SlideShare a Scribd company logo

DevSecCon Asia 2017 Arun N: Securing chatops

Download as PPTX, PDF
DevSecCon
DevSecCon

DevSecCon Asia 2017 Arun N: Securing chatops

Presentations & Public Speaking
1 of 20
Join the conversation #devseccon Extending and securing Chat-Ops Arun N
Introduction • Arun Narayanaswamy • 14 years in Dev & Ops • Worked at large enterprises including Fortune 1 • Entrepreneur, Student, Photographer and Traveler… • Disclaimer: • “The opinions expressed, software references and any content in this presentation are solely mine and they do not represent my employer.”
How many of you use Chat @ Work? techcrunch.com
ChatOps Architecture – How does it work? © http://nordicapis.com
Chat Apps – Big Players! • Instant messaging on steroids • Your ‘whatsapp’ for business! • Collaboration • Integrated workspace - Text, audio, video • All alerting and messaging in one place • Share, Search & Integrate • Chat-ops! • Fun
Bots– Big Players! • Hubot
Hubot – Why? • CoffeeScript on Node.js based • Active development - Github • Easy integration with third part api’s • Deployable on Heroku, AWS • Works with Slack and HipChat (and more) • What’s chat without Hubot?
Typical CD Workflow • Revolves around the orchestrator • Data need to be consolidated into Splunk/ELK/Jenkins etc. • Now better with • Containers • New-gen monitoring
CI-CD – Data Flow Bot Interactions Chat Notifications HipChat / Hubot - Workflow
Risk Potential Loopholes (With and without ChatOps)
Potential Loopholes : Focus today!
Plugging in the loopholes 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Hardware keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Hardware keys • Demo [ https://devseccon.hipchat.com/chat ] [ https://id.heroku.com/login ] [ https://www.yubico.com ]
Plugging in the loopholes : Soft keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Roles 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Rooms 2FA Multiple Rooms AWS IAM Policies • Restricted Channels • Private Channels • Different Instance of Chat System • 2FA on Chat system itself
Plugging in the loopholes : IAM (AWS) 2FA Multiple Rooms AWS IAM Policies • Policies on what each system can run • Better control on AWS/Heroku where the bots run
Summary © http://nordicapis.com
Join the conversation #devseccon Thank you! linkedin.com/in/arun-n

Recommended

Laravel school management system: The ultimate pathway to success
Laravel school management system: The ultimate pathway to successLaravel school management system: The ultimate pathway to success
Laravel school management system: The ultimate pathway to successKaty Slemon
 
KumarDevOpsEngineer
KumarDevOpsEngineerKumarDevOpsEngineer
KumarDevOpsEngineerkumar budagam
 
Introduction to flutter's basic concepts
Introduction to flutter's basic conceptsIntroduction to flutter's basic concepts
Introduction to flutter's basic conceptsKumaresh Chandra Baruri
 
Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform WSO2
 
Обзорная презентация Atlassian Confluence
Обзорная презентация Atlassian ConfluenceОбзорная презентация Atlassian Confluence
Обзорная презентация Atlassian ConfluenceTeamlead
 
Microservices
MicroservicesMicroservices
MicroservicesStephan Lindauer
 
Concept of SOA
Concept of SOAConcept of SOA
Concept of SOASylvain Witmeyer
 
Firefox operating system
Firefox operating systemFirefox operating system
Firefox operating systemNishant Mehare
 

Recommended

Laravel school management system: The ultimate pathway to success
Laravel school management system: The ultimate pathway to successLaravel school management system: The ultimate pathway to success
Laravel school management system: The ultimate pathway to successKaty Slemon
 
KumarDevOpsEngineer
KumarDevOpsEngineerKumarDevOpsEngineer
KumarDevOpsEngineerkumar budagam
 
Introduction to flutter's basic concepts
Introduction to flutter's basic conceptsIntroduction to flutter's basic concepts
Introduction to flutter's basic conceptsKumaresh Chandra Baruri
 
Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform Introduction to the WSO2 Carbon Platform
Introduction to the WSO2 Carbon Platform WSO2
 
Обзорная презентация Atlassian Confluence
Обзорная презентация Atlassian ConfluenceОбзорная презентация Atlassian Confluence
Обзорная презентация Atlassian ConfluenceTeamlead
 
Microservices
MicroservicesMicroservices
MicroservicesStephan Lindauer
 
Concept of SOA
Concept of SOAConcept of SOA
Concept of SOASylvain Witmeyer
 
Firefox operating system
Firefox operating systemFirefox operating system
Firefox operating systemNishant Mehare
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
Micro frontend: The microservices puzzle extended to frontend
Micro frontend: The microservices puzzle extended to frontendMicro frontend: The microservices puzzle extended to frontend
Micro frontend: The microservices puzzle extended to frontendAudrey Neveu
 
