Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/devops-ru/awesome-devsecops_ru

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)
https://github.com/devops-ru/awesome-devsecops_ru

List: awesome-devsecops_ru

awesome devsecops

Last synced: 24 days ago
JSON representation

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

Awesome Lists containing this project

README

        

# Awesome DevSecOps RU [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)

Подборка выступлений и публикаций на тему DevSecOps на русском и не только)

Предложения и вопросы по контенту пишите пожалуйста в [issues](https://github.com/devsecops-ru/awesome-devsecops_ru/issues)

А еще у нас есть [канал в телеграмме ヅ](https://t.me/devsecops_ru)

## Видео выступлений

* [Управление секретами при помощи Hashicorp Vault // Сергей Носков, Avito](https://youtu.be/klC4ssaPHZY), [DevOps Moscow meetup](https://www.meetup.com/DevOps-Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/upravlieniie-siekrietami-v-avito-pri-pomoshchi-hashicorp-vault)
* [Управление секретами при помощи Hashicorp Vault в Авито / Сергей Носков (Авито) (DevOpsConf Russia 2018)](https://youtu.be/oDdDPU6moTs)
* [Страх и ненависть DevSecOps // Шабалин Юрий, Swordfish Security](https://youtu.be/ROH636e7Rx8), [DevOps Moscow meetup](https://www.meetup.com/DevOps-Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/strakh-i-nienavist-devsecops)
* [Security Compliance & DevOps // Степан Носов, IPONWEB](https://youtu.be/BtFeWnR1xXE), [DevOps Moscow meetup](https://www.meetup.com/DevOps-Moscow-in-Russian/), [слайды](https://speakerdeck.com/devopsmoscow/security-compliance-and-devops)
* [Безопасность в Kubernetes (Дмитрий Лазаренко, Mail.Ru Cloud Solutions) / ♥ Kubernetes meetup](https://youtu.be/62XWgBIYnJ8)
* [Practical steps for securing your container deployment, Liz Rice, Aqua Security](https://youtu.be/WSiCZ6v35gw), [страница доклада на DevOops 2018](https://2018.devoops.ru/2018/spb/talks/2yl4oqifo4oqqmwwgwg4as/)
* [Modern security with microservices and the cloud, Seth Vargo, Google](https://youtu.be/Qx2N6EDIIow), [страница доклада на DevOops 2018](https://2018.devoops.ru/2018/spb/talks/14ss0jq4v8ci4ekuoewew6/)
* [Мониторинг безопасности сайтов / Григорий Земсков (Ревизиум) (РИТ++2018, RootConf)](https://youtu.be/NbN_uOxRHOo)
* [Enabling shift-left for 12k banking developers from scratch (DevSecCon London 2018)](https://youtu.be/6IRz6F5Y4Zo?list=PLZN13UbkqPfWNy4WUd0UuWYCss69n7A10)
* [Maginot Line - 6 Common AppSec Anti-Patterns Preventing your Success (DevSecCon Singapore 2018)](https://youtu.be/u0tUea0Cbdc?list=PLZN13UbkqPfUmt4IZmoTWcbou-oxUivoV)

