The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman.

Slides:

Advertisements

Similar presentations

Devops – The Last Mile. Jay Flowers

Advertisements

Real World Cloud Application Security

Xrootd and clouds Doug Benjamin Duke University. Introduction Cloud computing is here to stay – likely more than just Hype (Gartner Research Hype Cycle.

DevOps: Why you should care Bruce Vincent Senior Technology Strategist and IT Architect.

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.

Open an internet browser such as internet explorer.

USING CI & CD WITH MICROSOFT SQL SERVER Tim Giorgi Senior Software Developer Northwest Evaluation

Architecture overview 6/03/12 F. Desprez - ISC Cloud Context : Development of a toolbox for deploying application services providers with a hierarchical.

Getting Started with Oracle Compute Cloud

Security Design for IEEE P1687

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

GMOD in the Cloud Genome Informatics November 3, 2011 Scott Cain GMOD Project Coordinator Ontario Institute for Cancer Research

AUTO- CONFIGURATION IN CLOUD 1. Why we need automate something? What we need to automate? How we can do that? Scripting languages vs Frameworks Most popular.

Improve the Development Process with a DevOps practices Vadym Fedorov.

Web Application Security Testing Automation.. Copyright © 2008 Deloitte Touche Tohmatsu. All rights reserved.1 What types of automated testing are there?

Cloud Computing Instructor: Pankaj Mehra Teaching Assistant: Raghav Gautam Lec. 5 April 22, 2010 ISM 158.

Gems, Snakes and Amazon forests by Serhii Borysov 7/6/2013.

Extending & Customizing XNAT with Modules Rick Herrick

Deconstructing API Security

Optimal Pipeline Using Perforce, Jenkins & Puppet Nitin Pathak Works on

Ethical Hacking License to hack. OVERVIEW Ethical Hacking ? Why do ethical hackers hack? Ethical Hacking - Process Reporting Keeping It Legal.

Technology Startups. Introduction Tech startups have become a major part of our life and economy Most likely many will be working for or starting their.

Improving System Availability in Distributed Environments Sam Malek with Marija Mikic-Rakic Nels.

Chef – On Windows? And Azure? Steven Murawski

TICKETMASTER CULTURE EATS STRATEGY FOR

Alfresco on Azure Shah Rahman Founder and CEO, CloudlyIO.

Information Initiative Center, Hokkaido University North 11, West 5, Sapporo , Japan Tel, Fax: General.

Configuration Services at CERN HEPiX fall Ben Jones, HEPiX Fall 2014.

Bringing Order to the Chaos Understanding Configuration Management Steven Murawski

Devops Kris Buytaert. ● I used to be a Dev, ● Then Became an Op ● Senior Linux and Open Source ● „Infrastructure Architect“ ● Building.

Auto-scaling Services on Amazon EC2. Auto-scaling of Services (1/2) Write the service, deploy it on the cloud, and it simply scales Simply store the state.

ALM Deployment Pipeline Implementation. Create a Repeatable, Reliable Process for Releasing Software. Automate Almost Everything Keep Everything in Version.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.

If it’s not automated, it’s broken!

Rapid Launch Workshop ©CC BY-SA.

Building ARM IaaS Application Environment

Joonas Sirén, Technology Architect, Emerging Technologies Accenture

Don’t Forget Security When Delivering Software

DEVOPS from BUZZ to FIZZ

4/24/ :07 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

ONAP Installation Eric Debeau, Orange

Infrastructure Orchestration to Optimize Testing

Footprinting (definition 1)

Secure DevOps for Government in MOC

SNOW ONLINE TRAINING IN HYDERABAD

Acutelearn Best Devops Online Training in Hyderabad Classroom Training Instructor led trainings at Acutelearn premises Corporate Training Custom tailored.

AWS DevOps Engineer - Professional dumps.html Exam Code Exam Name.

Where can I download Aws Devops Engineer Professional Exam Study Material - Get Updated Aws Devops Engineer Professional Braindumps Dumps4downlaod.us

Get Amazon AWS-DevOps-Engineer-Professional Exam Real Questions - Amazon AWS-DevOps-Engineer-Professional Dumps Realexamdumps.com

Microsoft Connect /7/ :48 PM

DevOps Fundamentals Configuration Management

"SessionTitle": "Infrastructure as Code"

Modern DevOps and security

AWS Boulder - Denver Meetup – January 2017

Release Management with Visual Studio Team Services

WCI evolve as organisms become more complex.

Putting the ‘Sec’ in DevSecOps

See your OpenStack Network Like Never Before

Cloud Computing.

Docker in AWS ECS.

Configuration management suite

Standardize Automate Protect Monitor team-based development

Can you put the symbols in?

White Box testing & Inspections

Title Introduction: Discussion & Conclusion: Methods & Results:

Objectives. Objectives Objectives Content Configure Microsoft Azure monitor.

Azure DevOps Simplified with Production Data

Dev-Sec-Ops Jose Alvarez DevSecOps Engineer & Evangelist

Thanks to our Sponsors Platinum Sponsor: Gold Sponsors:

Presentation transcript:

The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman

Introduction

Want to get better at security?

Improve your operations

Improve your developement

The Problem

Huge % of incidents revolve around operational or coding issues

Why?

People Are Bad At Repeatable Tasks!

Centralization, automation & testing can address this

Use APIs and existing ops/dev tools!

Chef, Puppet, etc

Compliance & Change Control

Configuration Drift AKA Variation is Evil

Key Management

Auto-Scaling

Auto-scanning on VM launch

INSTANCE=`ec2-run-instances $AMI -t $TYPE -k $KEY | grep i- | cut -f 2`; until [ $IP ]; do sleep 15; IP=`ec2-describe- instances $INSTANCE | grep i- | cut -f 17`; done ; curl -H "X- Requested-With: DM Automation" -u $USER:$PASS " &host_ips=$IP"; curl -H "X-Requested-With: DM Automation" -u $USER:$PASS " eport=yes"

Jenkins

Findbugs et al.

Functional and Unit Testing

Positive and Negative Testing

Gauntlt

Auto-code/site scanning on commit

PUT n/retest/

A Little DevOps

Woodward: Code Changes & Complexity

APIs: REST vs SOAP

Future Directions & Resources

iControl & Space

IF-MAP

Security Automation List SecurityAutomata.Com

IAM SCIM/XACML

Conclusion

Any questions? David Mortman Chief Security