Catching Commits to Secure Infrastructure as Code • Rosemary Wang • GOTO 2023
About this talk
This presentation was recorded at GOTO Chicago 2023. #GOTOcon #GOTOchgo https://gotochgo.com Rosemary Wang - Infra engineer, cloud explorer at HashiCorp RESOURCES https://github.com/joatmon08/hashicorp-stack-demoapp https://developer.hashicorp.com/terraform/tutorials/cloud-get-started/policy-quickstart https://www.openpolicyagent.org/docs/latest/terraform https://owasp.org Rosemary https://twitter.com/joatmon08 https://linkedin.com/in/rosemarywang https://github.com/joatmon08 https://joatmon08.github.io ABSTRACT How do you check for security requirements before you deploy your infrastructure? In this session, Rosemary will walk through how to use policy as code to provision and configure infrastructure with security in mind. From static analysis of infrastructure as code to dynamic analysis of running infrastructure, you'll dive into patterns, examples, and limitations of testing your infrastructure for security before you deploy. [...] TIMECODES 00:00 Intro 00:40 OWASP secure coding practices 01:26 What about infrastructure as code? 02:32 How do you write secure infrastructure as code? 06:15 Capture secure knowledge as tests 06:40 Demo 11:49 What commits to catch? 22:41 System configuration 27:18 Demo 34:21 There's more! 41:10 Demo 41:36 What's important? 43:45 Conclusion 44:44 Outro Download slides and read the full abstract here: https://gotochgo.com/2023/sessions/2585 RECOMMENDED BOOKS Rosemary Wang • Infrastructure as Code, Patterns and Practices • https://amzn.to/3TV8VoZ Scott Winkler • Terraform in Action • https://amzn.to/3Heip7b Mikael Krief • Terraform Cookbook • https://amzn.to/3SdJmhS https://twitter.com/GOTOcon https://www.linkedin.com/company/goto- https://www.instagram.com/goto_con https://www.facebook.com/GOTOConferences #InfrastructureAsCode #Infrastructure #CIPipeline #CICD #Security #OWASP #DynamicAnalysis #Testing #StaticAnalysis #Terraform #CyberSecurity #RosemaryWang Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Stay Updated
Get notified about new features and conference additions.
