Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS"

•

0 likes•220 views

OWASP + AWS user groups: Using the OWASP Top 10 in AWS Turbo talk 2: Event-based Scanning for AMI enforcement in AWS - Matt Badanes, Cloud Security Manager, Morningstar

©2018 Morningstar, Inc. All rights reserved.
Matt Badanes
Event-based Scanning for AMI
Enforcement in AWS

Our Environment
2
g Decentralized, multi-accountapproach
g ~100 AWS Accounts
g 2 accountsper team (non-prod and prod)
g Support 7 regions. Most teams are in 2 US regions
g Foundational piecesmanaged by terraform (VPC, Cloudtrail,IAM basics, ETC)
/ Everything as code
g Federatedlogin with ADFS
/ Minimize use of IAM Users
g AMIs released on a monthlycadence. Shared from a central account
g Expect teams to fork our AMIs as needed

Our AMIs
3
g Built monthly using chef, packer and terraform
g 8 Different images
g Shared to all accounts and all regions
g Configurationmanagementbaked in
g CIS hardened
g Patched
g Not dependenton AWS generated keys for authentication
g On completion,send notifcation to SNS

The Problem
g Morningstar maintainsa set of base images for our teams to deploy
g This ensures we maintainassecure a configurationof our images as possible (A6-
Security Misconfiguration fromthe OWASP Top 10 in 2017)
g AWS makes it hard to find these images and defaultsto their own quickstart
g We need to controlwhat AMIs our developersuse from inceptionso they don’t make it
to prod
g IAM can handle this, but it doesn’t easily allow for exception handing
g Commercial products can handle some of this, but implementationis either incomplete,
not easily customizableand/or expensive
g Open-source solutions providea good foundation,but the actual AWS interactionsaren’t
the hard part, it’s the customizations

Our Requirements
5
g Minimalinfrastructure to maintain
g Modular
g Highly customizable
g Near “real-time”
g Cross-account and cross-regional support
g Varying levelsof remediation
g Easilyexpandableas new requirementscome in or new services need scanning

A Solution
6
g When any EC2 (or S3, secretsmanager, etc.) event is triggered, event is sent to a central
cloudwatchevent.
g Cloudwatch event triggers a routing lambdato determine if system has any actions
registered with the event
g If event exists (in this case, it does), a corresponding step function is executed. One of
these actions looks at the AMI that was launchedfor the instance (or will be launched if
it’s autoscale).
g If the AMI does not fit our criteria (check owner ID or a tag to a corresponding ticket for
an exception), remediate

The Tool-kit (so far)
9
g CloudWatchEvents and Event Bus
g SNS
g Lambda
g Step-functions
g DynamoDB

Future Enhancements
10
g Scan more services
g Expand scan criteria for services we scan today
g Kill instances that are not compliant
g Complexanalysisand workflows
g Wider adoption

CFP - AWS Community Day 2019 CFP - AWS Community Day 2019 100% 10 One of the best practices in Cloud solutions is reliability and consistency is using credentials and this session explains on how to Implement this practice using AWS Secrets Manager Screen reader support enabled. One of the best practices in Cloud solutions is reliability and consistency is using credentials and this session explains on how to Implement this practice using AWS Secrets Manager This talk was presented at AWS Community Day Bengaluru 2019 by Vijayanirmala, Devops Solution lead, Sonata software limited

Securing aws workloads with embedded application security

John Varghese

AWS Security Week: AWS Secrets Manager

Amazon Web Services

Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...

Amazon Web Services

Are you hard coding credentials in your software? Do you have passwords you need to centrally manage, while maintaining access control? In this session you will learn the best ways of using the AWS platform to build applications with zero knowledge of the credentials that are used. AWS and Xero will talk about the various methods AWS gives you to ensure you can handle secret values with confidence using automation in a multi-account environment. From IAM Roles, to bearer tokens and automatically rotated secrets, we will walk through a real life application and show how easy it is to keep your secrets safe.

