Professional Documents
Culture Documents
DEVSECOPS
TOMAS HONZAK / DEVSECOPS 2
“PANIC?”
TOMAS HONZAK / DEVSECOPS 6
Release Plan
TOMAS HONZAK / DEVSECOPS 7
Release Manager
Approval
Documented
Meeting
Minutes
Release Manager
Approval
Project
Documented
Manager Meeting
Minutes
Release Manager
Approval
JIRA # TO COMMIT
MESSAGE
TOMAS HONZAK / DEVSECOPS 11
JIRA # TO COMMIT
MESSAGE
TOMAS HONZAK / DEVSECOPS 11
SAST
JIRA # TO COMMIT
MESSAGE
TOMAS HONZAK / DEVSECOPS 11
SAST
JIRA # TO COMMIT
MESSAGE
TOMAS HONZAK / DEVSECOPS 11
SAST
JIRA # TO COMMIT
MESSAGE
BURP SUITE
OWASP ZAP
TOMAS HONZAK / DEVSECOPS 11
SAST
JIRA # TO COMMIT
MESSAGE
BURP SUITE
OWASP ZAP
TOMAS HONZAK / DEVSECOPS 11
SAST
BURP SUITE
OWASP ZAP
TOMAS HONZAK / DEVSECOPS 11
SAST
BURP SUITE
OWASP ZAP
LOGGED
ADDING THE “SEC” INTO DEVOPS PART 1 - DEVSEC ALERTED
REVIEWED
“COMPLIANCE
SIGN THE PACKAGE VERIFY THE SIGNATURE
CHECK”
SAST
BURP SUITE
OWASP ZAP
DEVSEC SUMMARY
▸ Move security as much to the left as possible
APPLICATION
LOGS
TOMAS HONZAK / DEVSECOPS 13
APPLICATION
LOGS
TOMAS HONZAK / DEVSECOPS 13
APPLICATION
LOGS
LOGGED
ALERTED
TOMAS HONZAK / DEVSECOPS 13
APPLICATION
LOGS
LOGGED
ALERTED
REVIEWED AND RESOLVED
TOMAS HONZAK / DEVSECOPS 13
APPLICATION
LOGS
LOGGED
ESCALATED ALERTED
REVIEWED AND RESOLVED
TOMAS HONZAK / DEVSECOPS 13
APPLICATION
LOGS
FEEDBACK
LOGGED
ESCALATED ALERTED
REVIEWED AND RESOLVED
TOMAS HONZAK / DEVSECOPS 13
APPLICATION
LOGS
FEEDBACK
LOGGED
ESCALATED ALERTED
REVIEWED AND RESOLVED
TOMAS HONZAK / DEVSECOPS 14
SECOPS SUMMARY
▸ Security Built-in on all levels
▸ Not only “DevSec”, but also non-functional requirement — secrets management, logging, encryption, …
SECURE
BY
(DESIGN)
DEVSECOPS
TOMAS HONZAK / DEVSECOPS 16
Tomas Honzak
tomas@honzak.cz