Automating Compliance with InSpec - Chef Singapore MeetupMatt Ray
July 24, 2017 slides and demo for Automating Compliance with InSpec. The associated GitHub repository is here: https://github.com/mattray/inspec-workshop
InSpec is an open source testing framework for infrastructure with a human-readable language for specifying compliance, security, and other policy requirements. Easily integrate automated tests that check for advherence to policy into any stage of your deployment pipeline.
Compliance Automation with InSpec - Chef NYC Meetup - April 2017adamleff
Presented at the Chef NYC meetup on April 20, 2017, this presentation reviews how to automate compliance scanning and reporting with InSpec by Chef and wrapped up with a hands-on workshop.
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMatt Ray
June 26, 2017 presentation. With the move to infrastructure as code and continuous integration/continuous delivery pipelines, it looked like releases would become more frequent and less problematic. Then the auditors showed up and made everyone stop what they were doing. How could this have been prevented? What if the audits were part of the process instead of a roadblock? What sort of visibility do we have into the state of our Azure infrastructure compliance? This talk will provide an overview of Chef's open-source InSpec project (https://inspec.io) and how you can build "Compliance as Code" into your Azure-based infrastructure.
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
For too long, audits and security reviews have been seen as resistant to the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill sampling of the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.
About Matt Ray:
Matt Ray is the Manager and Solutions Architect for Asia Pacific and Japan for Chef. He has worked in large enterprise software companies and founded his own startups in a wide variety of industries including banking, retail and government.
He has been active in open source communities for over two decades and has spoken at, and helped organise, many conferences and Meetups. He currently resides in Sydney, Australia after relocating from Austin, Texas. He podcasts at SoftwareDefinedTalk.com, blogs at LeastResistance.net and is @mattray on Twitter, IRC, GitHub and too many Slacks.
Automating Compliance with InSpec - Chef Singapore MeetupMatt Ray
July 24, 2017 slides and demo for Automating Compliance with InSpec. The associated GitHub repository is here: https://github.com/mattray/inspec-workshop
InSpec is an open source testing framework for infrastructure with a human-readable language for specifying compliance, security, and other policy requirements. Easily integrate automated tests that check for advherence to policy into any stage of your deployment pipeline.
Compliance Automation with InSpec - Chef NYC Meetup - April 2017adamleff
Presented at the Chef NYC meetup on April 20, 2017, this presentation reviews how to automate compliance scanning and reporting with InSpec by Chef and wrapped up with a hands-on workshop.
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMatt Ray
June 26, 2017 presentation. With the move to infrastructure as code and continuous integration/continuous delivery pipelines, it looked like releases would become more frequent and less problematic. Then the auditors showed up and made everyone stop what they were doing. How could this have been prevented? What if the audits were part of the process instead of a roadblock? What sort of visibility do we have into the state of our Azure infrastructure compliance? This talk will provide an overview of Chef's open-source InSpec project (https://inspec.io) and how you can build "Compliance as Code" into your Azure-based infrastructure.
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
For too long, audits and security reviews have been seen as resistant to the frequent release of software. Auditors require access to static systems and environments, which would seem to make continuous delivery impossible. Too frequently audits are a fire drill sampling of the current state and temporary fixes are put in place to appease the compliance audit without being integrated into future releases.
About Matt Ray:
Matt Ray is the Manager and Solutions Architect for Asia Pacific and Japan for Chef. He has worked in large enterprise software companies and founded his own startups in a wide variety of industries including banking, retail and government.
He has been active in open source communities for over two decades and has spoken at, and helped organise, many conferences and Meetups. He currently resides in Sydney, Australia after relocating from Austin, Texas. He podcasts at SoftwareDefinedTalk.com, blogs at LeastResistance.net and is @mattray on Twitter, IRC, GitHub and too many Slacks.