Exploiting IAM in the google cloud platform - dani_goland_mohsan_farid

CloudVillage

"Cloud infrastructure design is complex and makes even the most straight-forward topics, such as Identity and Access Management (IAM), non-trivial and confusing and therefore, full of security risk. While AWS IAM provides for access via console and API/CLI using access keys, there is also a temporary security tokens feature, designed for secure temporary access. However, temporary tokens have multiple security pot-holes that can lead to exploits. I'll explore the limitations of temporary tokens including: - the lack of visibility/management - minimal logging - limited remediation options and how this can be taken advantage of, especially in combination with other techniques such as assuming of roles, pre-signed URLs, log attacks, and serverless functions to achieve persistence, lateral movement, and obfuscation. In addition, I’ll look at common defensive techniques and best practices around lockdown, provisioning, logging and alerting to see whether these are practical and can shift the field."

AWS Secrets Manager

Amazon Web Services

For customers with hundreds or thousands of secrets, like database credentials and API keys, manually rotating and managing access to those secrets can be complex and cause application disruptions. AWS Secrets Manager protects access to your IT resources by enabling you to easily and centrally rotate and manage access to secrets. In this session, we explore the benefits and key features of Secrets Manager. We demonstrate how to safely rotate secrets, manage access to secrets with fine-grained access policies, and centrally secure and audit your secrets.

Managing and scaling the infrastructure for critical business data can be a real pain. To handle this massive scale of data effectively, thousands of users of MongoDB from all around the world have migrated their large and small databases to MongoDB Atlas. By the end of this talk, you'll have a better understanding of the “how” and “why” of it, and will be able to leverage it in your organisation with elevated confidence. I'll demo the migration of a realtime application using MongoDB from existing cloud infrastructure to MongoDB Atlas. If you're a developer, DBA or a business stakeholder, and your organisation is using/planning to use MongoDB on-premise or with any other cloud vendor, this talk will help you to gain insights into the best way to run MongoDB.

MozDef Workshop slide

CloudVillage

ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...

CloudVillage

Speaker 1: Olaf Hartong Speaker 2: Edoardo Gerosa Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud. The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard. This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.

Kubernetes - do or do not, there is no try

James Strong

How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts

Sebastian Taphanel CISSP-ISSEP

Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit

Amazon Web Services

Migrating mission-critical workloads to the cloud requires specialized expertise and operational evolution. Fortunately, security tools have evolved and are now much easier to implement, use, and scale. In this session, learn what tools are right for your business requirements and how they can effectively reduce operational friction in your journey to the cloud. Hear representatives from Armor discuss how automation has developed a strong combination of security controls in AWS, and learn how Armor designs the proper controls to address potential security gaps. Also, learn how to mitigate risk by utilizing AWS native security controls in conjunction with Armor's security stack. This session is brought to you by AWS partner, Armor.

Connecting Your SIEM Tool with Akamai Security Events

Akamai Developers & Admins

Integrating security events from all of your network and security systems is critical to solving problems quickly and keeping your environment secure. The ideal solution puts you in control and continues to work even during a DDoS attack. In this session, you'll learn how you can use the Akamai SIEM Integration product to feed security events from Akamai Cloud Security products into your environment. Also in this session, we’ll demonstrate how to use Luna administration tools to set up user, API, and security settings giving you the benefits of having Akamai security events integrated into your overall security event monitoring solution.

Defcon 27 - Exploiting IAM in GCP

Netskope

Our CloudFlare experience

Nick Malcolm

The Automation of Supervision: How Regulators and Audit Teams are using AWS t...

Amazon Web Services

Lacework AWS Security Week Presentation

Lacework

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

HashiCorp

Managing secrets in a distributed cloud world requires a new approach to security. Applications and systems are now frequently created and destroyed. The network between distributed clouds, applications, and systems is low-trust, furthering the complexities of secrets sprawl. So, what is the solution? HashiCorp Vault seeks to solve the problem of secret sprawl by centralizing secrets management in a scalable, repeatable workflow to be able to create, manage, and revoke secrets as needed. Watch this webinar to learn: - How Vault addresses today’s security threats - How security teams can use Vault to store and manage all their secrets across their private and public infrastructure, globally. - How Adobe reduced secret sprawl, increased operational performance of a key security process, and processes 100 trillion transactions with Vault For full webinar recording: https://hashicorp.com/resources/eliminating-secret-sprawl-in-the-cloud

Vault 1.4 launch webinar

Mitchell Pronschinske

Securing AWS Accounts with Hashi Vault

Shrivatsa Upadhye

Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...

Tirza DiOro

Multi-Account Strategy At Scale - Nick Bausch, Chicago

AWS Chicago

Meeting Enterprise Security Requirements with AWS Native Security Services (S...

