SlideShare a Scribd company logo

Adding Sec to DevOps Pipelines

Amazon Web Services
Amazon Web Services

The document describes a workshop on adding security to DevOps pipelines. It discusses building a CI/CD pipeline using AWS services like CodeCommit, CodeBuild, and CodePipeline. It then covers implementing security checks like static code analysis, vulnerability scanning with Amazon Inspector, and threat detection with Amazon GuardDuty. The workshop takes participants through hands-on exercises to build the pipeline and integrate various security checks at different stages.

1 of 35
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines Welcome to the Workshop and have a seat. Please visit http://bit.ly/2CVczI0 and follow the setup instructions to complete the pre-requisite for this workshop. If you need to create a new AWS account, visit http://bit.ly/2P45JHn
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines Adam McLean Solutions Developer Solutions Prototyping Aravind Kodandaramaiah Solutions Developer Solutions Prototyping
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Dev(Sec)Ops Overview Security in the Pipeline Pipeline Build-Out Take home challenge Wrap-up Q&A
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is DevOps? What is DevSecOps? Reliability Speed ScaleRapid Delivery Improved Collaboration Combination of Practices and tools SecDev Ops Adding Sec to Dev/__/Ops Security Securing the Pipeline Auditing Workloads Operations Security in the Pipeline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Pipeline Source Control Build Testing & Staging Production Maintain AWS CodeCommit AWS CloudFormation AWS CodeBuild AWS Step Functions AWS X-Ray AWS CodePipeline AWS Step Functions AWS CodeDeploy AWS Elastic Beanstalk AWS Systems Manager Amazon GuardDuty AWS CodeStar AWS CodePipeline AWS CodeStar AWS CodePipeline COMMIT CHANGES BUILD ARTIFACTS DEPLOY TO TEST ENVIRONMENT RUN INTEGRATION, SECURITY, LOAD AND OTHER TESTS DEPLOY TO PRODUCTION ENVIRONMENT MANAGE RUNTIME
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What you will do today? 1. Build a CI/CD Pipeline. 2. Implement security IN the Pipeline.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pipeline Pre-requisite check http://bit.ly/2CVczI0 5 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The base Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Build source code CodeBuild
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The final Pipeline Source Source Code CodeCommit Static Code Analysis CodeBuild Launch & Install Lambda AWS CodePipeline EC2 Instance Vulnerability check Lambda Build AMI Lambda Amazon Inspector SSM Automation Golden AMI
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn – Build the base pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Build source code CodeBuild Golden AMI http://bit.ly/2zlngjB 25 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Is the base Pipeline working? Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Static Code Analysis
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add static code analysis to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild http://bit.ly/2D1uk8u 8 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline find the embedded credentials?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Remove the embedded Credentials Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI http://bit.ly/2F7Wd1p 12 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vulnerability Assessment with Amazon Inspector What is Amazon Inspector? Vulnerability assessment service in the cloud. • Application / EC2 security assessment • Selectable built-in rules • Runtime Behavioral Analysis • CVE (common vulnerabilities and exposures) • AWS Security Best Practices • Weak Security Configuration(CIS Security Benchmarks) • Network Reachability • Security findings – guidance and management • Automatable via APIs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add Vulnerability assessment to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild Vulnerability Check Lambda Amazon Inspector http://bit.ly/2RwEsKB 20 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline catch the vulnerability?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What did Amazon Inspector find? Finding Recommendation A security flaw was found in the chap_server_compute_md5() function Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 Fix yum –y update kernel yum –y update kernel
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Fix the vulnerability Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Vulnerability Check Lambda Golden AMI http://bit.ly/2RzgvCk 20 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Launch the AMI http://bit.ly/2zxg18e 15 Min
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat detection and continuous monitoring with Amazon GuardDuty GuardDuty Monitors • Unusual API calls. • Potentially unauthorized deployments that indicate a possible account compromise. • Potentially compromised instances or reconnaissance by attackers.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How GuardDuty Works Threat intel, ML/AI Anomaly Detection SIEM and/or Remediate Reconnaissance Instance Compromise Account Compromise DNS Logs CloudTrail Events HIGH MEDIUM LOW FindingsData SourcesThreat Detection Types VPC Flow logs Amazon GuardDuty AWS Cloud
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn - Cleanup AWS Resources http://bit.ly/2Dl7A4k
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aravind Kodandaramaiah karavind@amazon.com Adam Mclean apmclean@amazon.com

