Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Safeguarding the integrity of your code for fast, secure deployments - SVC301 - Chicago AWS Summit

138 views

Published on

For companies that employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, you learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology for ensuring the speed, stability, and security of your applications.

  • Be the first to comment

  • Be the first to like this

Safeguarding the integrity of your code for fast, secure deployments - SVC301 - Chicago AWS Summit

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Safeguarding the integrity of your code for fast, secure deployments Benjamin Andrew Global Lead, Security & Network Infrastructure AWS Marketplace S V C 3 0 1
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Quick Get the software you need in minutes with just a few clicks or use the 1-Click deployment option. Software in AWS Marketplace is ready to run on Amazon Web Services (AWS). Pay as you go Pay only for what you use through various payment options and receive discounts on longer or custom terms. All charges from AWS Marketplace are consolidated into one bill from AWS. Verified All software in AWS Marketplace is continuously scanned to ensure reliability. AWS Marketplace Acurated digital software catalog that helps you find,buy,test, and deploysoftware
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A growing digital software catalog • AWS Marketplace offers 39 software categories • More than 4,800 software listings • More than 1,400 ISVs (independent software vendors) • More than 230,000 active customers • More than 1 million current subscriptions • AWS customers use over 650 million hours a month of Amazon Elastic Compute Cloud (Amazon EC2) for AWS Marketplace products • AWS Marketplace is available in 18 AWS Regions • Flexible consumption and contract models • Easy and secure deployment, almost instantly • One consolidated bill • Always evolving
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Operating systems SIEMStorage BIDatabase DevOpsNetworking Eight popular categories most often provisioned Security
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security in the cloud Identify Security fundamentally anchors on having sufficient knowledge of your world Protect The best defense is an offense Detect However, one must “assume breach” and have a strong defense Knowing and being able to act swiftly is key in the cloud Respond/recover
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.6 Why DevSecOps? Business imperatives Competing forces Development Build it faster Operations Keep it stable Security Make it secure D e v O p s Build Test Distribute Monitor Developers Users D e v S e c O p s Build Test Distribute Monitor Developers Users Security
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Speed! Collaboration! Automation! Waterfall Agile DevOps
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security and compliance of the code in the pipeline Precommit Commit Acceptance Deploy  Continuous compliance → Threat modeling Initial SAST inside IDE Code review “Break the build“ Compile/build checks SCA Container security Additional SAST Unit test Secure infra build Functional testing SCA DAST Unit testing Security attacks Deep SAST Fuzzing, pen tests Provision runtime environment Config management RASP Security Compliance CI/CD
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security and compliance of the code in the pipeline Precommit Threat modeling Initial SAST inside IDE Code review Security Compliance CI/CD
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Static analysis security testing (SAST) in IDE What it is: Automatically analyzes code for security early without slowing down development Why it’s important: Introduces code analysis as “far left” as possible Why it’s critical to security: Catches vulnerabilities at the first point they can enter the application pipeline to reduce significant impacts
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendor highlight: Veracode Greenlight
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security and compliance of the code in the pipeline Commit “Break the build“ Compile/build checks SCA Container security Additional SAST Unit test Security Compliance CI/CD Precommit Commit Acceptance Deploy
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Software composition analysis (SCA) What it is: Vulnerability scanning tool for open source Why it’s important: Most static analysis tools aren’t relevant for open source Why it’s critical to security: Reduces the threat of vulnerabilities from dependencies on open-source components
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendor highlight: WhiteSource
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T WhiteSource SaaS in AWS Marketplace
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Container vulnerability analysis (CVA) What it is: Vulnerability scanning tools that specifically target containers Why it’s important: Security needs to be tailored to containerized applications Why it’s critical to security: A vulnerability in one container can spread to others without isolation between containers
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendor highlight: Aqua
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Aqua SaaS in AWS Marketplace
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendor highlight: Veracode
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security and compliance of the code in the pipeline Acceptance Secure infra build Functional testing SCA DAST Unit testing Security attacks Deep SAST Fuzzing, pen tests Security Compliance CI/CD Precommit Commit Acceptance Deploy
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Dynamic analysis security testing (DAST) What it is: Tests web applications for exposed HTTP and HTML interfaces while they are running Why it’s important: Dynamic, for running applications, vulnerability scanning in testing, staging, and production Why it’s critical to security: Looks for a broad range of vulnerabilities, such as input/output validation issues leading to cross-site scripting (XSS) or SQL injection
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendor highlight: Qualys Web Application Scanner
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Qualys Web Application Scanning SaaS in AWS Marketplace
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security and compliance of the code in the pipeline Provision runtime environment Config management RASP Security Compliance CI/CD Precommit Commit Acceptance Deploy
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Runtime application self-protection (RASP) What it is: Controls execution and prevents real-time attacks in application runtime environment. Why it’s important: Targets application code security at runtime (powerful addition to a WAF). Why it’s critical to security: Protects against OWASP top runtime threats. Can capture zero- day vulnerabilities.
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendor highlight: Prevoty
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Prevoty AMI in AWS Marketplace
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security and compliance of the code in the pipeline  Continuous compliance → Security Compliance CI/CD Precommit Commit Acceptance Deploy
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Continuous compliance What it is: Automate the compliance of your *infrastructure* code Why it’s important: Ensure regulatory compliance Why it’s critical to security: Secure application code can run on compliant/ safe infrastructure
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendor highlight: Dome9
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Dome9 in AWS Marketplace
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Making DevOps Sec-friendly
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Customize the way you provision software Find Machine learning Containers Networking Security Storage DevOps Database Operating systems BI and big data From a breadth of categories: Buy Free trial Pay as you go Hourly Monthly Annual and multi-year Bring your own license (BYOL) Seller private offers Through flexible pricing options: Deploy Amazon Elastic Container Services (Amazon ECS) Amazon Elastic Container Services for Kubernetes (Amazon EKS) Amazon Machine Image (AMI) Application program interface (API) Amazon SageMaker AWS Fargate AWS CloudFormation template SaaS With multiple deployment options:
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T “The ability to deploy software instantaneously anywhere in the world means we’re able to scale immediately, and stretch or shrink the environment to accommodate our needs.” “Integrated billing on AWS Marketplace is very slick, very straightforward. One place, one dashboard where all my costs appear.” Why customers buy in AWS Marketplace Flexible consumption and contract models Easy and secure deployment, almost instantly Single, consolidated bill Speed, simplicity, and scalability “One benefit of the pay-as-you-go model is the ability to deploy anywhere without having to do a capital approval process to pay for infrastructure that may or may not be used.” —Rob Gillan, CTO, SimplePay —Briley James Yetter, Director of Technology, Goodwill Industries —Richard Williams, Sr. Engineer, MakerBot
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Benjamin Andrew Global Lead Security, Networking & DevSecOps AWS Marketplace benand@amazon.com www.linkedin.com/in/benandrew

×