Melbourne Infracoders: Compliance as Code with InSpecMatt Ray
Presentation to the Melbourne Infrastructure Coders Meetup November 8, 2016. Overview of InSpec (https://inspec.io) and the idea of "Compliance as Code"
http://www.meetup.com/Infrastructure-Coders/events/233990769/
Compliance Automation with InSpec
InSpec is an open source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits. InSpec’s flexibility makes it a key tool choice for incorporating security into a complete continuous delivery workflow, reducing the risk of new features and releases breaking established host-based security guidelines. This talk covers the basics of working with InSpec, writing tests to reflect your organization’s security guidelines, and managing InSpec as part of a high-velocity workflow.
Compliance as Code with InSpec - DevOps Melbourne 2017Matt Ray
DevOps Melbourne Meetup March 28, 2017
PCI and auditors slowing you down? Compliance and security are the next steps in building your software-defined infrastructure. Chef's open-source project InSpec (https://inspec.io) and audit cookbooks provide an accessible pattern for building compliance into your continuous delivery pipelines.
Integrating-Cloud-Development-Security-And-Operations.pdfAmazon Web Services
Managing infrastructure as code has become an important process in scaling software organizations. This brings many software development processes and ideas to operations, including version control, automated testing, configuration management and reliable duplication. Programmable infrastructure becomes invaluable as application services grows, in quantity and granularity, in a growing company.
Automating the provisioning, configuration and deployment of complex applications requires some design choices on top of AWS services. This presentation discusses how to implement modularity, reliability and security into continuous delivery pipelines ("DevSecOps"). Learn how to automate application delivery using AWS CloudFormation and other tools from Amazon Web Services.
Presentation from Cloud Expo Asia Hong Kong covering the rationale for "Compliance as Code" and how InSpec may be applied to servers, cloud platforms, and much more to keep track of your compliance everywhere.
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...Amazon Web Services
In this session, you will learn how to deploy complex Windows workloads and ways AWS CloudFormation, AWS OpsWorks, and AWS CodeDeploy enable you to automate your Windows application life-cycle management. We will also discuss the monitoring, logging, and automatically scaling of Windows applications. Learn More: https://aws.amazon.com/government-education/
Presentation to the Perth MS Cloud Computing User Group on November 14, 2017. Covered off on how Chef, InSpec, Habitat and Chef Automate work with Windows, Azure and the Microsoft ecosystem.
You've heard about Continuous Integration and Continuous Deilvery but how do you get code from your machine to production in a rapid, repeatable manner? Let a build pipeline do the work for you! Sam Brown will walk through the how, the when and the why of the various aspects of a Contiuous Delivery build pipeline and how you can get started tomorrow implementing changes to realize build automation. This talk will start with an example pipeline and go into depth with each section detailing the pros and cons of different steps and why you should include them in your build process.
Delivering High-Availability Web Services with NGINX Plus on AWSNGINX, Inc.
Over 1/3 of websites running on Amazon Web Services (AWS) are delivered and accelerated using NGINX. In this webinar Nginx and Amazon explain how to get started with NGINX Plus on AWS and how to further increase performance and availability of large, dynamic, cloud-based applications integrating with critical AWS services.
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...Amazon Web Services
Organizations around the globe are leveraging the cloud to accomplish world-changing missions. This session will address how AWS can help organizations put more money toward their mission and scale outreach and operations to achieve more with less. Hear some of AWS’s most advanced customers on how their organizations handle DevOps, continuous integration and deployment. Learn how these practices allow them to rapidly develop, iterate, test and deploy highly-scalable web applications and core operational systems on AWS. The discussion will focus on best practices, lessons learned, and the specific technologies and services they use.
