security with the speed of continuous delivery

Report

Post on 15-Jan-2017

530 Views

Category:

Presentations & Public Speaking

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Confidential

Security with the Speed of Continuous Delivery

‹#›

Tapabrata “Topo” PalDirector, Next Generation Infrastructure

tapabrata.pal@capitalone.com @TopoPal

Past: • PhDinSemiconductorPhysics• 20yearsofITexperienceasDeveloper,Architect,SystemEngineer

• ExperienceinRetail,HealthcareandFinanceindustries

mailto:tapabrata.pal@capitalone.com

‹#›

OWSAP Top 10

‹#›

OWSAP Top 10

‹#›

‹#›

‹#›

‹#›

‹#›

‹#›

‹#›

Speed

‹#›

Speed

‹#›

Speed

‹#›

SpeedSpeed is the new currency

‹#›

‹#›

‹#›

‹#›

‹#›

‹#›

‹#›

Development • Architecture • Design • Code • Test

‹#›

Business • Requirements • Feature Request • Roadmap

Development • Architecture • Design • Code • Test

‹#›

Business • Requirements • Feature Request • Roadmap

Development • Architecture • Design • Code • Test

Operations • Infrastructure • Platforms • Environment • Deployment • Incident Mgmt • Change & Release Mgmt.

‹#›

Business • Requirements • Feature Request • Roadmap

Development • Architecture • Design • Code • Test

Operations • Infrastructure • Platforms • Environment • Deployment • Incident Mgmt • Change & Release Mgmt.

Information SecurityApplication Security Security Testing Information Security Infrastructure Security

‹#›

Business • Requirements • Feature Request • Roadmap

Development • Architecture • Design • Code • Test

Operations • Infrastructure • Platforms • Environment • Deployment • Incident Mgmt • Change & Release Mgmt.

Information SecurityApplication Security Security Testing Information Security Infrastructure Security

DevOpsSec

‹#›

‹#›

Shift Left

‹#›

Shift Left Automate

Everything

‹#›

Shift Left Automate

EverythingDashboard Everything

‹#›

‹#›

code.commit()

‹#›

code.commit() (Deployed) app.use()

‹#›

code.commit() (Deployed) app.use()everything.automate()

‹#›

code.commit() (Deployed) app.use()everything.automate()

‹#›

code.commit() (Deployed) app.use()everything.automate()

‹#›

code.commit() (Deployed) app.use()everything.automate()

‹#›

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Code Quality Check

Unit/Integration

Test

Binary Repository

CI Tool

IDESource Control

Agile PM Tools

Defect Management

Reque

st, P

lan

Report Results

Automated Tests

Code Analysis

Automated

Build

Develop, Unit Test

ContinuousIntegration

Automated/Continuous Deployment

Plan

Monitor

Verify

Deploy

ContinuousDeployment

Test Mgmt

Test Data Mgmt

Develop

Promote

Verify

Execute

Service Test

UI Test

Device Test

Perf Test

Security Test ContinuousTesting

Service Virtualization

Acceptance Test

Infrastructure and Environment

Dashboard/Feedback

End to End Traceability, Real time status of Code, Build, Deploy, Test, Application and Environment Health

‹#›

Delivery Pipeline: Automated, Continuous, Compliant

Code Build Release MonitorDeploy + Test Execution

‹#›

Delivery Pipeline: Automated, Continuous, Compliant

Code Build Release MonitorDeploy + Test Execution

App

Test

Infra

‹#›

Delivery Pipeline: Automated, Continuous, Compliant

Code Build Release MonitorDeploy + Test Execution

App

Test

Infra

DEV INT QA PERF PROD

DEV INT

SEC

QA SEC PERF PROD

DEV INT QA SEC PERF PROD

‹#›

Delivery Pipeline: Automated, Continuous, Compliant

Code Build Release MonitorDeploy + Test Execution

App

Test

Infra

DEV INT QA PERF PROD

DEV INT

SEC

QA SEC PERF PROD

DEV INT QA SEC PERF PROD Infra

App

‹#›

Delivery Pipeline: Automated, Continuous, Compliant

Code Build Release MonitorDeploy + Test Execution

App

Test

Infra

DEV INT QA PERF PROD

DEV INT

SEC

QA SEC PERF PROD

DEV INT QA SEC PERF PROD Infra

App

Flow

‹#›

Delivery Pipeline: Automated, Continuous, Compliant

Code Build Release MonitorDeploy + Test Execution

App

Test

Infra

DEV INT QA PERF PROD

DEV INT

SEC

QA SEC PERF PROD

DEV INT QA SEC PERF PROD Infra

App

Flow Feedback

‹#›

Delivery Pipeline: Automated, Continuous, Compliant

Code Build Release MonitorDeploy + Test Execution

App

Test

Infra

DEV INT QA PERF PROD

DEV INT

SEC

QA SEC PERF PROD

DEV INT QA SEC PERF PROD Infra

App

Flow Feedback

Automated Audit and Security Controls at every step

‹#›

Code

Application Code

Test Code

Infrastructure Code

‹#›

Code

Application Code

Test Code

Infrastructure Code

‹#›

Code

Application Code

Test Code

Infrastructure Code

‹#›

Code

Application Code

Test Code

Infrastructure Code

‹#›

Code

Application Code

Test Code

Infrastructure Code

‹#›

Code

Application Code

Test Code

Infrastructure Code

‹#›

Code

Application Code

Test Code

Infrastructure Code

‹#›

Build

‹#›

Build

‹#›

Build

‹#›

Build

‹#›

Build

‹#›

Build

‹#›

Deploy + Test Execution

‹#›

Deploy + Test Execution

‹#›

Deploy + Test Execution

‹#›

Deploy + Test Execution

‹#›

‹#›

‹#›

‹#›

Collaborate Early

‹#›

Collaborate Early

• Setup your IDE with security Plugin(s) • Setup Nexus CLM + Jenkins Integration • Write Security ATDD Test Cases • Setup Fortify Scanning Job • Setup WebInspect scab job • Fix security defects

‹#›

‹#›

‹#›

‹#›

‹#›

Any Question?

top related

continuous integration, continuous quality, continuous...
Technology
continuous delivery
Technology
continuous delivery / continuous integration
Documents
continuous delivery of continuous delivery - … · puppet...
Documents
continuous delivery seminars...devops, continuous delivery...
Documents
continuous happiness by continuous delivery
Technology
von continuous integration zu continuous delivery ·...
Documents
continuous delivery requires continuous communication
Leadership & Management
testing in a continuous delivery world - continuous delivery...
Software
continuous testing for continuous delivery
Technology
continuous delivery: delivering client value at light speed...
Technology
continuous delivery vortrag @ continuous lifecycle...
Technology
continuous deployment: beyond continuous delivery
Software
continuous delivery continuous integration 0.3
Business
speed up continuous delivery with bigdata analytics
Technology
von continuous integration zu continuous delivery ·...
Documents
acceptance testing for continuous delivery › events ›...
Documents
continuous delivery - jfokus · continuous delivery from...
Documents
flusso continuous integration & continuous delivery
Software
continuous delivery of continuous delivery ·...
Documents