Introduction to Flutter
Introduction to FlutterIntroduction to Flutter
Introduction to FlutterApoorv Pandey
 
Service Oriented Architecture
Service Oriented Architecture Service Oriented Architecture
Service Oriented Architecture Prabhat gangwar
 
DevOps seminar ppt
DevOps seminar ppt DevOps seminar ppt
DevOps seminar ppt DurgashambaviAmarnen
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...Sonatype
 
Flutter
FlutterFlutter
FlutterDave Chao
 
ROI & Business Value of CI, CD, DevOps, DevSecOps, & Microservices
ROI & Business Value of CI, CD, DevOps, DevSecOps, & MicroservicesROI & Business Value of CI, CD, DevOps, DevSecOps, & Microservices
ROI & Business Value of CI, CD, DevOps, DevSecOps, & MicroservicesDavid Rico
 
introduction to flutter ppt - free download
introduction to flutter ppt - free downloadintroduction to flutter ppt - free download
introduction to flutter ppt - free downloadRajatPalankar2
 
Efficient platform engineering with Microk8s & gopaddle.pdf
Efficient platform engineering with Microk8s & gopaddle.pdfEfficient platform engineering with Microk8s & gopaddle.pdf
Efficient platform engineering with Microk8s & gopaddle.pdfVinothini Raju
 
What is Flutter
What is FlutterWhat is Flutter
What is FlutterMalan Amarasinghe
 
Oracle Spatial Studio: Fast and Easy Spatial Analytics and Maps
Oracle Spatial Studio: Fast and Easy Spatial Analytics and MapsOracle Spatial Studio: Fast and Easy Spatial Analytics and Maps
Oracle Spatial Studio: Fast and Easy Spatial Analytics and MapsJean Ihm
 
Flutter
FlutterFlutter
FlutterToma Velev
 
Google Cloud Anthos on HPE Simplivity
Google Cloud Anthos on HPE SimplivityGoogle Cloud Anthos on HPE Simplivity
Google Cloud Anthos on HPE SimplivityTanawit Chansuchai
 
Deep Dive into Durable Functions
Deep Dive into Durable FunctionsDeep Dive into Durable Functions
Deep Dive into Durable FunctionsJoonas Westlin
 
Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)WSO2
 
Terraform
TerraformTerraform
TerraformAdam Vincze
 
From Monolithic to Microservices
From Monolithic to Microservices From Monolithic to Microservices
From Monolithic to Microservices Amazon Web Services
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersAtlassian
 
Flutter state management from zero to hero
Flutter state management from zero to heroFlutter state management from zero to hero
Flutter state management from zero to heroAhmed Abu Eldahab
 
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 

More Related Content

What's hot

Micro frontend: The microservices puzzle extended to frontend
Micro frontend: The microservices puzzle extended to frontendMicro frontend: The microservices puzzle extended to frontend
Micro frontend: The microservices puzzle extended to frontendAudrey Neveu
 
Introduction to Flutter
Introduction to FlutterIntroduction to Flutter
Introduction to FlutterApoorv Pandey
 
Service Oriented Architecture
Service Oriented Architecture Service Oriented Architecture
Service Oriented Architecture Prabhat gangwar
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...Sonatype
 
ROI & Business Value of CI, CD, DevOps, DevSecOps, & Microservices
ROI & Business Value of CI, CD, DevOps, DevSecOps, & MicroservicesROI & Business Value of CI, CD, DevOps, DevSecOps, & Microservices
ROI & Business Value of CI, CD, DevOps, DevSecOps, & MicroservicesDavid Rico
 
introduction to flutter ppt - free download
introduction to flutter ppt - free downloadintroduction to flutter ppt - free download
introduction to flutter ppt - free downloadRajatPalankar2
 
Efficient platform engineering with Microk8s & gopaddle.pdf
Efficient platform engineering with Microk8s & gopaddle.pdfEfficient platform engineering with Microk8s & gopaddle.pdf
Efficient platform engineering with Microk8s & gopaddle.pdfVinothini Raju
 
Oracle Spatial Studio: Fast and Easy Spatial Analytics and Maps
Oracle Spatial Studio: Fast and Easy Spatial Analytics and MapsOracle Spatial Studio: Fast and Easy Spatial Analytics and Maps
Oracle Spatial Studio: Fast and Easy Spatial Analytics and MapsJean Ihm
 