Amazon Web Services

GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.

What's hot

Using Splunk/ELK for auditing AWS/GCP/Azure security posture

Jose Hernandez

Overview of secret management solutions and architecture

Yuechuan (Mike) Chen

AWS Atlanta meetup Secrets Manager

Adam Book

PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015

Evident.io

Denver AWS Users' Group Meetup - May 2020

David McDaniel

MongoDB World 2019: Lift & Shift MongoDB to Atlas

MongoDB

MozDef Workshop slide

CloudVillage

ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...

CloudVillage

Kubernetes - do or do not, there is no try

James Strong

How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts

Sebastian Taphanel CISSP-ISSEP

Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit

Amazon Web Services

Connecting Your SIEM Tool with Akamai Security Events

Akamai Developers & Admins

Defcon 27 - Exploiting IAM in GCP

Netskope

Our CloudFlare experience

Nick Malcolm

The Automation of Supervision: How Regulators and Audit Teams are using AWS t...

Amazon Web Services

Lacework AWS Security Week Presentation

Lacework

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

HashiCorp

Vault 1.4 launch webinar

Mitchell Pronschinske

Securing AWS Accounts with Hashi Vault

Shrivatsa Upadhye

Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...

Tirza DiOro

What's hot (20)

Using Splunk/ELK for auditing AWS/GCP/Azure security posture

Overview of secret management solutions and architecture

AWS Atlanta meetup Secrets Manager

PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015

Denver AWS Users' Group Meetup - May 2020

MongoDB World 2019: Lift & Shift MongoDB to Atlas

MozDef Workshop slide

ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...

Kubernetes - do or do not, there is no try

How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts

Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit

Connecting Your SIEM Tool with Akamai Security Events

Defcon 27 - Exploiting IAM in GCP

Our CloudFlare experience

The Automation of Supervision: How Regulators and Audit Teams are using AWS t...

Lacework AWS Security Week Presentation

Eliminating Secret Sprawl in the Cloud with HashiCorp Vault - 07.11.2018

Vault 1.4 launch webinar

Securing AWS Accounts with Hashi Vault

Incapsula D3 - A Single Source of Truth for Security Issues - Pushing Siem L...

Similar to Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS"

Multi-Account Strategy At Scale - Nick Bausch, Chicago

AWS Chicago

Meeting Enterprise Security Requirements with AWS Native Security Services (S...

Amazon Web Services

Proven Methodologies for Accelerating Your Cloud Journey (ENT308-S) - AWS re:...

Amazon Web Services

In this session, learn how to accelerate your journey to the cloud while implementing a cloud-first strategy and without sacrificing the controls and standards required in a large, publicly-traded enterprise. Benefit from the insights developed from working with some of the most recognized brands in the world. Discover how these household names leverage automation, CI/CD, and a modular approach to workload design to ensure the consistent application of their security and governance requirements. Learn which approaches to use when transforming workloads to cloud-native technologies, including serverless and containers. With this approach, business users can finally receive properly governed resources without delaying or disrupting their need for agility, flexibility, and cloud scale. This session is brought to you by AWS partner, 2nd Watch.

Ml ops on AWS

PhilipBasford

[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018

Amazon Web Services

Learn about AWS Security Hub, and how it gives you a comprehensive view of your high-priority security alerts and your compliance status across AWS accounts. See how Security Hub aggregates, organizes, and prioritizes your alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions. We will demonstrate how you can continuously monitor your environment using compliance checks based on the AWS best practices and industry standards your organization follows.

SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...

Kocapep

SEC302-S-143971-AWS-Prismacloud.pptx

DubemJavapi

How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...

Amazon Web Services

Performing forensics on AWS resources is a new experience for many customers who might have older runbooks based on on-premises workflows using manual steps, or perhaps no processes in place at all. In this session, get a deeper insight into the various runbooks to perform practical forensic tasks on AWS resources like Amazon EC2 instances, using a combination of industry tooling, AWS serverless services like AWS Lambda and AWS Step Functions, and managed services like Amazon Athena.

Achieving Global Consistency Using AWS CloudFormation StackSets - AWS Online ...

Amazon Web Services

How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...

