Put Security Into Your DevOps NOW. Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018
|
|
- Dustin Eaton
- 5 years ago
- Views:
Transcription
1 Put Security Into Your DevOps NOW Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018
2 Defining Devops State of Devops Report (Puppet, Dora):..set of practices and cultural values that has been proven to help organizations of all sizes improve their software release cycles, software quality, security, and ability to get rapid feedback on product development. Amazon Web Services: cultural philosophies, practices, and tools that increases an organization s ability to deliver applications and services at high velocity Wikipedia: strongly advocate automation and monitoring at all steps of software construction, from integration, testing, releasing to deployment and infrastructure management. DevOps aims at shorter development cycles, increased deployment frequency, more dependable releases, in close alignment with business objectives. Sources: 2017 State of DevOps Report, Presented by Puppet and DORA Amazon Web Services : Wikipedia: 2
3 More Applications released 30x Faster DevOps Speed d App App App App Number of Applications Release Frequency 3 Source: Better outcomes, faster results. Continuous delivery and the race for better business performance, Forrester Thought Leader Paper commissioned by HP (now Hewlett Packard Enterprise)
4 AppSec Risk by the Numbers 1,900,000,000 Records lost globally in the first half of ,400,000 Sensitive PII records lost in a single US breach 15% Survey respondents reported a breach 23% Survey respondents citing their application as source 4 References: breachlevelindex.com and SANS 2017 Application Security survey
5 Top Breaches by Type 1H Reference: Verizon DBIR 2017
6 Embedding Security into the SDLC= Huge Benefits Without Fortify, you deal with: With Fortify, you benefit from: Slow time to market Lots of false positives Longer scans Slow remediation Few vulnerabilities found 30x faster time to market 95% fewer false positives 10 15x faster scans 10x faster remediation 2x more vulnerabilities found 6
7 Promise vs Reality of Security in DevOps Where does security currently fit 99% of those surveyed agreed that DevOps is an opportunity to improve application security none 17% Testing during Development 20% But only 20% perform application security testing during development. Most wait until late in the SDLC or not at all! Network 25% Pre-Production Gate 38% 7 Reference: Application Security and DevOps Report 2016
8
9 If there s something we need to comply with, let s turn it into an automated test. Mark Schwartz, former CIO USCIS DevOps Enterprise Summit 2014
10 Tenants of Dev Sec Ops Automated Testing Security Testing must be comprehensive and automated within the pipeline Able to make automated decisions on security testing Fail Fast Fix Fast Developers equipped to fix security issues rapidly Immediate security feedback into into singular Issue Management Integrated Feedback Cloud Deployable Able to provision entire pipeline as code 10
11 Integrate application security with DevOps DevOps requires an expanded scope of application security from development through Traditional scanning and testing and into production. SCA, FoD WebInspect 11 Confidential
12 Fortify Software Security Assurance Automated Comprehensive Security Focused static analysis Dedicated Software Security Research Group not crowdsourced nor after-thought Over 800 Vulnerability Categories covered with quarterly updates Developers Plugins to take them to Vulnerable Line Of Code for fix, and Security Assistant for Prevention Build Adapters for automating build integration CI Plugins for scanning at build time and updating build status Issue Management Integrations Headless installs for cloud deployment into ephemeral environments 12
13 Best Programming Language Coverage 25+ Programming Languages supported and counting + 10
14 Static Software Scanning Process Check in Code Scheduled or Triggered Check-out and Build Continuous Integration Jenkins, TFS, etc. (Auto) Deliver for Analysis Code Repository REPEAT AS NECESSARY Vulnerability Findings Developers Issue Tracking Developer Fixes Bug / Finding Scrum Scanning Engine (SCA) Submit Findings to Bug Tracker Mgmt Portal (SSC) Security/Tech Lead