Google Cloud Anthos on HPE Simplivity
Google Cloud Anthos on HPE SimplivityGoogle Cloud Anthos on HPE Simplivity
Google Cloud Anthos on HPE SimplivityTanawit Chansuchai
 
Deep Dive into Durable Functions
Deep Dive into Durable FunctionsDeep Dive into Durable Functions
Deep Dive into Durable FunctionsJoonas Westlin
 
Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)WSO2
 
From Monolithic to Microservices
From Monolithic to Microservices From Monolithic to Microservices
From Monolithic to Microservices Amazon Web Services
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersAtlassian
 
Flutter state management from zero to hero
Flutter state management from zero to heroFlutter state management from zero to hero
Flutter state management from zero to heroAhmed Abu Eldahab
 

What's hot (20)

Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Micro frontend: The microservices puzzle extended to frontend
Micro frontend: The microservices puzzle extended to frontendMicro frontend: The microservices puzzle extended to frontend
Micro frontend: The microservices puzzle extended to frontend
 
Introduction to Flutter
Introduction to FlutterIntroduction to Flutter
Introduction to Flutter
 
Service Oriented Architecture
Service Oriented Architecture Service Oriented Architecture
Service Oriented Architecture
 
DevOps seminar ppt
DevOps seminar ppt DevOps seminar ppt
DevOps seminar ppt
 
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
DevOps and Continuous Delivery Reference Architectures (including Nexus and o...
 
Flutter
FlutterFlutter
Flutter
 
ROI & Business Value of CI, CD, DevOps, DevSecOps, & Microservices
ROI & Business Value of CI, CD, DevOps, DevSecOps, & MicroservicesROI & Business Value of CI, CD, DevOps, DevSecOps, & Microservices
ROI & Business Value of CI, CD, DevOps, DevSecOps, & Microservices
 
introduction to flutter ppt - free download
introduction to flutter ppt - free downloadintroduction to flutter ppt - free download
introduction to flutter ppt - free download
 
Efficient platform engineering with Microk8s & gopaddle.pdf
Efficient platform engineering with Microk8s & gopaddle.pdfEfficient platform engineering with Microk8s & gopaddle.pdf
Efficient platform engineering with Microk8s & gopaddle.pdf
 
What is Flutter
What is FlutterWhat is Flutter
What is Flutter
 
Oracle Spatial Studio: Fast and Easy Spatial Analytics and Maps
Oracle Spatial Studio: Fast and Easy Spatial Analytics and MapsOracle Spatial Studio: Fast and Easy Spatial Analytics and Maps
Oracle Spatial Studio: Fast and Easy Spatial Analytics and Maps
 
Flutter
FlutterFlutter
Flutter
 
Google Cloud Anthos on HPE Simplivity
Google Cloud Anthos on HPE SimplivityGoogle Cloud Anthos on HPE Simplivity
Google Cloud Anthos on HPE Simplivity
 
Deep Dive into Durable Functions
Deep Dive into Durable FunctionsDeep Dive into Durable Functions
Deep Dive into Durable Functions
 
Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)Service-Oriented Architecture (SOA)
Service-Oriented Architecture (SOA)
 
Terraform
TerraformTerraform
Terraform
 
From Monolithic to Microservices
From Monolithic to Microservices From Monolithic to Microservices
From Monolithic to Microservices
 
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and ContainersYour Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
Your Journey to Cloud-Native Begins with DevOps, Microservices, and Containers
 
Flutter state management from zero to hero
Flutter state management from zero to heroFlutter state management from zero to hero
Flutter state management from zero to hero
 

Viewers also liked

DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenryDevSecCon
 
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon
 
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragileDevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragileDevSecCon
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySriram Narayanan
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015Shannon Lietz
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryDevSecCon
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildDevSecCon
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConStephen de Vries
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owaspShannon Lietz
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_programShannon Lietz
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSAShannon Lietz
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldShannon Lietz
 

Viewers also liked (20)

DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting LeftDevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
DevSecCon Asia 2017 Shannon Lietz: Security is Shifting Left
 
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
DevSecCon Asia 2017 - Abhay Bhargav: Building an Application Vulnerability To...
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
 
Securing the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William HenrySecuring the container DevOps pipeline by William Henry
Securing the container DevOps pipeline by William Henry
 
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
DevSecCon Asia 2017 Joel Divekar: Using Open Source Automation tools for DevS...
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
 
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
DevSecCon Asia 2017: Guillaume Dedrie: A trip through the securitiy of devops...
 
