From Catastrophe to Chaos in Production • Kelly Shortridge • GOTO 2021
About this talk
This presentation was recorded at GOTOpia Chaos Engineering Day 2021. #GOTOcon #GOTOpia http://gotopia.eu Kelly Shortridge - VP of Product Management & Product Strategy at Capsule8 @returnoriented4236 ABSTRACT We all know that production systems must be protected so we can realize value from the software we develop. What is less understood is the right way to keep production systems safe, because trying to prevent any and all badness is more of a prayer than a strategy. In this talk, we'll explore how security failure can manifest in prod systems and how Security Chaos Engineering presents a saner path. We'll cover why it's important to harness failure as a tool and a teacher, along with examples of security chaos experiments you can conduct on [...] TIMECODES 00:00 Intro 02:04 Failure in production 08:37 Example 1: Log files are deleted or tampered 09:04 Example 2: Changes to boot files, root cert stores or SSH keys 09:22 Example 3: Resource limits are disabled 10:01 Security Chaos Engineering in production 14:36 Example 1: Create & execute a new file in a container 15:15 Example 2: Inject program crashes 15:45 Example 3: Disable resource limits 16:23 Example 4: Disable access to DNS 16:58 Example 5: Time travel on host 17:35 Conclusion 18:32 Outro Read the full abstract here: https://gotopia.us/chaos-day-2021/sessions/1733/winning-at-security-whack-a-mole-with-security-chaos-engineering-security-and-chaos-engineering-a-novel-approach-to-crafting-secure-and-resilient-distributed-systems RECOMMENDED BOOKS Kelly Shortridge • Security Chaos Engineering • https://amzn.to/45rUwTL Nora Jones & Casey Rosenthal • Chaos Engineering • https://www.verica.io/book Nora Jones & Casey Rosenthal • Chaos Engineering • https://amzn.to/3hUmuAH Mikolaj Pawlikowski • Chaos Engineering • https://amzn.to/2SQ5Olf Russ Miles • Learning Chaos Engineering • https://amzn.to/3hCiUe8 Murphy, Beyer, Jones & Petoff • Site Reliability Engineering • https://amzn.to/2Vg6Mbr https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.facebook.com/GOTOConferences #ChaosEngineering #SRE #Security #SecurityChaosEngineering #Production #FailureInProduction #SCE #SSH #Container #DNS Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Stay Updated
Get notified about new features and conference additions.