Similar to Automating AWS Compliance with InSpec (20)
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
Discover how a leading enterprise achieved visibility into their cloud costs with the CNCF project OpenCost. OpenCost models current and historical Kubernetes cloud spend and resource allocation by service, deployment, namespace, labels, and much more. This data provides transparency for cloud bills and can be used as the basis for optimizing your Kubernetes deployments based on cost allocation. This session delves into the real-world journey of implementing OpenCost for tracking cloud costs and how they optimized their infrastructure with this information. We’ll start with an introduction to OpenCost, its capabilities, and how to get started as a user and as a contributor. Then we’ll explore the challenges faced, lessons learned, and the tangible impact observed. From initial deployment to ongoing management, learn how OpenCost empowered the enterprise to make data-driven decisions, avoid cost overruns, and streamline their cloud budgeting. Join us for practical insights, success stories, and actionable steps to harness the power of OpenCost in your enterprise.
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
KubeCon EU 2024 Lightning Talk
Understanding the cost and efficiency of Kubernetes on public clouds is essential once you start expanding your infrastructure with real production workloads. The FinOps Certified Solution and CNCF Sandbox OpenCost project monitors cloud costs and models current and historical Kubernetes cloud spend and resource allocation by service, deployment, namespace, labels, and much more. This data provides transparency for cloud bills and can be used as the basis for optimizing your Kubernetes deployments based on cost allocation. This quick introduction to OpenCost will start your foundation for monitoring and Kubernetes and cloud costs.
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...Matt Ray
Understanding the cost and efficiency of Kubernetes on public clouds is essential once you start expanding your infrastructure with real production workloads. The CNCF Sandbox OpenCost project and specification models current and historical Kubernetes cloud spend and resource allocation by service, deployment, namespace, labels, and much more. This data provides transparency for cloud bills and can be used as the basis for optimizing your Kubernetes deployments based on cost allocation. Optimizing Kubernetes for cost and performance is an ongoing iterative process that starts with applications and works through the entire stack.
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeMatt Ray
Emacs’ TRAMP Mode allows for remotely editing files and using Emacs Shell Mode with remote systems. This session walked through the basics of using TRAMP Mode with the Free Software tools Vagrant, Chef, InSpec, and the interactive Ruby debugging shell Pry. The speaker notes are included along with the demo notes. The YouTube recording of the talk is available here: https://youtu.be/4pHid-kTBHw
Wellington DevOps: Bringing Your Applications into the Future with HabitatMatt Ray
Short presentation from the Wellington DevOps Meetup March 13, 2019 on why Habitat is interesting for re-platforming existing applications onto new platforms.
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...Matt Ray
Ignite talks are 20 slides auto-advancing every 15 seconds. This session attempts to share the value of migrating existing applications from legacy to modern platforms.
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Matt Ray
What are we going to do about all these legacy applications? Kubernetes, Docker or Server Core? With Habitat it doesn’t matter anymore! As companies make the transition from traditional IT infrastructure to cloud-native container platforms packaging, deploying and managing applications becomes the focus for developers and operators. Having a consistent approach to managing dependencies and building applications brings stability to CI/CD pipelines and frees developers to prioritize on features. Automated, repeatable builds with immutable artifacts and consistent management of any application on any platform allow operators to focus on stability and speed. Chef's Habitat project brings all of this together in an open source automation platform that enables modern application teams to build, deploy, and run any application in any environment - from traditional data-centers to containerized microservices. This presentation provided an overview of the benefits of Habitat and a live demo of applications being built and deployed on traditional operating systems across Docker and Kubernetes, seamlessly.
Opening keynote for DevOpsDays Jakarta. I attempted to tie the themes of DevOps to a timeline of when they received increasing focus. Books on the subjects provided a convenient way to mark those times.
https://www.devopsdays.org/events/2018-jakarta/program/matt-ray/
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesMatt Ray
Kubernetes, Docker or VMs? With Habitat it doesn’t matter anymore! As companies make the transition from traditional IT infrastructure to cloud-native container platforms packaging, deploying and managing applications becomes the focus for developers and operators. Having a consistent approach to managing dependencies and building applications brings stability to CI/CD pipelines and frees developers to prioritize on features. Automated, repeatable builds with immutable artefacts and consistent management of any application on any platform allow operators to focus on stability and speed. Meet Habitat! This session will provide an overview of the benefits of Habitat and a live demo of applications being built and deployed on traditional operating systems across Docker and Kubernetes, seamlessly.
