research
 
From Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryFrom Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryNordic APIs
 
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...Cisco DevNet
 
Meeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningMeeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningCisco DevNet
 
Streaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingStreaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingAlexandre Gouaillard
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Research
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Thomas Malmberg
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceAlexandre Gouaillard
 
The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas MaurerITCamp
 
NSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsNSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsAlan Sill
 

La actualidad más candente (12)

Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
Webex APIs for Admins - Cisco Live Orlando 2018 - DEVNET-3610
 
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
SBA Live Academy - After the overflow: self-defense techniques (Linux Kernel)...
 
From Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM StoryFrom Inception to RFC – The SCIM Story
From Inception to RFC – The SCIM Story
 
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
when Apps meet Infrastructure - CodeMotionMilan2018 Keynote - Cisco DevNet - ...
 
Meeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listeningMeeting rooms are talking. Are you listening
Meeting rooms are talking. Are you listening
 
Streaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streamingStreaming Media West: Webrtc the future of low latency streaming
Streaming Media West: Webrtc the future of low latency streaming
 
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias TausigSBA Live Academy - Secure Containers for Developer by Mathias Tausig
SBA Live Academy - Secure Containers for Developer by Mathias Tausig
 
2015 Q4 webrtc standards update
2015 Q4 webrtc standards update2015 Q4 webrtc standards update
2015 Q4 webrtc standards update
 
Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...Web Application Firewall - Web Application & Web Services Security integrated...
Web Application Firewall - Web Application & Web Services Security integrated...
 
Deploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming serviceDeploying WebRTC in a low-latency streaming service
Deploying WebRTC in a low-latency streaming service
 
The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer The best of Windows Server 2016 - Thomas Maurer
The best of Windows Server 2016 - Thomas Maurer
 
NSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed ProjectsNSF CAC Cloud Interoperability Testbed Projects
NSF CAC Cloud Interoperability Testbed Projects
 

Similar a TWISummit 2019 - Build Security In

A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedJoe McCray
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondSecPod Technologies
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsAlan Tatourian
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology InnovationsImesh Gunaratne
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudIRJET Journal
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Build vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementBuild vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementKim Pike
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Chris Swan
 
IRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and IssuesIRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and IssuesIRJET Journal
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesHugo Rodrigues
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET Journal
 
Software-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOpsSoftware-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOpsVMware Tanzu
 
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsAgile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsTechWell
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldMark Nunnikhoven
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedfangjiafu
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuNixu Corporation
 

Similar a TWISummit 2019 - Build Security In (20)

A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
 
You Spent All That Money And Still Got Owned
You Spent All That Money And Still Got OwnedYou Spent All That Money And Still Got Owned
You Spent All That Money And Still Got Owned
 
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and BeyondHow BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
How BlueHat Cyber Uses SanerNow to Automate Patch Management and Beyond
 
Security Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical SystemsSecurity Architecture for Cyber Physical Systems
Security Architecture for Cyber Physical Systems
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
 
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid CloudDetailed Analysis of Security Challenges in the Domain of Hybrid Cloud
Detailed Analysis of Security Challenges in the Domain of Hybrid Cloud
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Build vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access ManagementBuild vs Buy Authorization Software - Identity and Access Management
Build vs Buy Authorization Software - Identity and Access Management
 
Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021Dart on Arm - Flutter Bangalore June 2021
Dart on Arm - Flutter Bangalore June 2021
 
IRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and IssuesIRJET- Cloud Computing Securites and Issues
IRJET- Cloud Computing Securites and Issues
 
Evolution security controls towards Cloud Services
Evolution security controls towards Cloud ServicesEvolution security controls towards Cloud Services
Evolution security controls towards Cloud Services
 
Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps Webinar – Risk-based adaptive DevSecOps
Webinar – Risk-based adaptive DevSecOps
 
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
IRJET- Design and Analytical Study of Id Based Pixel Secured Cloud Enablem...
 
Software-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOpsSoftware-Defined Security: The New School of Security Designed for DevOps
Software-Defined Security: The New School of Security Designed for DevOps
 
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of ThingsAgile at the Intersection of Mobile, Cloud, and the Internet of Things
Agile at the Intersection of Mobile, Cloud, and the Internet of Things
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wnedLayer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
Layer one 2011-joe-mccray-you-spent-all-that-money-and-still-got-0wned
 
Mitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo NixuMitre ATT&CK by Mattias Almeflo Nixu
Mitre ATT&CK by Mattias Almeflo Nixu
 

Más de Thoughtworks

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a ProductThoughtworks
 
Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & DogsThoughtworks
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovationThoughtworks
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teamsThoughtworks
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of InnovationThoughtworks
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer ExperienceThoughtworks
 
When we design together
When we design togetherWhen we design together
When we design togetherThoughtworks
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)Thoughtworks
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloudThoughtworks
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of InnovationThoughtworks
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go liveThoughtworks
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the RubiconThoughtworks
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!Thoughtworks
 
Docker container security
Docker container securityDocker container security
Docker container securityThoughtworks
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unitThoughtworks
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Thoughtworks
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to TuringThoughtworks
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked outThoughtworks
 

Más de Thoughtworks (20)

Design System as a Product
Design System as a ProductDesign System as a Product
Design System as a Product
 
Designers, Developers & Dogs
Designers, Developers & DogsDesigners, Developers & Dogs
Designers, Developers & Dogs
 
Cloud-first for fast innovation
Cloud-first for fast innovationCloud-first for fast innovation
Cloud-first for fast innovation
 
More impact with flexible teams
More impact with flexible teamsMore impact with flexible teams
More impact with flexible teams
 
Culture of Innovation
Culture of InnovationCulture of Innovation
Culture of Innovation
 
Dual-Track Agile
Dual-Track AgileDual-Track Agile
Dual-Track Agile
 
Developer Experience
Developer ExperienceDeveloper Experience
Developer Experience
 
When we design together
When we design togetherWhen we design together
When we design together
 
Hardware is hard(er)
Hardware is hard(er)Hardware is hard(er)
Hardware is hard(er)
 
Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud Customer-centric innovation enabled by cloud
Customer-centric innovation enabled by cloud
 
Amazon's Culture of Innovation
Amazon's Culture of InnovationAmazon's Culture of Innovation
Amazon's Culture of Innovation
 
When in doubt, go live
When in doubt, go liveWhen in doubt, go live
When in doubt, go live
 
Don't cross the Rubicon
Don't cross the RubiconDon't cross the Rubicon
Don't cross the Rubicon
 
Error handling
Error handlingError handling
Error handling
 
Your test coverage is a lie!
Your test coverage is a lie!Your test coverage is a lie!
Your test coverage is a lie!
 
Docker container security
Docker container securityDocker container security
Docker container security
 
Redefining the unit
Redefining the unitRedefining the unit
Redefining the unit
 
Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22Technology Radar Webinar UK - Vol. 22
Technology Radar Webinar UK - Vol. 22
 
A Tribute to Turing
A Tribute to TuringA Tribute to Turing
A Tribute to Turing
 
Rsa maths worked out
Rsa maths worked outRsa maths worked out
Rsa maths worked out
 

Último

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Último (20)

Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

TWISummit 2019 - Build Security In