Infosec In the City (IIC)
SINCON 2021 Conference — Infrastructure Is the New Code: Is Your DevSecOps Ready? — by Ori Bendet
SINCON 2021 Conference — BizComm Talk
Day 1 (05 Nov 2021) 3.30pm—4.00pm @ Open Stage
Infrastructure Is the New Code — Is Your DevSecOps Ready?
Infrastructure as Code (IaC) makes deploying cloud or container configurations scalable and faster. If you are launching a microservice into a Kubernetes cluster, or even building an entire AWS virtual infrastructure, IaC can automate the deployment. By building repeatable templates you can also ensure that deployments happen exactly as you design, every time. However, errors in infrastructure configuration are now regarded as the second biggest cause of data breaches. There are many ways to give adversaries an advantage through security misconfigurations. Overly permissive storage volumes, unauthenticated database access, or ports left open to the internet have all been a cause of compromise. The solution? Treat your infrastructure code the same as your application code. During your build process, use tools to scan for infrastructure misconfigurations. When you find them raise alerts or even break the build.
In this session, we will discuss common types of IaC misconfigurations, and demonstrate a free, open-source security tool that developers can build into their pipelines to help protect infrastructure from compromise.
About Ori Bendet
An experienced product leader combining strong technical and marketing skills, Ori has been leading Checkmarx's flagship product, CxSAST (Static Application Security Testing), a Gartner and Forrester market-leading solution, serving thousands of customers worldwide for the last 2 years. Prior to Checkmarx, he was in Time To Know, HPE, PicApp and Bezeq in various product and engineering positions.
Ori believes in Lean & Evidence-based methodology to make sure he solves the right problems for the right users. As a thought leader, Ori shares his experience and techniques as a public speaker and active blogger.