15 Developer Desktop Security Assistant Real time checking for most common issues as you type 15
16 Developer Desktop IDE Plugins Scan and fix vulnerabilities before committing. Open scan files generated from build integrations or security auditors for line of code detail vulnerability overlaid on your code and fix information 16
17 Build Integrations Out of the Box GNU Make MSBuild XCodeBuild Build Integrations make it easy to integrate automated static analysis into the complete build process. Out of the box support for a wide variety of BUILD TOOLS Robust Fortify Command Line utilities exist for additional integrations. 17
18 Continuous Integration Plugins Fortify Client Fortify FPR Utility 18
19 Jenkins Plugin Simplifies creating a Fortify Scan job via Jenkins Performs scan, uploads to Software Security Center Updates BUILD STATUS based on criteria Reports security status within the plugin no need to login anywhere else for quick status checks. 19
20 Jenkins Plugin Filter results based on template of your prioritizations Fail the build based on a search syntax 20
21 Fortify SCA With Continuous Integration Easy Integration: Integrate into the actual build with out-of-the-box integrations and utilities Flexible Architecture: Perform scan directly on build server or offload to included CloudScan array Deployable: Source Code Analyzer is easily deployed via a Jenkins job for ephemeral systems Build Status Support: Using integrations, utilities or API to read results and make realtime build status decision 21
22 CloudScan Optional Architecture included with Fortify Only code translation performed on build machine, then shipped to CloudScan for longer running scan phase. FPR file is uploaded to SSC and parsed for build status as normal. Centralizes scanning to a few machines shared across multiple build machines Removes intensive and slower scanning process from build pipeline. 22
23 Software Security Center Enterprise Ready Software Security Management LDAP/SSO/CAC Ready Artifact and Vulnerability Management Portfolio level KPI s and Metrics Open Reporting Interface with STIG and FISMA Reports Swaggerized RESTFul APIs Issue Management Integrations 23
24 Issue Management Integrations Application Lifecycle Management Fortify Service Integration Extendable Plugin Architecture 24
25 Key Software Security Center Integrations Automatically Receive scan files from build integrations Automated management metrics updating Swaggerized APIs for deeper automation Web-based results reviewing Automated downloading of scan files to developers Fortify instances on their desktop Push results automatically to issue management with extensible plugin framework STIG Compliance Reporting 25
26 Audit Assistant Machine learning to make AppSec more efficient Identify true vulnerabilities with up to 98% accuracy and prioritize them for remediation faster Return value-added time to your developers and auditors Focus on triaging and investigating high priority vulnerabilities. 26
27 WebInspect Automated Dynamic Scanning Remote headless provisioning for ephemeral environments (requires on-site persistent license management server in infrastructure) Swaggerized API for automated scanning. Import test results into Software Security Center to aggregate with Static analysis metrics and Issue Management integration Results exportable as FPR format and can be opened and viewed in IDE Plugins or Audit Workbench just like static results. 27
28 Developer Code Repository Continuous Integration Jenkins, TFS, etc. Continuous Delivery Docker Dynamic Testing WebInspect, Functional Test, Performance Test Deployment IDE Plugin Security Assistant Static Code Analyzer Correct vulns as typing Scans full unit code and corrects before committing Reviews and fixes issues identified in downstream testing Issue Tracking CI Plugins Build Integration, Static Code Analyzer Triggered or scheduled build and scan Software Security Center Security Auditor WebInspect Jenkins job to API to perform scan Audit workbench Review results, update templates, submit findings to Issue Management
