SESSION ID: LAB3-T11 DevSecOps Workshop with GitHub Actions and Azure! Tanya Janca Security Training & Coach SheHacksPurple.dev @SheHacksPurple #RSAC #RSAC What are we going to learn today? #RSAC What are we going to learn today? #RSAC What is ‘DevSecOps’? #RSAC What are we going to use to learn? #RSAC What are we going to use to learn? #RSAC What are we going to use to learn? #RSAC What are we going to do in this workshop? Potential Security Verifications INSIDE the Pipeline SCA – Software Composition Analysis SAST – Static Application Security Testing DAST – Dynamic Application Security Testing Infrastructure Scans Encryption Hygiene (HTTP and TLS) Credential/Secret Scanning Linting @SheHacksPurple 9 #RSAC Potential Security Verifications OUTSIDE the Pipeline Security Alerts from you code repository Negative Unit Testing Using a Secret Store IaST – Interactive Security Testing WAF – Web Application Firewall RASP – Real-Time Application Security Protection Vulnerability Management @SheHacksPurple 10 #RSAC Security Verifications we will cover today! Security Alerts from your Code Repository SCA – Software Composition Analysis Secret Scanning Force HTTPS Security Center (time permitting) @SheHacksPurple 11 #RSAC Workshop Participation Prerequisites #RSAC Azure Account or free trial (credit card required) A github account A laptop connected to the conference wifi Modern Web browser (FireFox / Chrome / Edge) Do not use your work Microsoft Azure Identity, make a new one Patience and a sense of humor. :-D @SheHacksPurple 12 #RSAC Pre-Req 1: Create Github Account https://github.com/join Pre-Req: Create Github Account 1. Create a username and password, then solve the puzzle to prove you are a human being 2. Select the Free Plan 3. You’re all set! @SheHacksPurple 14 #RSAC Step 1: Create Github Account @SheHacksPurple 15 #RSAC Step 2: Create Github Account @SheHacksPurple 16 #RSAC Step 3: Create Github Account: You’re All Set! @SheHacksPurple 17 #RSAC #RSAC Pre-Req 2: Create Azure Trial Pre-Req: Create Azure Trial #RSAC Pre-Req: Create Azure Trial 1. Go to https://azure.microsoft.com/en-us/free/ 2. Fill out the Information for you 3. You will need to receive a text and answer a code 4. You will need a credit card 5. Make sure you use the same email for Github, Azure and Azure DevOps. @SheHacksPurple 19 The Information is Personal, so no details here. @SheHacksPurple 20 #RSAC