AWS re:Inforce 2019: Build Security in CI/CD Pipelines for Effective Security Automation (SDD351-S)

preview_player
Показать описание
Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization.

Complete Title: AWS re:Inforce 2019: Build Security into CI/CD Pipelines for Effective Security Automation on AWS (SDD351-S)

Presenter(s):
- Ram Boreda, Palo Alto Networks
- Kevin Paige, Flexport
  1. Amazon Web Services
  2. AWS
  3. Amazon Web Services
  4. Cloud
  5. cloud computing
  6. AWS Cloud
Рекомендации по теме
AWS re:Inforce 2019: 0:46:33

AWS re:Inforce 2019: Build Security in CI/CD Pipelines for Effective Security Automation (SDD351-S)

AWS re:Inforce 2019: 0:09:18

AWS re:Inforce 2019: Build Security into Your Golden AMI Pipeline (DEM08)

AWS re:Inforce 2019: 0:28:43

AWS re:Inforce 2019: Building a Security Knowledge Management Platform for AWS (FND224)

AWS re:Inforce 2019: 0:42:35

AWS re:Inforce 2019: Build a Dashboard Using Serverless Security Analytics (SDD201)

AWS re:Inforce 2019: 0:48:05

AWS re:Inforce 2019: The Fundamentals of AWS Cloud Security (FND209-R)

AWS re:Inforce 2019: 0:47:19

AWS re:Inforce 2019: Automate Compliance Verification on AWS Using Provable Security (GRC301)

AWS re:Inforce 2019: 0:28:54

AWS re:Inforce 2019: Capital One Case Study: Addressing Compliance and Security within AWS (FND219)

AWS re:Inforce 2019: 0:30:24

AWS re:Inforce 2019: AWS Security Hub: Manage Security Alerts & Automate Compliance (DEM15)

AWS re:Inforce 2019: 0:27:48

AWS re:Inforce 2019: Build Anywhere; Secure Everywhere (DEM01-R)

AWS re:Inforce 2019 0:01:08

AWS re:Inforce 2019

AWS re:Inforce 2019: 0:25:26

AWS re:Inforce 2019: Pragmatic Container Security (DEM11-R)

AWS re:Inforce 2019: 0:51:31

AWS re:Inforce 2019: How to Act on Your Security & Compliance Alerts with AWS Security Hub (FND2...

AWS re:Inforce 2019: 0:57:23

AWS re:Inforce 2019: Pop the Hood: Using AWS Resources to Attest to Security of the Cloud (GRC310)

AWS re:Inforce 2019: 0:55:44

AWS re:Inforce 2019: Security at the Speed of Cloud: How You Can Do It Now (GRC304)

AWS re:Inforce 2022 0:36:41

AWS re:Inforce 2022 - Raise your security posture with CIS security controls and benchmarks (TDR203)

AWS re:Inforce 2019: 0:49:38

AWS re:Inforce 2019: How to Secure Your Active Directory Deployment on AWS (FND306-R)

AWS re:Inforce 2019: 0:37:59

AWS re:Inforce 2019: Protect Customer Privacy with AWS (GRC351)

AWS re:Inforce 2019: 0:27:07

AWS re:Inforce 2019: Best Practices for Privileged Access & Secrets Management in the Cloud (DEM...

AWS re:Inforce 2019: 0:39:47

AWS re:Inforce 2019: Build PCI SAQ A-EP-Compliant Serverless Service (GRC307)

AWS re:Inforce 2019: 0:54:34

AWS re:Inforce 2019: Leadership Session: Governance, Risk, and Compliance (GRC326-L)

AWS re:Inforce 2019: 0:52:41

AWS re:Inforce 2019: A Security-First Approach to Delivering End-User Computing Services (FND327)

AWS re:Inforce 2019: 0:40:36

AWS re:Inforce 2019: Enforcing Security Invariants with AWS Organizations (SDD314)

AWS re:Inforce 2019: 0:39:02

AWS re:Inforce 2019: Amazon SageMaker Model Development in a Highly Regulated Environment (SDD315)

AWS re:Inforce 2019: 0:47:16

AWS re:Inforce 2019: AWS Event Engineering at Scale (SEP329)

Комментарии
Автор

Actually the title is OK if you read till the end - "for Effective Security Automation". This plainly says "Outsource it to us by paying a subscription". I liked the playbook visualization in Demisto. Overall, no thumbs-up and no-thumbs down because I came for the first part of the title - build security in CI/CD pipelines and I did not see anything as to what kind of checks are performed under the covers. So, the moral of the story is: anything coming from an AWS Partner (APN) is a sales pitch, which is likely NOT what most people here cam to see.

georgesmith
Автор

If you want to minimize frictions for developers, don't ask them create Docker files. Have the DevOps guys build and secure the containers after the developers give them the dependencies. If they are not using the latest or most secure dependencies, then the build will fail and the developers will have to fix THE CODE, and NOT the Docker file. The core duties of developers ARE:
1. Build new features or enhance new ones - this is the most valuable part of their work for the customers
2. Fix bugs - also valuable but NOT as valuable as (1) because a minor problem with a feature still allows it to be used.

georgesmith
Автор

Overall the approach is wrong. Developers should not be building and securing containers, just application code. Their approach heavily puts the burden of maintaining Docker files on developers instead of automating the Docker file security completely. In this case, just upgrade curl behind the scenes updating the Dockerfile in the process. Also, say you had upgrade a version of a Spring JAR, then just upgrade it and if that breaks the code, the developers will be responsible for upgrading/fixing the code if the new version of the library affects the APIs in the JAR.

georgesmith
Автор

This was just a big advertisement. Right when you get to the meaty stuff, like drift protection; you just show some payed tool that solves everything. 🤦‍♂️

John-shreds
join shbcf.ru