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the governmentDevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
DevSecCon Asia 2017 Fabian Lim: DevSecOps in the government
 
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragileDevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
DevSecCon Asia 2017 Sergiu Bodiu: From resilient to antifragile
 
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
DevSecCon Asia 2017 Ante Gulam: Integrating crowdsourced security into agile ...
 
Segregation of Duties and Continuous Delivery
Segregation of Duties and Continuous DeliverySegregation of Duties and Continuous Delivery
Segregation of Duties and Continuous Delivery
 
DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015DevSecCon KeyNote London 2015
DevSecCon KeyNote London 2015
 
Justin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application deliveryJustin collins - Practical Static Analysis for continuous application delivery
Justin collins - Practical Static Analysis for continuous application delivery
 
Renato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wildRenato Rodrigues - Security in the wild
Renato Rodrigues - Security in the wild
 
Continuous Security Testing - DevSecCon
Continuous Security Testing - DevSecConContinuous Security Testing - DevSecCon
Continuous Security Testing - DevSecCon
 
DevSecCon Keynote
DevSecCon KeynoteDevSecCon Keynote
DevSecCon Keynote
 
Security as Code owasp
Security as Code owaspSecurity as Code owasp
Security as Code owasp
 
S360 2015 dev_secops_program
S360 2015 dev_secops_programS360 2015 dev_secops_program
S360 2015 dev_secops_program
 
Cloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSACloud Security Essentials 2.0 at RSA
Cloud Security Essentials 2.0 at RSA
 
Finding Security a Home in a DevOps World
Finding Security a Home in a DevOps WorldFinding Security a Home in a DevOps World
Finding Security a Home in a DevOps World
 

Similar to DevSecCon Asia 2017 Arun N: Securing chatops

Sharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureSharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureHarm Boertien
 
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergHow to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergAtlassian
 
How Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectHow Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectWan Leung Wong
 
WORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designWORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designUsability Matters
 
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMicrosoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMSHOWTO Bilisim Toplulugu
 
User Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamUser Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamXBOSoft
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and CompetencyKrishna-Kumar
 
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014Gergő Ertli
 
How to write a web framework
How to write a web frameworkHow to write a web framework
How to write a web frameworkNgoc Dao
 
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentBUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentKlooff
 
How to Integrate UX and Agile
How to Integrate UX and AgileHow to Integrate UX and Agile
How to Integrate UX and AgileUserZoom
 
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryImplementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryFresche Solutions
 
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeRabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeAvtex
 
Integrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleIntegrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleICS
 
Chris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teamsChris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teamsAgile Lietuva
 
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack PersonasJu Lim
 
Mix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesMix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesAlexis Monville
 
Mobile Usability Research in a Pinch
Mobile Usability Research in a PinchMobile Usability Research in a Pinch
Mobile Usability Research in a PinchErin Young
 
What is share point sps_denver_final
What is share point sps_denver_finalWhat is share point sps_denver_final
What is share point sps_denver_finalM Allmond
 

Similar to DevSecCon Asia 2017 Arun N: Securing chatops (20)

Sharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureSharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps Culture
 
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergHow to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
 
How Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectHow Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your Project
 
WORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designWORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive design
 
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMicrosoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
 
User Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamUser Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development Upstream
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and Competency
 
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
 
Agile and UX
Agile and UXAgile and UX
Agile and UX
 
How to write a web framework
How to write a web frameworkHow to write a web framework
How to write a web framework
 
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentBUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
 
How to Integrate UX and Agile
How to Integrate UX and AgileHow to Integrate UX and Agile
How to Integrate UX and Agile
 
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryImplementing Modernization by Trevor Perry
Implementing Modernization by Trevor Perry
 
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeRabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
 
Integrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleIntegrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product Lifecycle
 
Chris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teamsChris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teams
 
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
 
Mix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesMix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes Distribuées
 
Mobile Usability Research in a Pinch
Mobile Usability Research in a PinchMobile Usability Research in a Pinch
Mobile Usability Research in a Pinch
 
What is share point sps_denver_final
What is share point sps_denver_finalWhat is share point sps_denver_final
What is share point sps_denver_final
 

More from DevSecCon

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon
 
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon
 
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon
 
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon
 
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon
 
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon
 

More from DevSecCon (20)

DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
DevSecCon London 2019: Workshop: Cloud Agnostic Security Testing with Scout S...
 
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
DevSecCon London 2019: Are Open Source Developers Security’s New Front Line?
 
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
DevSecCon London 2019: How to Secure OpenShift Environments and What Happens ...
 
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
DevSecCon London 2019: A Kernel of Truth: Intrusion Detection and Attestation...
 