29 Where are you with Devops? Do you have a plan for embedding security into it?
30 Thank You.
Securing DevOps, RMF and STIG
Securing DevOps, RMF and STIG Scott Snowden Sameer Kamani May 2017 San Diego Federal Fortify Users Group DevOps definition and principles DevOps (a clipped compound of development and operations) is a
More informationEffective Application Security Testing at High Velocity: Keeping up with Agile / DevOps February 28, 2017 Today s Speaker:
Effective Application Security Testing at High Velocity: Keeping up with Agile / DevOps February 28, 2017 Today s Speaker: Cindy Blake CISSP Product Marketing Manager Hewlett Packard Enterprise Effective
More informationMicro Focus Fortify. Andy Earle Sr. Security Solutions Architect. Haleh Nematollahy Sr. Security Solutions Architect
Micro Focus Fortify Andy Earle Sr. Security Solutions Architect Haleh Nematollahy Sr. Security Solutions Architect Introduction Derrick Wilson Civilian- Account Executive Nicole Cragin Civilian - Account
More informationSuman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017
Suman Sourav Director DevSecOps, Vantage Point Security OWASP Indonesia Day 2017 About me Certified Secure Software Lifecycle Professional (CSSLP) 12+ Years of Experience in Software Security Co-Founder
More informationTHE THREE WAYS OF SECURITY. Jeff Williams Co-founder and CTO Contrast Security
THE THREE WAYS OF SECURITY Jeff Williams Co-founder and CTO Contrast Security 1. TODAY S AVERAGE APPLICATION IS A SECURITY DISASTER 2. SOFTWARE IS LEAVING SECURITY IN THE DUST SOFTWARE Typical enterprise
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationDevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY
DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo
More informationBrochure. Fortify on Demand. Fortify on Demand. Static Application Security Testing
Fortify on Demand Static Application Security Testing Brochure Fortify on Demand Brochure Fortify on Demand Static Application Security Testing Static Application Security Testing Micro Focus Fortify on
More informationMicro Focus Security Fortify. Application Security
Micro Focus Security Fortify Application Security Secure the new Application security in DevOps Agenda: - Fortify in brief (Offerings) - Fortify Source Code Analyzer - Fortify WebInspect - Using Fortify
More informationAccelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services
Accelerate your Software Delivery Lifecycle with IBM Development and Test Environment Services DevOps Best Practices for High-Performing Enterprises Enterprise capability for continuous software delivery
More informationSecurity as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS
Security as Code: The Time is Now Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS Introduction Business is moving faster to the cloud, and DevOps is accelerating scale and pushing automation
More informationBrochure. Security. Fortify on Demand Dynamic Application Security Testing
Brochure Security Fortify on Demand Dynamic Application Security Testing Brochure Fortify on Demand Application Security as a Service Dynamic Application Security Testing Fortify on Demand delivers application
More informationAppSec Pipeline Application Security in an Agile Development, DevOps and Continuous Integration/Delivery/Change world.
AppSec Pipeline Application Security in an Agile Development, DevOps and Continuous Integration/Delivery/Change world. Doug Morato Sr. Manager PwC NIS App-Sec OWASP Tampa Meeting - 02/19/2016 Who am I
More informationHP APPs v.12 Solutions for Dev-Ops
HP APPs v.12 Solutions for Dev-Ops Kimberly Fort HP Software July 2014 Kimberly Fort Software Solutions Architect *5 Months with HP *17 Years experience using HP Tools & products *20 Years experience in
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com In short, software is eating the world. - Marc Andreessen, Wall Street Journal, August 2011 UBER, LYFT FALLOUT: TAXI
More informationKako napraviti Cloud?
