I'm obsessed with the security of software, and mostly tweet about that.
she/her/woman/lady 
WoSEC!
U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
A threat of free resources for those wanting to get started with #DevSecOps but have no idea where to start.
DevSecOps: Securing Software in a DevOps World (outline of what DevSecOps can be)https://dzone.com/articles/devsecops-securing-software-in-a-devops-world …
Videos:
Explanation of what DevSecOps is and ideas for Security people to participate more: https://www.youtube.com/watch?v=otmF5KD15o4&list=PLI9RITMnVbyiMlx1GPx5zmfQFHtJNB617&index=5 …
DevSecOps pipeline demo: https://www.youtube.com/watch?v=i8i67HFrgUE&list=PLI9RITMnVbyiMlx1GPx5zmfQFHtJNB617 …
Explanation of what DevSecOps is and ideas for developers to participate more:https://www.youtube.com/watch?v=zQJ5dxCvniU&list=PLI9RITMnVbyiMlx1GPx5zmfQFHtJNB617&index=2 …
One more video:
What is AppSec:https://www.youtube.com/watch?v=PnfUSpBHKOI&list=PLI9RITMnVbyiMlx1GPx5zmfQFHtJNB617&index=17 …
DevSecOps, according to me (and several others such as @secfigo), is application security, adjusted for a DevOps environment.
And application security, is every effort you perform to ensure your software is secure.
Goals of any AppSec Program, according to me:
https://code.likeagirl.io/pushing-left-like-a-boss-part-9-an-appsec-program-7803b1d3eb3f …
A complete picture of all of your apps. Bonus: alerting, monitoring and logging of those apps.
Capability to find vulnerabilities in written code, running code, and 3rd party code.
Bonus: the ability to quickly release fixes for said issues
The knowledge to fix the vulnerabilities that you have found. Bonus: eliminating entire bug classes.
Education and reference materials for developers about security.
Bonus: an advocacy program, creating a security champion program, and repetitive re-enforcement of positive security culture.
Providing developers security tools to help them do better. Bonus: writing your own tools or libraries.
Having one or more security activities during each phase of your SDLC. Bonus: having security sprints or using the partnership model (assigned and/or embedding a security person to/within a project team).
Implementing useful and effective application security tooling.
Bonus: automating as much as possible to avoid errors and toil.
Having a trained incident response team that understands AppSec. Bonus: implementing tools to prevent and/or detect application security incidents, providing job-specific security training to all of IT.
Continuously improve your program based on metrics, experimentation and feedback from any and all stakeholders. All feedback is important.https://code.likeagirl.io/pushing-left-like-a-boss-part-9-an-appsec-program-7803b1d3eb3f …
To get you started, here are some guidelines I wrote, feel free to take what works for you: •Secure Design: https://code.likeagirl.io/pushing-left-like-a-boss-part-3-secure-design-16d729453afa … •Security Requirements: https://code.likeagirl.io/pushing-left-like-a-boss-part-2-security-requirements-a71b86f6dd3f … •Secure Coding Guideline -https://medium.com/@shehackspurple/pushing-left-like-a-boss-part-5-14-secure-coding-summary-a9335fff2cb3 …
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
