DevSecOps Archives - Jean-Christoph von Oertzen

Event takeaways: BSidesMeSh21 – day 2

jean-christoph — Tue, 22 Jun 2021 16:05:01 +0000

My key takeaways 11 min from publishing credentials (accidently) to github till pwn 2019: ~200k credentials in Github ; 2021: +20% runtime secrets go to application secrets managers AWS Secrets Manager GCP Secrets Manager Hashicorp Vault Azure Vault InfoSec’s dirty little secret: We can’t know all the options, but we still need to help secure […]

The post Event takeaways: BSidesMeSh21 – day 2 appeared first on Jean-Christoph von Oertzen.

Event takeaways: BSidesMeSh21 – day 1

jean-christoph — Mon, 21 Jun 2021 16:34:29 +0000

My key takeaways Security in sprints vs whole security sprints? Smaller activities from the very beginning. It is not full time, but always ongoing. And maybe, if the situation is very tricky, entire sprints might be necessary, too. — Thomas Fricke Kubernetes does its best to be secure inside. Unfortunatly it is not configured so […]

The post Event takeaways: BSidesMeSh21 – day 1 appeared first on Jean-Christoph von Oertzen.

Workshop takeaways: Scaling Your Security Program with Semgrep

jean-christoph — Thu, 17 Jun 2021 18:16:49 +0000

My key takeaways Detecting the lack of using secure defaults is much easier then finding bugs "You can get amazing security wins if you can get a bit draconian about coding standards" Blue teams can win, if they outmaneuver attackers in the OODA loop: 👀 🧠 👍 💪 generic checks can provide a lot of […]

The post Workshop takeaways: Scaling Your Security Program with Semgrep appeared first on Jean-Christoph von Oertzen.