Kako napraviti Cloud? Tomislav Lukačević Converged Infrastructure Presales Consultant tomislav.lukacevic@hp.com Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein
More informationDevOps and Continuous Delivery USE CASE
DevOps and Continuous Delivery USE CASE CliQr DevOps and Continuous Delivery Page 2 DevOps and Continuous Delivery In the digital economy, increasing application velocity is key to success. In order to
More informationStrengthen and Scale security using DevSecOps
OWASP Indonesia Meetup Strengthen and Scale security using DevSecOps $ www.teachera.io!"# @secfigo % secfigo@gmail.com # whoami Author, Speaker and Community Leader. Speaker/Trainer at Blackhat, AppSec EU,
More informationMay Capabilities to help expand and. mature SWA program. Haleh Nematollahy Sr. Security Solutions Architect
May 2017 Capabilities to help expand and mature SWA program Haleh Nematollahy Sr. Security Solutions Architect Fortify Security Assistant 2 Fortify security assistant Building in security as you code Identify
More informationFedRAMP Fortify on Demand
FedRAMP Fortify on Demand Software Version: 17.1 Release Notes Document Release Date: Sept. 2017 Software Release Date: Sept. 2017 As organizations continue to embrace DevOps principles, the latest release
More informationAutomating Security Practices for the DevOps Revolution
Automating Security Practices for the DevOps Revolution Hari Srinivasan Director Product Management, Cloud and Virtualization Security Qualys Inc. 1 Qualys, Inc. 2018 Agenda Transformation of today s IT
More informationDiscover Best of Show März 2016, Düsseldorf
Discover Best of Show 2016 2. - 3. März 2016, Düsseldorf 2. - 3. März 2016 Softwaresicherheit im Zeitalter von DevOps Lucas von Stockhausen Regional Product Manager Fortify The case for Application Security
More informationA DEVOPS STATE OF MIND. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND Chris Van Tuin Chief Technologist, West cvantuin@redhat.com THE NEED FOR SPEED THE ACCELERATION OF APPLICATION DELIVERY FOR THE BUSINESS In short, software is eating the world. -
More informationHPE Security Fortify Software Security Center
HPE Security Fortify Software Security Center Software Version: 16.20 Installation and Configuration Guide Document Release Date: December 2016 Software Release Date: December 2016 Legal Notices Warranty
More informationSecure DevOps: A Puma s Tail
Secure DevOps: A Puma s Tail SANS Secure DevOps Summit Tuesday, October 10th 2017 Eric Johnson (@emjohn20) Eric Johnson, CISSP, GSSP, GWAPT Cypress Data Defense Principal Security Consultant Static code
More informationDay One Success for DevSecOps and Automation on Azure
Day One Success for DevSecOps and Automation on Azure Chris Jeffrey Senior Cloud Architect Microsoft Azure Cloud Technology Partners, A Hewlett Packard Enterprise Company Twitter: @chrisjeffrey_uk What
More informationMicro Focus Fortify Application Security
Micro Focus Fortify Application Security Petr Kunstat SW Consultant +420 603 400 377 petr.kunstat@microfocus.com My web/mobile app is secure. What about yours? High level IT Delivery process Business Idea
More informationCOMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY
COMPLIANCE AUTOMATION BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Published January, 2018 : BRIDGING THE GAP BETWEEN DEVELOPMENT AND INFORMATION SECURITY Speed is nothing without control.
More informationOrchestrating the Continuous Delivery Process
Orchestrating the Continuous Delivery Process steven.g.harris@cloudbees.com @stevengharris SVP Products, CloudBees 1 Continuous Delivery Overview Feedback Loop App Lifecycle BUILD TEST STAGE Deploy Run
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationHPE Security Fortify Software
HPE Security Fortify Software What s New in HPE Security Fortify Software 17.20 November 2017 This release of HPE Security Fortify Software includes the following new functions and features. HPE Security
More informationHow to Secure Your Cloud with...a Cloud?
A New Era of Thinking How to Secure Your Cloud with...a Cloud? Eitan Worcel Offering Manager - Application Security on Cloud IBM Security 1 2016 IBM Corporation 1 A New Era of Thinking Agenda IBM Cloud
More informationQuality Engineering in DevOps world a Strategic Enabler
www.cigniti.com Unsolicited Distribution is Restricted. Copyright 2015-16, Cigniti Technologies Quality Engineering in DevOps world a Strategic Enabler » Analyst Speak» DevOps in a nutshell» DevOps vs
More informationOvercoming the Challenges of Automating Security in a DevOps Environment
SESSION ID: LAB-W02 Overcoming the Challenges of Automating Security in a DevOps Environment Murray Goldschmidt Chief Operating Officer Sense of Security @ITsecurityAU Michael McKinnon Director, Commercial
More informationDevelopment. Architecture QA. Operations
Development Architecture QA Operations Lack of business agility Slow to onboard new customers Hard to practice true DevOps Outpaced by disruptors Rogue dev projects Lack of SecOps agility Slow threat assessments
More informationI keep hearing about DevOps What is it?