Recommended

Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 
re:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF Loftre:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF LoftAmazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
 
Design, Deploy, & Optimize SQL Server Workloads
Design, Deploy, & Optimize SQL Server Workloads Design, Deploy, & Optimize SQL Server Workloads
Design, Deploy, & Optimize SQL Server Workloads Amazon Web Services
 
Deep Dive on Serverless Application Development
Deep Dive on Serverless Application DevelopmentDeep Dive on Serverless Application Development
Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview Amazon Web Services
 

Recommended

Identity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftIdentity Round Robin Workshop - Serverless Round: Security Week at the SF Loft
Identity Round Robin Workshop - Serverless Round: Security Week at the SF LoftAmazon Web Services
 
re:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF Loftre:Invent Recap: Security Week at the SF Loft
re:Invent Recap: Security Week at the SF LoftAmazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS Evolve Your Incident Response Process and Powers for AWS
Evolve Your Incident Response Process and Powers for AWS Amazon Web Services
 
Design, Deploy, & Optimize SQL Server Workloads
Design, Deploy, & Optimize SQL Server Workloads Design, Deploy, & Optimize SQL Server Workloads
Design, Deploy, & Optimize SQL Server Workloads Amazon Web Services
 
Deep Dive on Serverless Application Development
Deep Dive on Serverless Application DevelopmentDeep Dive on Serverless Application Development
Deep Dive on Serverless Application DevelopmentAmazon Web Services
 
AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview AWS Identity, Directory, and Access Services: An Overview
AWS Identity, Directory, and Access Services: An Overview Amazon Web Services
 
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Amazon Web Services
 
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Amazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Amazon Web Services
 
Enterprise Security
Enterprise SecurityEnterprise Security
Enterprise SecurityAmazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...Amazon Web Services
 
01 aw some day_main track_aws basics
01 aw some day_main track_aws basics01 aw some day_main track_aws basics
01 aw some day_main track_aws basicsAmazon Web Services Germany GmbH
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls Amazon Web Services
 
GraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaGraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaAleksandr Maklakov
 
AWS Lambda use cases and best practices - Builders Day Israel
AWS Lambda use cases and best practices - Builders Day IsraelAWS Lambda use cases and best practices - Builders Day Israel
AWS Lambda use cases and best practices - Builders Day IsraelAmazon Web Services
 
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
 
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Amazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarAmazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)Amazon Web Services
 
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Amazon Web Services
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateAmazon Web Services
 

More Related Content

What's hot

Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Amazon Web Services
 
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Amazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Amazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls Amazon Web Services
 
GraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaGraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaAleksandr Maklakov
 
AWS Lambda use cases and best practices - Builders Day Israel
AWS Lambda use cases and best practices - Builders Day IsraelAWS Lambda use cases and best practices - Builders Day Israel
AWS Lambda use cases and best practices - Builders Day IsraelAmazon Web Services
 
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
 
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Amazon Web Services
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Amazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarAmazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveAmazon Web Services
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksAmazon Web Services
 
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)Amazon Web Services
 

What's hot (20)

Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
Set Up a CI/CD Pipeline for Deploying Containers Using the AWS Developer Tool...
 
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
Build a dashboard using serverless security analytics - SDD201 - AWS re:Infor...
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
 
Enterprise Security
Enterprise SecurityEnterprise Security
Enterprise Security
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
 
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
Best Practices for CI/CD with AWS Lambda and Amazon API Gateway (SRV355-R1) -...
 
01 aw some day_main track_aws basics
01 aw some day_main track_aws basics01 aw some day_main track_aws basics
01 aw some day_main track_aws basics
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls Bridgewater's Model-Based Verification of AWS Security Controls
Bridgewater's Model-Based Verification of AWS Security Controls
 
GraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS LambdaGraphQL backend with AWS AppSync & AWS Lambda
GraphQL backend with AWS AppSync & AWS Lambda
 
AWS Lambda use cases and best practices - Builders Day Israel
AWS Lambda use cases and best practices - Builders Day IsraelAWS Lambda use cases and best practices - Builders Day Israel
AWS Lambda use cases and best practices - Builders Day Israel
 
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
 
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
Cross-account encryption with AWS KMS and Slack Enterprise Key Management - S...
 
Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand Module 1 - AWSome Day Online Conference Thailand
Module 1 - AWSome Day Online Conference Thailand
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
 
Dev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL WebinarDev & Test on AWS Webinar October 2017 - IL Webinar
Dev & Test on AWS Webinar October 2017 - IL Webinar
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
 
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech TalksDeep Dive on AWS Single Sign-On - AWS Online Tech Talks
Deep Dive on AWS Single Sign-On - AWS Online Tech Talks
 
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)
Workshop: Building Serverless Real-time Data Processing (Now with Unicorns!)
 

Similar to Adding Sec to DevOps Pipelines

Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Amazon Web Services
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateAmazon Web Services
 
Ci/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO ClubCi/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO ClubBoaz Ziniman
 
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeCI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeAmazon Web Services
 
From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28Amazon Web Services
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryAmazon Web Services
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryAmazon Web Services
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesAmazon Web Services
 
Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...
Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...
Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...Amazon Web Services
 
High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...
High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...
High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...Amazon Web Services
 
Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...
Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...
Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...Amazon Web Services
 
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...Amazon Web Services
 
Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...
Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...
Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...Amazon Web Services
 
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...Amazon Web Services
 
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018Amazon Web Services
 
Continuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero DowntimeContinuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero DowntimeCasey Lee
 
Developing Serverless Application on AWS
Developing Serverless Application on AWSDeveloping Serverless Application on AWS
Developing Serverless Application on AWSAmazon Web Services
 
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...Amazon Web Services
 

Similar to Adding Sec to DevOps Pipelines (20)

Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
Adding the Sec to Your DevOps Pipelines (SEC332-R1) - AWS re:Invent 2018
 
CI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and FargateCI/CD with AWS Developer Tools and Fargate
CI/CD with AWS Developer Tools and Fargate
 
Ci/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO ClubCi/CD for AWS Lambda Projects - JLM CTO Club
Ci/CD for AWS Lambda Projects - JLM CTO Club
 
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_SingaporeCI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
CI-CD with AWS Developer Tools and Fargate_AWSPSSummit_Singapore
 
From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28From Code to a Running Container | AWS Floor28
From Code to a Running Container | AWS Floor28
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
 
Improve Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & DeliveryImprove Productivity with Continuous Integration & Delivery
Improve Productivity with Continuous Integration & Delivery
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
 
Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...
Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...
Serverless Application Debugging and Delivery Best Practices (DEV307-R1) - AW...
 
CI/CD@Scale
CI/CD@ScaleCI/CD@Scale
CI/CD@Scale
 
High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...
High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...
High Velocity DevOps: Four Ways to Leverage CloudFront in Faster DevOps Workf...
 
Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...
Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...
Automate Your Alexa Lambda Function Deployment Workflows Using AWS CodeCommit...
 
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
Scaling and Automating DevOps with CloudBees and Spot Instances (GPSTEC310) -...
 
Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...
Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...
Unlocking Agility with the AWS Serverless Application Model (SAM) - AWS Summi...
 
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
Ensuring Your Windows Server Workloads Are Well-Architected - AWS Online Tech...
 
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
What's New with the AWS CLI (DEV322-R1) - AWS re:Invent 2018
 
Continuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero DowntimeContinuous Delivery on AWS with Zero Downtime
Continuous Delivery on AWS with Zero Downtime
 
Developing Serverless Application on AWS
Developing Serverless Application on AWSDeveloping Serverless Application on AWS
Developing Serverless Application on AWS
 
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
Earn Your DevOps Black Belt: Deployment Scenarios with AWS CloudFormation (DE...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Adding Sec to DevOps Pipelines