Amazon Web Services

GoDaddy is a company full of builders, and its mission is to empower everyday entrepreneurs to be successful online. In this session, learn how its Cloud Center of Excellence team is setting new standards for security and data encryption on AWS. Learn how GoDaddy leverages AWS Key Management Service to enable distributed application teams to move quickly and securely and how it has used advanced encryption handling techniques to protect sensitive data (e.g., ecommerce) for its 18 million customers. Finally, learn how you can leverage GoDaddy’s open-source advanced encryption handling SDK to protect your company’s most sensitive assets.

Security@Scale

Amazon Web Services

This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...

Amazon Web Services

This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.

Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...

Amazon Web Services

In this session, learn how GoDaddy achieved self-service, standardization, and governance through AWS Service Catalog in the first 100 days of their cloud migration journey. We walk through GoDaddy’s use case of how they migrated to AWS with AWS Landing Zone, AWS Service Catalog, and the initial 100 days to establish their Cloud Center of Excellence to increase their speed of delivery and improve performance and reliability, while not sacrificing on security and financial controls.

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Amazon Web Services

In this workshop, create guardrails to ensure governance is applied and identify when people stray. This session will deep dive into AWS Landing Zone, AWS Organizations, AWS Config, and Identity and Access Management. We will focus on the Operational Excellence and Security pillar best practices, of the AWS Well-Architected Framework, using a multi-account strategy. We address the architectural and operational decisions you need to make. In the cloud, you can start at the core and create defense in depth at the individual resource level. This session is designed for security and compliance practitioners interested in estate management, auditing of infrastructure, advanced IAM techniques, and overall governance management.

Threat Detection & Remediation Workshop - Module 2

Amazon Web Services

by Greg McConnel, Sr. Security Solutions Architect, AWS This workshop is designed to expose you to a number of AWS services that can be part of a threat detection and remediation strategy. We will cover the following services: Amazon GuardDuty, Amazon Macie, Amazon Inspector, Amazon CloudWatch (Events & Logs), AWS Lambda, Amazon SNS, Amazon S3, VPC Flow Logs, DNS Logs and AWS CloudTrail. You will learn how to use these services to set up a notification and remediation pipeline, to investigate threats during and after an attack, and how to evaluate what additional alerts and automated remediations should be deployed. We will go through a simulated attack scenario that will generate real GuardDuty findings and Macie alerts. We will investigate the attack, examine the threats, remediate the attack and investigate additional automated remediations that can be used in the future.

Hybrid Cloud Customer Use Cases on AWS

Tom Laszewski

How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...

Amazon Web Services

Are you dealing with legacy system complexities when integrating your backup and recovery solution with the cloud? Rubrik can help you simplify data protection with its policy-based backup, recovery, and archival capabilities for hybrid applications. In this session, learn how University of California San Diego (UCSD) leverages Rubrik and AWS to help simplify data protection, achieve rapid data recovery, and scale for data growth. Join us to learn how UCSD replaced expensive and unreliable backup tapes with AWS storage, and how to move data to AWS and protect your cloud-native workloads running on AWS. This session is brought to you by AWS partner, Rubrik.

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Amazon Web Services

Augmenting Security Posture and Improving Operational Health with AWS CloudTr...

Amazon Web Services

Enabling AWS CloudTrail for auditing purposes is often a corporate mandate, but do you know how to use CloudTrail events to improve your security and operational posture? Come learn how CloudTrail can help improve your operational monitoring and troubleshooting, security analysis, and compliance auditing processes. Discover best practices for setting up and using CloudTrail; explore use cases for data mining CloudTrail event data; learn how to set up alerts based on activity in your account; and learn about advanced use cases. Also learn how to implement data plane governance autoEnabling AWS CloudTrail for auditing purposes is often a corporate mandate, but do you know how to use CloudTrail events to improve your security and operational posture? Come learn how CloudTrail can help improve your operational monitoring and troubleshooting, security analysis, and compliance auditing processes. Discover best practices for setting up and using CloudTrail; explore use cases for data mining CloudTrail event data; learn how to set up alerts based on activity in your account; and learn about advanced use cases. Also learn how to implement data plane governance automation using data events from Amazon S3 and AWS Lambda. mation using data events from Amazon S3 and AWS Lambda.

test-sgsgsgs.pptx

shramangupta2

Similar to Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS" (20)

Multi-Account Strategy At Scale - Nick Bausch, Chicago

Meeting Enterprise Security Requirements with AWS Native Security Services (S...

