DevOpSec: Rapid Security in the Cloud with AWS and CIS
High performance teams are releasing software to production several times a day. This poses a challenge to Ops and infosec who need to have the confidence that these releases will not lead to a security breach in the infrastructure. DevOpSec or DevSecOps is a discipline where development, operations and security work collaboratively to achieve security compliance in agile teams. In this demonstration of our open source project, we show how we used DevOps and security best practices to achieve and test AWS infrastructure.
Outline/structure of the Session
- CIS benchmarks
- Code Walkthrough & Setup
- Integrating with your CI server
- Future roadmap
After attending this session, you will learn about CIS security benchmarks for AWS – the consensus based best practices for information security. You will learn of different strategies to automate security and make fast changes to production infrastructure with a high level of confidence. You will see how we achieved compliance on some of our engagements that involved cloud based infrastructure.
Developers, Testers, Security Auditers, Managers
schedule Submitted 6 months ago
People who liked this proposal, also liked:
Journey to the cloud - experiences in migrating an on-premise infrastructure to AWSMikhail Advani
schedule 6 months agoSold Out!
We recently migrated the infrastructure of a consumer electronics manufacturer's marketing website from their in-house data center to the cloud. With this talk I aims to share experiences of our team, challenges faced, gotcha's and innovative steps we took move 125 servers to the cloud in 6 months
Cloud Hosting - Amazon or Google? - A Case Study
With the advent of the cloud era and the multitude of cloud vendors, we wish to demonstrate a case study of a sample application hosted on two of the leading providers, Amazon and Google, and present our observations on various factors like cost, performance, reliability etc. in an attempt to guide the audience in making a decision in selecting their cloud service provider for their application.