Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Post DevOps What Should We Shift-Left

Riotaro OKADA
PRO
September 25, 2021
Video
0
3

Post DevOps What Should We Shift-Left

Post DevOps What Should We Shift-Left
ポストDevOps、これから我々は何をシフトレフトすべきか

Abstract:
The traditional V-shaped quality assurance of waterfall has been replaced by DevOps and CI/CD. It is clear that fast improvement cycles have contributed to making the code much easier to maintain and higher quality.
But why is it that AppSec is still vulnerable to attacks and has yet to mature? Do automated mechanisms contribute to robustness against change?
In this talk, I will show what we have learned through our experience of organizing Hardening Project in Japan. I will cover the critical points related to each stage of DevOps to take DevOps to the next stage - they are about risk profile, architecture design of threat response, and operational matter. I hope it will show some challenges that AppSec faces in its further evolution.

Riotaro OKADA
PRO

September 25, 2021
Tweet

Video

More Decks by Riotaro OKADA

See All by Riotaro OKADA
How Application Security Will Change with the Rise of AI
okdt
PRO
1
60
秘伝:脆弱性診断をうまく活用してセキュリティを確保するには
okdt
PRO
3
740
脆弱性とこれからの話 - ソフトウェアサプライチェインリスク
okdt
PRO
7
1.4k
ソフトウェアセキュリティはAIの登場でどう変わるか - OWASP LLM Top 10
okdt
PRO
14
7.5k
今から取り組む企業のための脆弱性対応 ~大丈夫、みんなよく分かっていないから~
okdt
PRO
1
140
DXとセキュリティ - IPA Digital Symposium 2021
okdt
PRO
0
110
SHIFT LEFT PATH at AWS DEV DAY3 General Session
okdt
PRO
3
1.2k
CISOが、適切にセキュリティ機能とレベルを決めるには ― 現状維持か変革かを分けるポイント
okdt
PRO
0
4
超高速開発を実現するチームに必要なセキュリティとは
okdt
PRO
0
3

Featured

See All Featured
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Rails Girls Zürich Keynote
gr2m
94
13k
A Philosophy of Restraint
colly
203
16k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Gamification - CAS2011
davidbonilla
80
5k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Ruby is Unlike a Banana
tanoku
97
11k

Transcript

  1. [email protected] @okdt OWASP Life-time member 15+ OWASPer AppSec professional OWASP

    Japan

  2. Congratulations!

  3. The first era of OWASP Documents in Japanese thanks to

    Mr. Satoru Takahashi, 2004-2006

  4. 2012 OWASP Japan 1st meetup

  5. Thank you for all your support!

  6. SHIFT LEFT? By @akiko_pusu, 2017

  7. Japanese

  8. 2021年 Developers Dislike Security: Ten Frustrations and Resolutions Chris Romeo,

    2021. https://www.youtube.com/watch?v=nN7NH752onk

  9. Shift-left analogy Let's do shift-left for progressive purposes. Front Loading

    Retrospective Kaizen Why 5 times

  10. ,FZGBDUPSTUPTVDDFFE4)*'5-&'5 MUTUAL UNDERSTANDING BUSINESS GOAL & RISKS KEEP UP TO

    DATE

  11. WASFORUM.jp

  12. None

  13. Hardening Project

  14. None
  15. None

  16. Started

  17. Spy comes…

  18. Attackers

  19. Attackers are very good at collaboration

  20. Incident response

  21. Marketplace

  22. None

  23. SCORE BOARD

  24. 8-hour competition

  25. None

  26. Softening Day

  27. presentations

  28. Hardening DX

  29. “Kuromame 6”

  30. None

  31. Summary: Key Success factors of SHIFT-LEFT MUTUAL UNDERSTANDING BUSINESS GOAL

    & RISKS KEEP UP TO DATE

  32. My idea – “proactive controls” Be a guardrails. Discuss the

    most effective fixing points and timing Study their languages and environments Update frequently and show flexibility Give reasonable countermeasures, even if it is “plan-B” Teach how developers can check findings by themselves. Have the common goal and Praise their success Have good experience to collaborate with different roles. Join OWASP

  33. #シフトレフト powered by OWASP For your photo! #shiftleft