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security KnowledgeDevSecCon Seattle 2019: Containerizing IT Security Knowledge
DevSecCon Seattle 2019: Containerizing IT Security Knowledge
 
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
DevSecCon Seattle 2019: Decentralized Authorization - Implementing Fine Grain...
 
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
DevSecCon Seattle 2019: Liquid Software as the real solution for the Sec in D...
 
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
DevSecCon Seattle 2019: Fully Automated production deployments with HIPAA/HIT...
 
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
DevSecCon Singapore 2019: Four years of reflection: How (not) to secure Web A...
 
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
DevSecCon Singapore 2019: crypto jacking: An evolving threat for cloud contai...
 
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
DevSecCon Singapore 2019: Can "dev", "sec" and "ops" really coexist in the wi...
 
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshopDevSecCon Singapore 2019: Workshop - Burp extension writing workshop
DevSecCon Singapore 2019: Workshop - Burp extension writing workshop
 
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscapeDevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
DevSecCon Singapore 2019: Embracing Security - A changing DevOps landscape
 
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we thinkDevSecCon Singapore 2019: Web Services aren’t as secure as we think
DevSecCon Singapore 2019: Web Services aren’t as secure as we think
 
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
DevSecCon Singapore 2019: An attacker's view of Serverless and GraphQL apps S...
 
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
DevSecCon Singapore 2019: The journey of digital transformation through DevSe...
 
DevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for KubernetesDevSecCon Singapore 2019: Preventative Security for Kubernetes
DevSecCon Singapore 2019: Preventative Security for Kubernetes
 
DevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heelDevSecCon London 2018: Is your supply chain your achille's heel
DevSecCon London 2018: Is your supply chain your achille's heel
 
DevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificatesDevSecCon London 2018: Get rid of these TLS certificates
DevSecCon London 2018: Get rid of these TLS certificates
 
DevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOpsDevSecCon London 2018: Open DevSecOps
DevSecCon London 2018: Open DevSecOps
 

Recently uploaded

OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...NETWAYS
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 

Recently uploaded (20)

OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
OSCamp Kubernetes 2024 | SRE Challenges in Monolith to Microservices Shift at...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 

DevSecCon Asia 2017 Arun N: Securing chatops

  • 1. Join the conversation #devseccon Extending and securing Chat-Ops Arun N
  • 2. Introduction • Arun Narayanaswamy • 14 years in Dev & Ops • Worked at large enterprises including Fortune 1 • Entrepreneur, Student, Photographer and Traveler… • Disclaimer: • “The opinions expressed, software references and any content in this presentation are solely mine and they do not represent my employer.”
  • 3. How many of you use Chat @ Work? techcrunch.com
  • 4. ChatOps Architecture – How does it work? © http://nordicapis.com
  • 5. Chat Apps – Big Players! • Instant messaging on steroids • Your ‘whatsapp’ for business! • Collaboration • Integrated workspace - Text, audio, video • All alerting and messaging in one place • Share, Search & Integrate • Chat-ops! • Fun
  • 7. Hubot – Why? • CoffeeScript on Node.js based • Active development - Github • Easy integration with third part api’s • Deployable on Heroku, AWS • Works with Slack and HipChat (and more) • What’s chat without Hubot?
  • 8. Typical CD Workflow • Revolves around the orchestrator • Data need to be consolidated into Splunk/ELK/Jenkins etc. • Now better with • Containers • New-gen monitoring
  • 9. CI-CD – Data Flow Bot Interactions Chat Notifications HipChat / Hubot - Workflow
  • 10. Risk Potential Loopholes (With and without ChatOps)
  • 11. Potential Loopholes : Focus today!
  • 12. Plugging in the loopholes 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 13. Plugging in the loopholes : Hardware keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 14. Plugging in the loopholes : Hardware keys • Demo [ https://devseccon.hipchat.com/chat ] [ https://id.heroku.com/login ] [ https://www.yubico.com ]
  • 15. Plugging in the loopholes : Soft keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 16. Plugging in the loopholes : Roles 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 17. Plugging in the loopholes : Rooms 2FA Multiple Rooms AWS IAM Policies • Restricted Channels • Private Channels • Different Instance of Chat System • 2FA on Chat system itself
  • 18. Plugging in the loopholes : IAM (AWS) 2FA Multiple Rooms AWS IAM Policies • Policies on what each system can run • Better control on AWS/Heroku where the bots run
  • 20. Join the conversation #devseccon Thank you! linkedin.com/in/arun-n

Editor's Notes

  1. AB Deployment / Canary Deployment // Jenkins – CA RA – Automic // Urban Code Deploy