DevOps & OpenShift I keep hearing about DevOps What is it? FOR MANY ORGANIZATIONS, WHAT IS I.T. LIKE TODAY? WATERFALL AND SILOS Application Version X DEVELOPMENT OPERATIONS IT OPS IS UNDER PRESSURE ENVIRONMENT
More informationApplication Security at Scale
Jake Marcinko Standards Manager, PCI Security Standards Council Jeff Williams CTO, Contrast Security Application Security at Scale AppSec at Scale Delivering Timely Security Solutions / Services to Meet
More informationHP Fortify Scanning Plugin for Xcode
HP Fortify Scanning Plugin for Xcode Software Version: 4.40 User Guide Document Release Date: November 2015 Software Release Date: November 2015 Legal Notices Warranty The only warranties for HP products
More informationDevNet Workshop-Hands-on with CloudCenter and Jenkins
DevNet Workshop-Hands-on with CloudCenter and Jenkins Tuan Nguyen, Technical Marketing Engineer, CPSG Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find
More informationFortify WebInspect Workshop. Lab Exercises
Fortify WebInspect Workshop Lab Exercises 1 Exercise 1: Start the Fortify Demo Environment Setup Start the Fortify Demo Server There s a Launch the Riches Demo App Shortcut on your desktop **It should
More informationBPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.
BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...
More informationThis release of Micro Focus Fortify Software includes the following new functions and features. Micro Focus Fortify Software Security Center
Fortify Software What s New in Micro Focus Fortify Software 18.20 November 2018 This release of Micro Focus Fortify Software includes the following new functions and features. Micro Focus Fortify Software
More informationVisual Studio Team Services
bgourley@microsoft.com Visual Studio Team Services Topics What are the current products What are Visual Studio Subscriptions Subscriber Benefits DevOps and VSTS VSTS licensing Developer Tools Deployment
More informationHow Can Testing Teams Play a Key Role in DevOps Adoption?
June 3, 2016 How Can Testing Teams Play a Key Role in DevOps Adoption? Sujay Honnamane QA Director @sujayh Rameshkumar Bar Sr. Automation Architect @rameshbar 2016 Cognizant Session take away DevOps Overview
More informationContinuously Discover and Eliminate Security Risk in Production Apps
White Paper Security Continuously Discover and Eliminate Security Risk in Production Apps Table of Contents page Continuously Discover and Eliminate Security Risk in Production Apps... 1 Continuous Application
More informationVulnerability Management
Vulnerability Management Modern Vulnerability Management The IT landscape today is changing and because of that, vulnerability management needs to change too. IT environments today are filled with both
More informationIBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan
IBM Cloud Security for the Cloud Amr Ismail Security Solutions Sales Leader Middle East & Pakistan Today s Drivers for Cloud Adoption ELASTIC LOWER COST SOLVES SKILLS SHORTAGE RAPID INNOVATION GREATER
More informationDefectDojo. The Good, the Bad and the Ugly. OWASP Stammtisch Hamburg Tilmann Haak Manuel Schneider
DefectDojo The Good, the Bad and the Ugly OWASP Stammtisch Hamburg Tilmann Haak Manuel Schneider 2018-05-31 PREFACE CIO: What is the security posture of our applications? How do you handle and communicate
More informationSOLUTION BRIEF CA TEST DATA MANAGER FOR HPE ALM. CA Test Data Manager for HPE ALM
SOLUTION BRIEF CA TEST DATA MANAGER FOR HPE ALM CA Test Data Manager for HPE ALM Generate all the data needed to deliver fully tested software, and export it directly into Hewlett Packard Enterprise Application
More informationCA Test Data Manager Key Scenarios
WHITE PAPER APRIL 2016 CA Test Data Manager Key Scenarios Generate and secure all the data needed for rigorous testing, and provision it to highly distributed teams on demand. Muhammad Arif Application
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationManaging an Application Vulnerability Management Program in a CI/CD Environment. March 29, 2018 OWASP Vancouver - Karim Lalji 1
Managing an Application Vulnerability Management Program in a CI/CD Environment March 29, 2018 OWASP Vancouver - Karim Lalji 1 About Me Karim Lalji Managing Security Consultant (VA/PT) at TELUS Previously:
More informationCONTINUOUS DELIVERY IN THE ORACLE CLOUD
CONTINUOUS DELIVERY IN THE ORACLE CLOUD Lykle Thijssen Bruno Neves Alves June 7, 2018 NLOUG Tech Experience Amersfoort eproseed Confidential ABOUT US Lykle Thijssen Principal Architect and Scrum Master
