Episode 24: Putting The Sec Into DevOps

Episode 24 August 19, 2020 00:37:14
Episode 24: Putting The Sec Into DevOps
SilverLining IL
Episode 24: Putting The Sec Into DevOps
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Dima Revelis

Guest title: Senior Devops engineer

Company: MoonActive

Abstract

DevsecOps is accelerating fast as the new buzzword for modern information security practices. In this episode we use the expertise of Dima Revelis in order to dive deep into understanding DevOps practices, what is CI/ CD pipeline and which security tools are relevant for all of those new practices.

Timing:

0:00 - Introducing our guest

2:50 - What is devops

7:50 - What is deployment pipeline

14:20 - What is CI and which security testing can be implemented

17:20 - What is CD and which security consideration 

18:40 - Dive deeper into security testing - QA, code review, static & dynamic   analysis

20:45 - So much automation, do we still need manual testing? 

22:30 - Additional security aspects: using Jenkins, authentication and authorization, secret management

26:40 - Availability considerations and disaster recovery

33:30 - Summary and final words

Other Episodes

Episode 54

September 21, 2022 00:31:04
Episode Cover

SilverLining Episode 54: Threats on CI/CD pipeline

Guest: Guy Flechter Guest Title: CEO & Co-Founder at Cider Security Topic: Threats on CI/CD pipeline  Language: English   Abstract The main attraction point in cloud for most organizations is the ability to produce scalable and resilient applications - faster. One of the main foundations for that is the ability to create CI/CD pipelines that will automate the integration of new code to old code and the deployment of the code to the various testing and production environments. But as organizations continue to adopt CI/CD - there is an increasing number of attacks on the pipelines. In this episode we spoke with Guy Flechter, Co-founder and CEO at Cider Security - on CI/CD relevant threats and risks and incidents that happened in the past and things we can learn from them. ...

Listen

Episode 14

January 14, 2020 00:30:45
Episode Cover

Episode 14: DevOps Secret Management

Attendees Guest: Oded Hareven Guest title:  Founder & CEO Company:  A-Key-Less Abstract Application Secret management is becoming one of the biggest challenges for application security. With cloud, CI/CD and micro services architecture we discover that we are using a growing number of encryption keys, API keys, SSH keys tokens and connection strings. In this episode we talk with Oded HarEven, Founder at A-Key-Less about the challenges of secret management and the way to build secure secret management solution. Timing 0:00 Intro and introducing our guest 1:40 Application secret management  - defining what secret is, and what is secret management 6.00  Challenges with encryption keys  9:47   How to handle application secret management and encryption keys - requirements and best practices 12.25 Zero trust in key management - what does it mean and how to implement it 20:10 The process of integrating keys with cloud platform 25:35 A-Key-Less state of the market approach 27.35 Summary and conclusions ...

Listen

Episode 23

August 04, 2020 00:47:42
Episode Cover

Episode 23: Understanding Microsoft Cloud Security Pillars

Attendees Guest: Yoad Dvir Guest title: Security Lead, Central and Eastern Europe Company: Microsoft Abstract Microsoft security portfolio has been growing and diversifying in the last couple of years, adding more capabilities at various areas of information security. In order to better understand Microsoft strategy and offering, we talked with Yoad Dvir, Cyber Security Lead at Microsoft, about the Microsoft new security pillars:  Monitoring, Threat Protection and Information Protection. Timing:  0:00 - Introducing our guest 5:45  - Introducing Microsoft security strategy 12:50 - Security monitoring pillars - Azure monitor, Sentinel, Azure analytics and more 21:10 - Microsoft Threat Protection family - Cloudapp, O365 ATP, Defender ATP, Azure ATP 30:50 - diving deeper into Cloudapp 35:30 - Microsoft Information Protection  44:00 - summary and last words ...

Listen