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines Welcome to the Workshop and have a seat. Please visit http://bit.ly/2CVczI0 and follow the setup instructions to complete the pre-requisite for this workshop. If you need to create a new AWS account, visit http://bit.ly/2P45JHn
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Adding the Sec to Your DevOps Pipelines Adam McLean Solutions Developer Solutions Prototyping Aravind Kodandaramaiah Solutions Developer Solutions Prototyping
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Dev(Sec)Ops Overview Security in the Pipeline Pipeline Build-Out Take home challenge Wrap-up Q&A
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is DevOps? What is DevSecOps? Reliability Speed ScaleRapid Delivery Improved Collaboration Combination of Practices and tools SecDev Ops Adding Sec to Dev/__/Ops Security Securing the Pipeline Auditing Workloads Operations Security in the Pipeline
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security in the Pipeline Source Control Build Testing & Staging Production Maintain AWS CodeCommit AWS CloudFormation AWS CodeBuild AWS Step Functions AWS X-Ray AWS CodePipeline AWS Step Functions AWS CodeDeploy AWS Elastic Beanstalk AWS Systems Manager Amazon GuardDuty AWS CodeStar AWS CodePipeline AWS CodeStar AWS CodePipeline COMMIT CHANGES BUILD ARTIFACTS DEPLOY TO TEST ENVIRONMENT RUN INTEGRATION, SECURITY, LOAD AND OTHER TESTS DEPLOY TO PRODUCTION ENVIRONMENT MANAGE RUNTIME
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What you will do today? 1. Build a CI/CD Pipeline. 2. Implement security IN the Pipeline.
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Pipeline Pre-requisite check http://bit.ly/2CVczI0 5 Min
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The base Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Build source code CodeBuild
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The final Pipeline Source Source Code CodeCommit Static Code Analysis CodeBuild Launch & Install Lambda AWS CodePipeline EC2 Instance Vulnerability check Lambda Build AMI Lambda Amazon Inspector SSM Automation Golden AMI
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn – Build the base pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Build source code CodeBuild Golden AMI http://bit.ly/2zlngjB 25 Min
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Is the base Pipeline working? Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Static Code Analysis
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add static code analysis to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild http://bit.ly/2D1uk8u 8 Min
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline find the embedded credentials?
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Remove the embedded Credentials Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Golden AMI http://bit.ly/2F7Wd1p 12 Min
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vulnerability Assessment with Amazon Inspector What is Amazon Inspector? Vulnerability assessment service in the cloud. • Application / EC2 security assessment • Selectable built-in rules • Runtime Behavioral Analysis • CVE (common vulnerabilities and exposures) • AWS Security Best Practices • Weak Security Configuration(CIS Security Benchmarks) • Network Reachability • Security findings – guidance and management • Automatable via APIs
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your turn - Add Vulnerability assessment to the Pipeline Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda SSM Automation EC2 Instance Golden AMI Static code analysis CodeBuild Vulnerability Check Lambda Amazon Inspector http://bit.ly/2RwEsKB 20 Min
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Did the Pipeline catch the vulnerability?
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What did Amazon Inspector find? Finding Recommendation A security flaw was found in the chap_server_compute_md5() function Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. Use your Operating System's update feature to update package kernel- 0:4.14.62- 65.117.amzn1 Fix yum –y update kernel yum –y update kernel
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Fix the vulnerability Source Source Code CodeCommit Launch & Install Lambda AWS CodePipeline Build AMI Lambda Static code analysis CodeBuild Vulnerability Check Lambda Golden AMI http://bit.ly/2RzgvCk 20 Min
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn – Launch the AMI http://bit.ly/2zxg18e 15 Min
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat detection and continuous monitoring with Amazon GuardDuty GuardDuty Monitors • Unusual API calls. • Potentially unauthorized deployments that indicate a possible account compromise. • Potentially compromised instances or reconnaissance by attackers.
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How GuardDuty Works Threat intel, ML/AI Anomaly Detection SIEM and/or Remediate Reconnaissance Instance Compromise Account Compromise DNS Logs CloudTrail Events HIGH MEDIUM LOW FindingsData SourcesThreat Detection Types VPC Flow logs Amazon GuardDuty AWS Cloud
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your Turn - Cleanup AWS Resources http://bit.ly/2Dl7A4k
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 35. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aravind Kodandaramaiah karavind@amazon.com Adam Mclean apmclean@amazon.com