An overview of Chef Automate and the various resources for Chef, InSpec and Habitat for Azure and Microsoft's other products. Presented September 20, 2017 at Tank Stream Labs.
Brisbane AWS Meetup: OpsWorks for Chef AutomateMatt Ray
June 28, 2017 presentation at the Brisbane AWS Meetup.
OpsWorks for Chef Automate is a service directly available from AWS, managed by Chef as a joint offering.
AWS Sydney North User Group, October 25, 2016. http://www.meetup.com/Amazon-Web-Services-Sydney-North-User-Group/events/234184228/
This session provided an introduction and live demo of Habitat. The process of moving applications from build to Docker and then published to ECR and running on ECS were demonstrated.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
6. SSH Control
"SSH supports two different protocol
versions.The original version, SSHv1, was
subject to a number of security issues.
Please use SSHv2 instead to avoid
these."
8. Whip up a one-liner!
grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
9. Apache Server Information Leakage
• Description
This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the
Server.
This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are
dependent upon specific software versions.
• How toTest
In order to test for ServerToken configuration, one should check the Apache configuration file.
• Misconfiguration
ServerTokens Full
• Remediation
Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only
return "Apache" in the Server header, returned on every page request.
ServerTokens Prod
or
ServerTokens ProductOnly
https://www.owasp.org/index.php/SCG_WS_Apache
10. More grep and sed!
grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
19. Key Trends
• While individual rule compliance
is up, testing of security systems
is down
• Sustainability is low. Fewer than
a third of companies were found
to be still fully compliant less
than a year after successful
validation.
20.
21. Shell Scripts
grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
47. InSpec
> inspec exec test.rb
Test a machine remotely via SSH
> inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1
Test your machine locally
> inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super
Test Docker Container
> inspec exec test.rb -t docker://5cc8837bb6a8
Test a machine remotely via WinRM
AGENTLESS
48. Operating System & Application Coverage
• Microsoft Windows
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux Enterprise Server
• Oracle Enterprise Linux
• AIX
• HP-UX
• Solaris
• VMware ESXi
• MySQL
• Oracle
• PostgreSQL
• Tomcat
• SQL Server
• IIS
• HTTP request
53. The Chef Automate Platform
Continuous Automation for High Velocity IT
Workflow • Local development • Integration • Tooling (APIs & SDKs)
COLLABORATE
▪ Package
▪ Test
▪ Approve
BUILD
▪ Provision
▪ Configure
▪ Execute
▪ Update
DEPLOY
▪ Secure
▪ Comply
▪ Audit
▪ Measure
▪ Log
MANAGE
Infrastructure Automation Compliance AutomationApplication Automation
OSS AUTOMATION ENGINES
Increase Speed
▪ Package infrastructure and app
configuration as code
▪ Continuously automate
infrastructure and app updates
Improve Efficiency
▪ Define and execute standard
workflows and automation
▪ Audit and measure effectiveness of
automation
Decrease Risk
▪ Define compliance rules as code
▪ Deliver continuous compliance as
part of standard workflow
54. AWS OpsWorks for Chef Automate
Native Amazon Service
Managed Chef Server
▪ Utilizes RDS and other native
services
▪ May be externally accessible
AWS Native
▪ Auto Scaling in your VPC
▪ Automatic backups and upgrades
OpsWorks Stacks
▪ New name for previous version of
OpsWorks
● Partnership between Amazon and Chef, jointly
developed and maintained
● Fully managed AWS service with frequent updates
● Fully compatible with open source Chef
● Amazon is your support and billing
● All Chef Automate features will be supported
○ Visibility and Workflow today
○ Compliance soon
○ Currently Northern Virginia, Oregon & Ireland
with more planned