What is DevSecOps?
HTML-код
- Опубликовано: 4 июл 2024
- What is DevSecOps? As teams adopt Continuous Delivery, DevOps, CI/CD for software development, being able to create systems that are safe and secure at speed, with great feedback and with high-quality becomes ever more important.
Using software engineering disciplines like Continuous Delivery to help improve software design is centred around creating a reliable and repeatable approach to delivering change. If you have security concerns that define the releasability of your systems, how can you employ these proven techniques that allow us to create “Better Software, Faster” to ensure that the security of your systems is not only not compromised, but improved.
In this episode Dave Farley leads us through an introduction to the ideas of DevSecOps, a kind of DevSecOps for beginners, and positions it in the broader context of Continuous Delivery, to help even experts see how to position DevSecOps and where to focus.
-----------------------------------------------------------------------------
📚 BOOKS:
📖 Dave’s NEW BOOK "Modern Software Engineering" is now available on
Amazon ➡️ amzn.to/3DwdwT3
In this book, Dave brings together his ideas and proven techniques to describe a durable, coherent and foundational approach to effective software development, for programmers, managers and technical leads, at all levels of experience.
📖 "Continuous Delivery Pipelines" by Dave Farley
paperback ➡️ amzn.to/3gIULlA
ebook version ➡️ leanpub.com/cd-pipelines
📖 The original award-winning “Continuous Delivery" book by Dave Farley and Jez Humble
➡️ amzn.to/2WxRYmx
-----------------------------------------------------------------------------
Keep up to date with the latest discussions, free "How To..." guides, events and online courses through our email alerts! Follow the link for the details ➡️ bit.ly/MailListCD
Interested in Dave Farley's online DevOps and CD training courses? You can find more information here ➡️ bit.ly/DFTraining
---------------------------------------------------------------------------------------
Continuous Delivery Ltd. ➡️ bit.ly/ContinuousDeliveryDF
Dave Farley's Blog ➡️ bit.ly/DaveFWebBlog
Dave Farley on Twitter ➡️ bit.ly/DaveFTwitter
Dave Farley on LinkedIn ➡️ bit.ly/DaveF-LI
-------------------------------------------------------------------------
Other Useful Books on this topic:
(Please note, if you buy a book from these links I get a small fee, without increasing the cost to you)
Test Driven Development: By Example (The Addison-Wesley Signature Series), Kent Beck ➡️ amzn.to/2NcqgGh
Infrastructure As Code, Keif Morris ➡️ amzn.to/2z39kPr
Fifty Quick Ideas to Improve Your User Stories - Gojko Adzic ➡️ amzn.to/3jXM481 
Наука
Great introduction to the subject Dave! 👍 Looking forward to the regulation and compliance episode 🚀
Yes, there is so much territory to cover, which I guess is a good thing. :)
Extremely informative video, I’ll be looking at more of your videos as well.
Welcome aboard!
Thank you for that clear explanation!
You are welcome!
I think it's hard to automate security testing fully. Automated tools give lots of false positivies while missing many vulnerabilities and then are not good at finding logical flaws. Often vulnerabilities occurs when different systems are integrated with each other and assumptions made in one component no longer holds true in another new context. You can automate a lot but the question is then whether you are after a secure system or tests that are passing. A good penetration tester performing semi automated testing, where the tester drives and uses tools, can go a lot deeper and find bugs that would otherwise not have been discovered.
I think that you said two things here, one is that a good pen-tester will bring valuable expertise - I agree. But then I think that you confused that expertise and finding holes with our ability to automate. What we did when we built our exchange was to have regular pen-testing, and we'd allocate devs to help the pen-testers, but also learn from what they did and what they found. We'd then automate to test for any gaps that we had missed, building on the expertise of the pen-testers, but also strengthening our regression testing.
So I think that they can supplement one another. There are lots of other forms of security testing beyond pen-testing that also help.
I agree with everything Dave is saying but nothing says swift feedback like an hour long sast scan, followed by a sca scan, followed by a dast scan, followed by a [insert security tool]...
Download Full Practice Exam Material Here: www.validexamdumps.com/peoplecert/devsecops-dumps
I recently passed the PeopleCert DevSecOps exam and I learned many things along the way. Hopefully these suggestions will help you succeed with your exam.