Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman.

Published byMae Oliver Modified over 9 years ago

Similar presentations

Presentation on theme: "The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman."— Presentation transcript:

1 The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman

2 Introduction

3 Want to get better at security?

4 Improve your operations

5 Improve your developement

6 The Problem

7 Huge % of incidents revolve around operational or coding issues

8 Why?

9 People Are Bad At Repeatable Tasks!

10 Centralization, automation & testing can address this

11 Use APIs and existing ops/dev tools!

12 Chef, Puppet, etc

13 Compliance & Change Control

14 Configuration Drift AKA Variation is Evil

15 Key Management

16 Auto-Scaling

17 Auto-scanning on VM launch

18 INSTANCE=`ec2-run-instances $AMI -t $TYPE -k $KEY | grep i- | cut -f 2`; until [ $IP ]; do sleep 15; IP=`ec2-describe- instances $INSTANCE | grep i- | cut -f 17`; done ; curl -H "X- Requested-With: DM Automation" -u $USER:$PASS "https://qualysapi.qualys.com/msp/asset_ip.php?action=add &host_ips=$IP"; curl -H "X-Requested-With: DM Automation" -u $USER:$PASS "https://qualysapi.qualys.com/msp/scan.php?ip=$IP&save_r eport=yes"

19 Jenkins

20 Findbugs et al. http://findbugs.sourceforge.net/

21 Functional and Unit Testing

22 Positive and Negative Testing

23 Gauntlt https://github.com/thegauntlet/gauntlt

24 Auto-code/site scanning on commit

25 PUT https://sentinel.whitehatsec.com/api/vul n/retest/

26 A Little DevOps

27 Woodward: Code Changes & Complexity

28 APIs: REST vs SOAP

29 Future Directions & Resources

30 iControl & Space

31 IF-MAP

32 Security Automation List SecurityAutomata.Com

33 IAM SCIM/XACML

34 Conclusion

35 Any questions? David Mortman Chief Security Architect david.mortman@enstratus.com @mortman david.mortman@enstratus.com

Download ppt "The Defense RESTs: Automation and APIs for Better Security September 26, 2012 David Mortman."

Similar presentations

Devops – The Last Mile. Jay Flowers

Devops – The Last Mile. Jay Flowers
Real World Cloud Application Security

Real World Cloud Application Security
Xrootd and clouds Doug Benjamin Duke University. Introduction Cloud computing is here to stay – likely more than just Hype (Gartner Research Hype Cycle.

Xrootd and clouds Doug Benjamin Duke University. Introduction Cloud computing is here to stay – likely more than just Hype (Gartner Research Hype Cycle.
DevOps: Why you should care Bruce Vincent Senior Technology Strategist and IT Architect.

DevOps: Why you should care Bruce Vincent Senior Technology Strategist and IT Architect.
Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.
Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.

Ken Birman. Massive data centers We’ve discussed the emergence of massive data centers associated with web applications and cloud computing Generally.
Open an internet browser such as internet explorer.

Open an internet browser such as internet explorer.
USING CI & CD WITH MICROSOFT SQL SERVER Tim Giorgi Senior Software Developer Northwest Evaluation

USING CI & CD WITH MICROSOFT SQL SERVER Tim Giorgi Senior Software Developer Northwest Evaluation
Architecture overview 6/03/12 F. Desprez - ISC Cloud Context : Development of a toolbox for deploying application services providers with a hierarchical.

Architecture overview 6/03/12 F. Desprez - ISC Cloud Context : Development of a toolbox for deploying application services providers with a hierarchical.
Getting Started with Oracle Compute Cloud

Getting Started with Oracle Compute Cloud
Security Design for IEEE P1687

Security Design for IEEE P1687
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
GMOD in the Cloud Genome Informatics November 3, 2011 Scott Cain GMOD Project Coordinator Ontario Institute for Cancer Research

GMOD in the Cloud Genome Informatics November 3, 2011 Scott Cain GMOD Project Coordinator Ontario Institute for Cancer Research
AUTO- CONFIGURATION IN CLOUD 1. Why we need automate something? What we need to automate? How we can do that? Scripting languages vs Frameworks Most popular.

AUTO- CONFIGURATION IN CLOUD 1. Why we need automate something? What we need to automate? How we can do that? Scripting languages vs Frameworks Most popular.
Improve the Development Process with a DevOps practices Vadym Fedorov.

Improve the Development Process with a DevOps practices Vadym Fedorov.
Web Application Security Testing Automation.. Copyright © 2008 Deloitte Touche Tohmatsu. All rights reserved.1 What types of automated testing are there?

Web Application Security Testing Automation.. Copyright © 2008 Deloitte Touche Tohmatsu. All rights reserved.1 What types of automated testing are there?
Cloud Computing Instructor: Pankaj Mehra Teaching Assistant: Raghav Gautam Lec. 5 April 22, 2010 ISM 158.

Cloud Computing Instructor: Pankaj Mehra Teaching Assistant: Raghav Gautam Lec. 5 April 22, 2010 ISM 158.
Gems, Snakes and Amazon forests by Serhii Borysov 7/6/2013.

Gems, Snakes and Amazon forests by Serhii Borysov 7/6/2013.
Extending & Customizing XNAT with Modules Rick Herrick

Extending & Customizing XNAT with Modules Rick Herrick
Deconstructing API Security

Deconstructing API Security

Similar presentations

Ads by Google