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More informationTaking Control of Your Application Security
EDUCAUSE Wednesday, May 3 rd Taking Control of Your Application Security 2017 SANS Institute All Rights Reserved INTRODUCTION Eric Johnson, CISSP, GSSP-Java, GSSP-.NET, GWAPT Application Security Curriculum
More informationTM DevOps Use Case. 2017TechMinfy All Rights Reserved
Document Details Use Case Name TMDevOps Use Case04 First Draft 10 th Dec 2017 Author Reviewed By Amrendra Kumar Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Pre-Conditions/Trigger... 4
More informationTHE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015
THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT 2 EXECUTIVE SUMMARY The growth of enterprise-developed applications has made it easier for businesses to use technology to work more efficiently and productively.
More informationMicro Focus Security Fortify Audit Assistant
White Paper Security Micro Focus Security Fortify Audit Assistant Table of Contents page Introduction... 1 Why Static Application Security Testing?............................................. 1 Confirmation
More informationRevolutionize the Way You Work With IMS Applications Using IBM UrbanCode Deploy Evgeni Liakhovich, IMS Developer
Revolutionize the Way You Work With IMS Applications Using IBM UrbanCode Deploy Evgeni Liakhovich, IMS Developer evgueni@us.ibm.com * 2016 IBM Corporation Trademarks, copyrights, disclaimers IBM, the IBM
More informationChapter 1 - Continuous Delivery and the Jenkins Pipeline
Chapter 1 - Continuous Delivery and the Jenkins Pipeline Objectives Key objectives of this chapter Continuous Delivery The Jenkins Pipeline A Brief Introduction to Groovy The JenkinsFile Pipeline Jobs
More informationHP Fortify Technical Publications. Glossary
HP Fortify Technical Publications Glossary Document Release Date: April 2014 Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying
More informationAdvanced Continuous Delivery Strategies for Containerized Applications Using DC/OS
Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS ContainerCon @ Open Source Summit North America 2017 Elizabeth K. Joseph @pleia2 1 Elizabeth K. Joseph, Developer Advocate
More informationTest Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions
Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving
More informationWhat s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect
What s New in Red Hat OpenShift Container Platform 3.4 Torben Jäger Red Hat Solution Architect OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9 Red Hat
More informationA DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES. Chris Van Tuin Chief Technologist, West
A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES Chris Van Tuin Chief Technologist, West cvantuin@redhat.com Open Source V In short, software is eating the world. - Marc Andreessen, Wall Street Journal,
More informationContinuous Integration & Continuous Deployment (CI/CD) with a Cloud Delivery Platform
A HOW-TO GUIDE Continuous Integration & Continuous Deployment (CI/CD) with a Cloud Delivery Platform DevOps The What and Why WHAT WHY DevOps brings development and operations together and automates the
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
DEV2704BU Delivering Infrastructure as Code: Practical Tips and Advice Peg Eaton #VMworld #DEV2704BU Disclaimer This presentation may contain product features that are currently under development. This
More informationTurbo boost your digital app test automation with Jenkins
Turbo boost your digital app test automation with Jenkins Step-by-Step Tutorial May, 2018 Speakers Sheli Ashkenazi Sr. Product Manager Experitest Jonathan Aharon Sr. Sales Engineer Experitest 2 01 The
More informationAWS Reference Design Document
AWS Reference Design Document Contents Overview... 1 Amazon Web Services (AWS), Public Cloud and the New Security Challenges... 1 Security at the Speed of DevOps... 2 Securing East-West and North-South
More informationContinuous Opportunity: DevOps & Security
August 2017 August 15, 2017 Continuous Opportunity: DevOps & Security 2016-2017 SANS Institute All Rights Reserved Introduction Ben Allen Security Engineer at SANS Institute Operations Engineer, Developer
More informationTHE ART OF SECURING 100 PRODUCTS. Nir
THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!
More informationSELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats
SELLING YOUR ORGANIZATION ON APPLICATION SECURITY Navigating a new era of cyberthreats Selling Your Organization on Application Security 01 It's no secret that cyberattacks place organizations large and
More informationCLOUD WORKLOAD SECURITY
SOLUTION OVERVIEW CLOUD WORKLOAD SECURITY Bottom line: If you re in IT today, you re already in the cloud. As technology becomes an increasingly important element of business success, the adoption of highly
More informationSUSE s vision for agile software development and deployment in the Software Defined Datacenter
From Git to Cloud SUSE s vision for agile software development and deployment in the Software Defined Datacenter Joachim Werner Senior Product Manager joe@suse.com Peter Chadwick Director Product Management
More informationWe re redefining Software Quality
We re redefining Software Quality Continuous Testing Web Services Agile Testing Mobile Device Farm Test Lifecycle Management Performance Test Quality Assurance Mobile Device Management Test Life Cycle
More informationConverged Security - Protect your Digital Enterprise May 24, Copyright 2016 Vivit Worldwide
Converged Security - Protect your Digital Enterprise May 24, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Richard Bishop Vivit Board United Kingdom Chapter
More informationTM DevOps Use Case TechMinfy All Rights Reserved
Document Details Use Case Name TMDevOps Use Case01 First Draft 5 th March 2018 Author Reviewed By Prabhakar D Pradeep Narayanaswamy Contents Scope... 4 About Customer... 4 Use Case Description... 4 Primary
More informationNo Limits Cloud Introducing the HPE Helion Cloud Suite July 28, Copyright 2016 Vivit Worldwide
No Limits Cloud Introducing the HPE Helion Cloud Suite July 28, 2016 Copyright 2016 Vivit Worldwide Brought to you by Copyright 2016 Vivit Worldwide Hosted By Jeff Jamieson VP Sales & Marketing Whitlock
More informationDevOps Tooling from AWS
DevOps Tooling from AWS What is DevOps? Improved Collaboration - the dropping of silos between teams allows greater collaboration and understanding of how the application is built and deployed. This allows
More informationDevOps Agility in the Evolving Cloud Services Landscape
DevOps Agility in the Evolving Cloud Services Landscape Kiran Chitturi CTO Architect, Sungard Availability Services @nkchitturi Kiran Chitturi Architect in the Office of the CTO Focus on DevOps and cloud
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
DEV2704BE Delivering Infrastructure as Code: Practical Tips and Advice Peg Eaton #vmworld #DEV2704BE Disclaimer This presentation may contain product features that are currently under development. This
More informationHow to Build an Appium Continuous Testing Pipeline
How to Build an Appium Continuous Testing Pipeline Step-by-Step Tutorial November, 2017 Today s speakers Guy Arieli, CTO, Experitest Ruth Zamir Marketing Director Experitest 01 Why do we need continuous
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationJenkins: A complete solution. From Continuous Integration to Continuous Delivery For HSBC
Jenkins: A complete solution From Integration to Delivery For HSBC Rajesh Kumar DevOps Architect @RajeshKumarIN www.rajeshkumar.xyz Agenda Why Jenkins? Introduction and some facts about Jenkins Supported
More informationCloud Essentials for Architects using OpenStack
Cloud Essentials for Architects using OpenStack Course Overview Start Date 5th March 2015 Duration 2 Days Location Dublin Course Code SS15-13 Programme Overview Cloud Computing is gaining increasing attention
More informationDevOps in the Cloud A pipeline to heaven?! Robert Cowham BCS CMSG Vice Chair
