Explore the intersection of security and DevOps in this 49-minute LASCON conference talk. Delve into the importance of understanding adversaries and hunting down bad actor activity to enhance application safety. Learn about linking security architecture decisions to feedback loops, enumerating attack surfaces, and breaking down architectural basics such as zoning, containment, asset management, authentication, and encryption. Discover the DevSecOps Maturity Model and behaviors, and gain insights into getting ahead of security threats. Engage with practical examples, including a Full Stack Attack demonstration, and find out how to join the DevSecOps community for ongoing learning and collaboration.
Overview
Syllabus
Intro
Security for DevOps
A DevOps Feedback Loop
The million dollar question...
Adversaries...
What's the best method to hunt adversaries and targets?
How do I ensure I find them all?
Enumerating Attack Surface
Mechanics of an Attack
Converting to Human (DevOps)
Can we break this down into Architectural Basics?
Zoning & Containment
Asset Management
Authentication (Access)
Encryption
What about Application Security?
What does getting ahead look like?
DevSecOps Maturity Model & Behaviors
You might need a hat trick...
Full Stack Attack at RSA
Get Involved and Join the Community
Taught by
LASCON
