We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Catching Commits to Secure Infrastructure as Code • Rosemary Wang • GOTO 2023
Catching Commits to Secure Infrastructure as Code: A Hybrid Approach with Static and Dynamic Analysis for Improved Security
- Static analysis and dynamic analysis are both necessary for secure infrastructure as code.
- Static analysis is better for enforcement of secure practices, such as input validation and attribute validation.
- Dynamic analysis is better for network auditing, vulnerability scanning, and continuous validation.
- Continuous validation is a newer concept that involves continuously checking infrastructure as code for security vulnerabilities.
- Input validation is crucial for ensuring that user input is properly validated and sanitized.
- Attribute validation is necessary for ensuring that attributes are properly validated and sanitized.
- Dynamic analysis can help detect drift, which is when infrastructure configuration drifts from its intended state.
- Infrastructure as code tools, such as Terraform, can be used to enforce secure practices and detect drift.
- Static analysis can be used to identify potential security issues before they are deployed to production.
- Dynamic analysis can be used to detect security issues that are not caught by static analysis.
- Secure infrastructure as code requires a combination of static analysis and dynamic analysis.
- Dynamic analysis can be used to continuously monitor infrastructure as code for security vulnerabilities.
- Static analysis can be used to enforce secure practices, such as input validation and attribute validation.
- Infrastructure as code tools can be used to enforce secure practices and detect drift.
- Continuous validation can help detect security vulnerabilities before they are deployed to production.
- Dynamic analysis can be used to detect security issues that are not caught by static analysis.
- Secure infrastructure as code requires a combination of static analysis and dynamic analysis.
- Infrastructure as code tools can be used to enforce secure practices and detect drift.
- Continuous validation can help detect security vulnerabilities before they are deployed to production.