DevOops: Redux
Chris Gates, Ken Johnson at AppSec USA 2016
In a follow-up to the duo’s offensive focused talk “DevOops, How I hacked you”, they discuss defensive countermeasures and real experiences in preventing attacks that target flaws in your DevOps environments. In this talk, Chris and Ken describe common ways in which DevOps environments fall prey to malicious actors with a focus on preventative steps. The team will present their recommended approach to hardening for teams using AWS, Continuous Integration, GitHub, and common DevOps tools and processes. More specifically, the following items will be demonstrated:
-AWS Hardening
-AWS Monitoring
-AWS Disaster Recovery
-GitHub Monitoring
-OPINT
-Software Development Practices/Processes
-Secure use of Jenkins/Hudson
-Developer laptop hardening (OS X)
Chris Gates
Sr. Security Engineer
Chris Gates has extensive experience in network and web application penetration testing, Red Teaming and Purple Teaming. Chris is currently learning to be a part time fixer instead of full time breaker. In the past he has spoken at the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, Derbycon, LasCon, HashDays, HackCon, Bsides ATL, IT Defense, OWASP AppSec DC, and Devops Days.
Ken Johnson
CTO, nVisium
Ken Johnson - CTO, nVisiumKen Johnson has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at AppSec DC, AppSec California, DevOpsDaysDC, LasCon, numerous Ruby and OWASP events, and AWS NYC. Ken is currently investing his time between OWASP’s Railsgoat, Elxir and Go, as well as all aspects of AWS offerings.
-AWS Hardening
-AWS Monitoring
-AWS Disaster Recovery
-GitHub Monitoring
-OPINT
-Software Development Practices/Processes
-Secure use of Jenkins/Hudson
-Developer laptop hardening (OS X)
Chris Gates
Sr. Security Engineer
Chris Gates has extensive experience in network and web application penetration testing, Red Teaming and Purple Teaming. Chris is currently learning to be a part time fixer instead of full time breaker. In the past he has spoken at the United States Military Academy, BlackHat, DefCon, Toorcon, Brucon, Troopers, SOURCE Boston, Derbycon, LasCon, HashDays, HackCon, Bsides ATL, IT Defense, OWASP AppSec DC, and Devops Days.
Ken Johnson
CTO, nVisium
Ken Johnson - CTO, nVisiumKen Johnson has been hacking web applications professionally for 8 years. Ken is both a breaker and builder and currently leads the nVisium product team. Previously, Ken has spoken at AppSec DC, AppSec California, DevOpsDaysDC, LasCon, numerous Ruby and OWASP events, and AWS NYC. Ken is currently investing his time between OWASP’s Railsgoat, Elxir and Go, as well as all aspects of AWS offerings.