or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
SubscribeSecure or Die,軟體交付的「安全」實踐
tags:
DevOpsDays Taipei 20189/1214:50~15:30Track A歡迎來到 DevOps Days 2018 共筆
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →共筆入口:https://hackmd.io/c/DevOpsDays2018
手機版請點選上方 按鈕展開議程列表。
在大會遇到任何問題都可以在下方的問題回報區中留言
大會問題與建議回報區
系統的安全性在一開始,就在你們需求或規格裡嗎?
以汽車為例:通常是功能先做出來,才考慮安全性。
軟體交付的安全實踐
設計
Threat Modeling:幫助你在系統設計初期找出可能的重大缺陷
Threat Modeling 四步驟
STRIDE Analysis
Reference (BIBLE): Threat Modeling, designing for security
編碼
Secure Coding Dojo
https://github.com/trendmicro/SecureCodingDojo
資安檢查清單(範例)
SANS
https://bit.ly/2JgHQsy
建置/測試
維運
補丁自動化
集中儲存並管理機密資訊
公司最期望的,就是踩到雷之後活下來的人能留下來..
fortify 價格很漂亮,一套要18x 萬
(問題)不知道DevOps (CI/CD)過程中, 是不是就需要加上弱點掃描相關項目(列在test case?)