This presentation was recorded at GOTO Copenhagen 2021. #GOTOcon #GOTOcph
http://gotocph.com
Adam Such - Principal Solutions Architect for the Nordics region at Sonatype
ABSTRACT
Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important.
Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing [...]
TIMECODES
00:00 Intro
02:12 What you will learn
03:00 Why is there a new wave of cybersecurity attacks?
06:34 Where do vulnerabilities enter your supply chain?
12:37 Typosquatting
15:46 Namespace confusion
18:06 Malicious code injections
20:40 How to prevent future attacks?
22:30 8 Rules
31:20 Outro
Read the full abstract here:
https://gotocph.com/2021/sessions/1959/adapting-devops-in-a-world-of-growing-software-supply-chain-attacks
RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3
Forsgren, Humble & Kim • Accelerate: The Science of Lean Software and DevOps • https://amzn.to/3tCz1xO
John Arundel & Justin Domingus • Cloud Native DevOps with Kubernetes • https://amzn.to/3hKZvI5
Wynne, Hellesoy & Tooke • The Cucumber Book • https://amzn.to/3tEUINJ
Robert C. Myers • Essential Test-Driven Development • https://amzn.to/2Xc8ZWa
Roy Osherove • The Art of Unit Testing • https://bit.ly/3obiKNB
Eric Ries • The Lean Startup • https://amzn.to/396fOva
Ronnie Mitra & Irakli Nadareishvili • Microservices: Up and Running• https://amzn.to/3c4HmmL
https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#DevOps #FutureOfDevOps #Maven #npm #GoLang #NuGet #RubyGems #PyPl #CyberSecurity #Security #DevSecOps #Typosquatting #NamespaceConfusion #CodeInjectinos #MTTU
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
http://gotocph.com
Adam Such - Principal Solutions Architect for the Nordics region at Sonatype
ABSTRACT
Instinctively, we understand how critical this is, especially in a time of growing high profile attacks on software supply chains across the world - most recently Dependency Confusion, the Cloudflare and SolarWinds breach - embracing security as a development team has never been more important.
Done properly, DevSecOps practices shouldn’t interrupt the DevOps pipeline - but instead aid it - preventing costly rebuilds and build failures, down the road. By creating automated governance that is embedded early and throughout the software development lifecycle, developers have transparent access to digital guardrails integrated within our native tools — an approach that ensures security is being built in without slowing [...]
TIMECODES
00:00 Intro
02:12 What you will learn
03:00 Why is there a new wave of cybersecurity attacks?
06:34 Where do vulnerabilities enter your supply chain?
12:37 Typosquatting
15:46 Namespace confusion
18:06 Malicious code injections
20:40 How to prevent future attacks?
22:30 8 Rules
31:20 Outro
Read the full abstract here:
https://gotocph.com/2021/sessions/1959/adapting-devops-in-a-world-of-growing-software-supply-chain-attacks
RECOMMENDED BOOKS
Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf
Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz
Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC
Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3
Forsgren, Humble & Kim • Accelerate: The Science of Lean Software and DevOps • https://amzn.to/3tCz1xO
John Arundel & Justin Domingus • Cloud Native DevOps with Kubernetes • https://amzn.to/3hKZvI5
Wynne, Hellesoy & Tooke • The Cucumber Book • https://amzn.to/3tEUINJ
Robert C. Myers • Essential Test-Driven Development • https://amzn.to/2Xc8ZWa
Roy Osherove • The Art of Unit Testing • https://bit.ly/3obiKNB
Eric Ries • The Lean Startup • https://amzn.to/396fOva
Ronnie Mitra & Irakli Nadareishvili • Microservices: Up and Running• https://amzn.to/3c4HmmL
https://twitter.com/GOTOcon
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#DevOps #FutureOfDevOps #Maven #npm #GoLang #NuGet #RubyGems #PyPl #CyberSecurity #Security #DevSecOps #Typosquatting #NamespaceConfusion #CodeInjectinos #MTTU
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
- Category
- Management
Be the first to comment