DevOps in the Cloud A pipeline to heaven?! Robert Cowham BCS CMSG Vice Chair Agenda Definitions, History & Background Cloud intro DevOps Pipelines Docker containers Examples 2 Definitions DevOps Agile
More informationAzure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region
Azure DevOps Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region What is DevOps? People. Process. Products. Build & Test Deploy DevOps is the union of people, process, and products to
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationGoing cloud-native with Kubernetes and Pivotal
Going cloud-native with Kubernetes and Pivotal A guide to Pivotal Container Service (PKS) by role Fast, low-risk enterprise-grade Kubernetes has arrived With Pivotal Container Service (PKS), organizations
More informationDEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper
DEVOPSIFYING NETWORK SECURITY An AlgoSec Technical Whitepaper Introduction This technical whitepaper presents and discusses the concept of Connectivity as Code, a complementary concept to Infrastructure
More informationHPE Security Fortify Plugins for Eclipse
HPE Security Fortify Plugins for Eclipse Software Version: 17.20 Installation and Usage Guide Document Release Date: November 2017 Software Release Date: November 2017 Legal Notices Warranty The only warranties
More informationAspirin as a Service: Using the Cloud to Cure Security Headaches
SESSION ID: CSV-T10 Aspirin as a Service: Using the Cloud to Cure Security Headaches Bill Shinn Principle Security Solutions Architect Amazon Web Services Rich Mogull CEO Securosis @rmogull Little. Cloudy.
More informationBEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE
BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE OUR ORGANISATION AND SPECIALIST SKILLS Focused on delivery, integration and managed services around Identity and Access Management.
More informationIntroduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationHow to Keep UP Through Digital Transformation with Next-Generation App Development
How to Keep UP Through Digital Transformation with Next-Generation App Development Peter Sjoberg Jon Olby A Look Back, A Look Forward Dedicated, data structure dependent, inefficient, virtualized Infrastructure
More informationAutomating the Software-Defined Data Center with vcloud Automation Center
Automating the Software-Defined Data Center with vcloud Automation Center 10 June 2014 Chris Alleaume Senior Systems Engineer 2014 VMware Inc. All rights reserved. The Impact of the Accelerating Pace of
More informationRed Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases. Lutz Lange Solution
Red Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases Lutz Lange Solution Architect @AtomicContainer OpenShift Roadmap OpenShift Container Platform 3.2 Kubernetes 1.2 & Docker 1.9
More informationDelivering Complex Enterprise Applications via Hybrid Clouds
Whitepaper Delivering Complex Enterprise Applications via Hybrid Clouds As enterprises and industries shake off the effects of the last recession, the focus of IT organizations has shifted from one marked
More informationDocker CaaS. Sandor Klein VP EMEA
Docker CaaS Sandor Klein VP EMEA The Docker mission Build Ship Run Distributed Applica ons Anywhere Docker Driving the Containerization Movement Build, Ship, Run Distributed Applications Anywhere Docker
More informationDevOps A How To for Agility with Security
DevOps A How To for Agility with Security Murray Goldschmidt, COO Compliance, Protection & Business Confidence Sense of Security Pty Ltd Sydney Level 8, 66 King Street Sydney NSW 2000 Australia Melbourne
More information