Catching Commits to Secure Infrastructure as Code • Rosemary Wang • GOTO 2023

Security

Catching Commits to Secure Infrastructure as Code: A Hybrid Approach with Static and Dynamic Analysis for Improved Security

Key takeaways
  • Static analysis and dynamic analysis are both necessary for secure infrastructure as code.
  • Static analysis is better for enforcement of secure practices, such as input validation and attribute validation.
  • Dynamic analysis is better for network auditing, vulnerability scanning, and continuous validation.
  • Continuous validation is a newer concept that involves continuously checking infrastructure as code for security vulnerabilities.
  • Input validation is crucial for ensuring that user input is properly validated and sanitized.
  • Attribute validation is necessary for ensuring that attributes are properly validated and sanitized.
  • Dynamic analysis can help detect drift, which is when infrastructure configuration drifts from its intended state.
  • Infrastructure as code tools, such as Terraform, can be used to enforce secure practices and detect drift.
  • Static analysis can be used to identify potential security issues before they are deployed to production.
  • Dynamic analysis can be used to detect security issues that are not caught by static analysis.
  • Secure infrastructure as code requires a combination of static analysis and dynamic analysis.
  • Dynamic analysis can be used to continuously monitor infrastructure as code for security vulnerabilities.
  • Static analysis can be used to enforce secure practices, such as input validation and attribute validation.
  • Infrastructure as code tools can be used to enforce secure practices and detect drift.
  • Continuous validation can help detect security vulnerabilities before they are deployed to production.
  • Dynamic analysis can be used to detect security issues that are not caught by static analysis.
  • Secure infrastructure as code requires a combination of static analysis and dynamic analysis.
  • Infrastructure as code tools can be used to enforce secure practices and detect drift.
  • Continuous validation can help detect security vulnerabilities before they are deployed to production.

More talks

India Kerle, Liz Gallagher, and Jack Vines - Building a skills extraction library using NLP tools

Forward Focus: Perspectives on AI, Hype, and Security

How to move a highly critical system and 60k machines in the cloud (Keynote)

Platform Engineering on Kubernetes • Mauricio Salatino & Thomas Vitale • GOTO 2023

DjangoCon Europe 2023 | The Inevitable Tech Incident: The Lessons We Just Can't Seem to Learn

Attackers want your data and they're getting it from your API - Tim Bond

Back to the Future of Hypermedia in Django

Adam Števko - Journey to Securing the Cloud: Detecting and Fixing Misconfigurations at Datadog