この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。
I attended re-invent:2022 in Las Vegas and had a great opportunity to connect with AWS developers and attend the sessions they offered. Here is one of the sessions on DevSecOps.
About session:
- Title
- Best prcatices for Securing your software delivery lifecycle
- Speakers
-
James Bland, Global Tech Lead - DevOps, AWSCurtis Rissi, Principal Specialist Solutions Architect, AWS
-
- session information
- Format: Breakout Session
- Level: 300 - Advanced
Overview:
In this session, learn about ways you can secure your CI/CD pipeline on AWS. Review topics like security of the pipeline versus security in the pipeline, ways to incorporate security checkpoints across various pipeline stages, security event management, and aggregating vulnerability findings into a single pane of glass. Also discuss best practices, processes, and tools that can improve an organization’s ability to deliver applications and services in a secure manner.
Session Report:
There are several best practices for protecting the software delivery lifecycle to ensure the security and integrity of software and systems. James and Curtis Shared There Advices For The Same Using AWS and 3rd party tools.
They also shared Threats and how to mitigate them.
DevSecOps is a philosophies, practices and Tools combination build with the SDLC That help is in preventing and mitigating Attacks and Keep your Complete System Secure from current and future attacks.
1. Secure coding practices. This involves training developers to write secure, vulnerability-free code and providing them with the tools and resources they need to do so.
2. Conducting regular security testing. This involves using a variety of tools and techniques to identify software vulnerabilities and address them before they can be exploited.
3. Implement a secure code review process.
4. Secure the codebase and repository. Implement measures such as strong authentication and access control to prevent unauthorized access to the codebase and repository Store the Codeartifacts and have the backups.
5. Integrate security into the entire software development process. Security is to be emphasized throughout the entire software development lifecycle, from design and development to testing and deployment.
Overall, the key to securing the software delivery lifecycle is to prioritize security and make it an integral part of the development process. Implementing these best practices will help ensure the security and integrity of your software and systems.
Takeaway:
In this session, attendees learned how to implement security at each phase of the software delivery lifecycle. James also pointed out that in today's world, bad actors are not trying to attack through the main door that we are preventing with IPS and IDS, but are finding other ways to crack systems.
I encourage everyone to watch this session to learn how each tool works for specific best practices and to be able to configure them.
2