## Статьи

* [Безопасность internal сервисов, Всеволод Поляков](https://dvps.blog/biezopasnost-internal-siervisov)
* A guide to automating HashiCorp Vault from Gruntwork [1](https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-1-auto-unsealing-b219970f02c6), [2](https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-2-authenticating-with-instance-metadata-c3f9eaeaba53), [3](https://blog.gruntwork.io/a-guide-to-automating-hashicorp-vault-3-authenticating-with-an-iam-user-or-role-a3203a3ee088)
* [TLDR Безопасность разработки в Agile проектах](https://medium.com/some-tldrs-ru/tldr-безопасность-разработки-в-agile-проектах-f53f55298231)
* [What Your Kubernetes Security Checklist Might Be Missing by Jim Bugwadia from Nirmata](https://thenewstack.io/what-your-kubernetes-security-checklist-might-be-missing/)
* [A continuation of devops: policy as code by Gareth Rushgrove, QCon London 2019](https://speakerdeck.com/garethr/a-continuation-of-devops-policy-as-code)
* [CONTINUOUS SECURITY IN THE DEVOPS WORLD by JULIEN VEHENT from MOZILLA SECURITY](https://jvehent.github.io/continuous-security-talk/#/)
* [Саммари “Unit Testing Your Kubernetes Configurations Using Open Policy Agent — Gareth Rushgrove”, KubeCon + CloudNativeCon Europe 2019](https://medium.com/@Nklya/summary-unit-testing-your-kubernetes-configurations-using-open-policy-agent-gareth-rushgrove-81c3e6e15a91)
* [Software Security Field Guide for the Bewildered от Ian Miell](https://zwischenzugs.com/2019/09/22/software-security-field-guide-for-the-bewildered/)
* [The Path Less Traveled: Abusing Kubernetes Defaults, Black Hat USA 2019](https://speakerdeck.com/iancoldwater/the-path-less-traveled-abusing-kubernetes-defaults)
* Серия статей про безопасность Docker от Swordfish Security:
* [Безопасность Docker](https://swordfishsecurity.ru/blog/docker_security)
* [Обзор утилит безопасности Docker](https://swordfishsecurity.ru/blog/obzor-utilit-bezopasnosti-docker)
* [Способы и примеры внедрения утилит для проверки безопасности Docker](https://swordfishsecurity.ru/docker-security-scanning-examples)
* [Репозиторий с примерами из статей](https://github.com/Swordfish-Security/docker_cicd/)

## Обучение, курсы

* [Платформа для изучения HashiCorp Vaut](https://learn.hashicorp.com/vault/)
* [Крутая подборка небольших описаний методологий разработки](https://www.developmentthatpays.com/cheatsheets). Скидывайте вашим коллегам, если они не в теме)
* [Security in Google Cloud Platform Specialization (Coursera)](https://www.coursera.org/specializations/security-google-cloud-platform/)

## Книги

* [Безопасность разработки в Agile проектах](https://dmkpress.com/catalog/computer/securuty/978-5-97060-648-3/)

## Best practices

* [The Early Security Engineer’s First 90 Days Checklist](https://www.sqreen.com/checklists/security-engineer-checklist)
* [AWS Security Best Practices](https://www.sqreen.com/resources/aws-security-best-practices)
* [10 Docker Image Security Best Practices](https://snyk.io/blog/10-docker-image-security-best-practices/)

## Безопасность облачных платформ (Clouds)

### Amazon Web Services (AWS)

* [AWS re:Invent 2017: Making the Shift from DevOps to Practical DevSecOps (ABD337)](https://youtu.be/BAsLEsEVThM)
* [DevOps and Cyber Security in AWS (DevSecOps)](https://medium.com/@block_matrix/devops-and-cyber-security-in-aws-devsecops-711a11bf8e7)

### Google Cloud Platform (GCP)

* [8 Google Cloud Security Best Practices](https://blog.paloaltonetworks.com/2019/04/8-google-cloud-security-best-practices/)
* [A Security Practitioners Guide to Best Practice GCP Security (Cloud Next '18)](https://youtu.be/ZQHoC0cR6Qw)
* [Best Practices for Privacy and Security in GCE (Cloud Next '19)](https://youtu.be/qDyjE1fIqkk)

## Разное

* [Linux logs data sources (for Information Security purposes). Links to appropriate Splunk Apps are available as well](https://docs.google.com/spreadsheets/d/1ccXuv4KZ1ndNFKwNuXpTgvgMgvQ16joUI408v232a9I) by [Rustam Abdullin](https://www.linkedin.com/in/rustam-abdullin-11010635/)
* [DevSec Hardening Framework](https://dev-sec.io)
* [Secure DevOps Practices poster](https://www.sans.org/security-resources/posters/secure-devops-practices/175/download)