Towards Verifiable Infrastructure Security

Abstract:

We are in the age of microservices, deployed and scaled seamlessly in the cloud. Organizations are leveraging the power of cloud platforms to move fast. This reduces time to develop and deliver online solutions. Security is an important need in this fast paced delivery of online services. Solutions must be secure to maintain user trust and provide data security assurance.

Imagine the security problems that can be solved by writing infrastructure as code. An infrastructure with version control and verifiability through code testing. Visibility and insight into the infrastructure will be available from code and configuration. Updating infrastructure will then be about making a check-in to the code repository and leveraging CI/CD.

In this talk, we will look at the idea of Infrastructure as Code. The tooling required to codify complex infrastructure in the cloud will be discussed. Software testing and reliability principles can then be applied for infrastructure security. The talk will conclude by discussing opportunities that can be leveraged by adopting infrastructure as code.

Abhisek Datta
Head of Technology, Appsecco

Abhisek has over 10 years experience doing security research, security services delivery that includes penetration testing, source code review, training etc. He is currently working as the Head of Technology at Appsecco, where his core area of focus is building security automation platforms using cloud native solutions.

He is credited with multiple vulnerability discovery across enterprise products with CVEs to his name such as CVE-2015-0085, CVE-2015-1650, CVE-2015-1682, CVE-2015-2376, CVE-2015-2555, CVE-2014-4117, CVE- 2014-6113.

As an open source software contributor, he has developed or contributed to multiple projects including: Wireplay, Penovox, HiDump, RbWinDBG

He can be reached through:

https://github.com/abhisek