Proven Methodologies for Accelerating Your Cloud Journey (ENT308-S) - AWS re:...

Ml ops on AWS

[NEW LAUNCH!] Introduction to AWS Security Hub (SEC397) - AWS re:Invent 2018

SEC302-S-143971-Session-Presentation.7e95c642838da923e9d66db6fde28eef1554e4b8...

SEC302-S-143971-AWS-Prismacloud.pptx

How to Perform Forensics on AWS Using Serverless Infrastructure (SEC416-R1) -...

Achieving Global Consistency Using AWS CloudFormation StackSets - AWS Online ...

How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...

Security@Scale

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...

Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...

Threat Detection & Remediation Workshop - Module 2

Hybrid Cloud Customer Use Cases on AWS

How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...

How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...

Augmenting Security Posture and Improving Operational Health with AWS CloudTr...

test-sgsgsgs.pptx

Recently uploaded

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

nkrafacyberclub

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

DevOps and Testing slides at DASA Connect

Kari Kakkonen

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Generative AI Deep Dive: Advancing from Proof of Concept to Production

FIDO Alliance Osaka Seminar: Overview.pdf

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

Monitoring Java Application Security with JDK Tools and JFR Events

DevOps and Testing slides at DASA Connect

National Security Agency - NSA mobile device best practices

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

The Art of the Pitch: WordPress Relationships and Sales

Removing Uninteresting Bytes in Software Fuzzing

A tale of scale & speed: How the US Navy is enabling software delivery from l...

PHP Frameworks: I want to break free (IPC Berlin 2024)

Epistemic Interaction - tuning interfaces to provide information for AI support

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...

Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS"

2. Our Environment 2 g Decentralized, multi-accountapproach g ~100 AWS Accounts g 2 accountsper team (non-prod and prod) g Support 7 regions. Most teams are in 2 US regions g Foundational piecesmanaged by terraform (VPC, Cloudtrail,IAM basics, ETC) / Everything as code g Federatedlogin with ADFS / Minimize use of IAM Users g AMIs released on a monthlycadence. Shared from a central account g Expect teams to fork our AMIs as needed

3. Our AMIs 3 g Built monthly using chef, packer and terraform g 8 Different images g Shared to all accounts and all regions g Configurationmanagementbaked in g CIS hardened g Patched g Not dependenton AWS generated keys for authentication g On completion,send notifcation to SNS

4. The Problem g Morningstar maintainsa set of base images for our teams to deploy g This ensures we maintainassecure a configurationof our images as possible (A6- Security Misconfiguration fromthe OWASP Top 10 in 2017) g AWS makes it hard to find these images and defaultsto their own quickstart g We need to controlwhat AMIs our developersuse from inceptionso they don’t make it to prod g IAM can handle this, but it doesn’t easily allow for exception handing g Commercial products can handle some of this, but implementationis either incomplete, not easily customizableand/or expensive g Open-source solutions providea good foundation,but the actual AWS interactionsaren’t the hard part, it’s the customizations

5. Our Requirements 5 g Minimalinfrastructure to maintain g Modular g Highly customizable g Near “real-time” g Cross-account and cross-regional support g Varying levelsof remediation g Easilyexpandableas new requirementscome in or new services need scanning

6. A Solution 6 g When any EC2 (or S3, secretsmanager, etc.) event is triggered, event is sent to a central cloudwatchevent. g Cloudwatch event triggers a routing lambdato determine if system has any actions registered with the event g If event exists (in this case, it does), a corresponding step function is executed. One of these actions looks at the AMI that was launchedfor the instance (or will be launched if it’s autoscale). g If the AMI does not fit our criteria (check owner ID or a tag to a corresponding ticket for an exception), remediate

7. 7 What does it look like?

8. 8

9. The Tool-kit (so far) 9 g CloudWatchEvents and Event Bus g SNS g Lambda g Step-functions g DynamoDB

10. Future Enhancements 10 g Scan more services g Expand scan criteria for services we scan today g Kill instances that are not compliant g Complexanalysisand workflows g Wider adoption

Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS"

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS"

Similar to Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS" (20)

More from AWS Chicago

More from AWS Chicago (20)

Recently uploaded

Recently uploaded (20)

Matt Badanes' talk from AWS + OWASP "Event-based Scanning for AMI enforcement in AWS"