SlideShare uma empresa Scribd logo

AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementation to Deployment Penetration Testing (SEC309)

Amazon Web Services
Amazon Web Services

Attend this session to learn about security testing your applications in AWS. Effective security testing is challenging, but multiple features and services within AWS make security testing easier. This session covers common approaches to testing, including how we think about testing within AWS, how to apply AWS services to your test setup, remediating findings, and automation.

Tecnologia
1 de 25
Baixar para ler offline
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alex Lucas, AWS Security November 29, 2016 SEC309 Proactive Security Testing in AWS From Early Implementation to Deployment Penetration Testing
What to expect from this session • How to think about your AWS assets • Threat modeling and attack surface • Security baseline • Testing for security • Automation • Continuous Security • Close
Threat modeling • Why? • External dependencies and assumptions • System edges and entry points • Assets and information flows • Classes of user and action / trust • Risks and mitigations
Threat modeling  assets • What is an asset? • Amazon EC2 instance • Amazon S3 bucket • Amazon RDS • Access management • Networking • Deployment and development
Threat modeling  actors • Users • Services • Access to shared assets
Threat model  architecture Unknown user Authenticated user Web server Cache RDBMS Web admin DB admin DB users? CMS 1.1 Login 1. 2 Post 2.1 Admin
STRIDE Spoofing Tampering Repudiation Information disclosure Denial of service Elevation of privilege
Table of flows, STRIDE etc Data flow ID Description 1.1 An unauthenticated user can logon onto the CMS system with valid credentials at this point a session identifying the user controls their identity. STRIDE • Spoofing – A user could assume an incorrect identity if not checked properly • Repudiation – Attempts to login and failed login attempts may not be traced • Denial of service (DoS) - If the login flow is too expensive (computationally complex) the login call could potentially be used to deny service to other users • Elevation of Privilege (EoP) – Incorrectly logging in a user would result in this
Feature Id Mitigation Description SESSION-104 To address spoofing concerns an external audit of the code by [X] will take place. All changes to the code post-event will undergo code review. AUDIT-7 For repudiation all login attempts will be logged into the application log and stored to Amazon CloudWatch Logs. AUDIT-7-1 In support of LOGIN-102 the team will investigate the feasibility of using CloudWatch alarms with thresholds for failed logins. LOGIN-11 For DoS prevention we will do extensive profiling of the login flow and ensure that failed and successful logins represent log computational burden. A single web server instance should be able to support O(x) login calls simultaneously.
Management layer Private subnetPublic subnet ws Internet gateway Router Route table Route table Endpoint S3 bucket Instance role IAM ElastiCache Route 53CloudFormation KMSAmazon Inspector CloudTrail Config
Security baseline • Core: • Instances are patched and remain so • Instances are safe to use post-startup as long as security groups only expose the expected services to the Internet • Account AWS infrastructure management is correctly controlled • Application: • The application has been security tested
Demo – patch level • Any outstanding security patches? • Using EC2 Simple Systems Manager (SSM) run command.
Build security testing in • Static analysis on code push to central repository • Adding a trigger to look for security issues • Check staging and pre-deployment • Check your application access controls
Demo – source code • AWS CodeCommit trigger to look for AWS stored secrets
Demo – deployment assessment • Using Amazon Inspector to assess a pre-production environment and move it to production.
Security testing • Penetration test request process: https://aws.amazon.com/security/penetration-testing/ • Focus on baseline • Know your tools • Be selective
Demo – network profile • Enumerate Internet endpoints • Confirm availability
Continuous security • Integrated testing • Point in time questions • Monitor for changes
Thank you!
Remember to complete your evaluations!
Related sessions • SEC301 - Audit Your AWS Account Against Industry Best Practices: The CIS AWS Benchmarks • SEC313 - Automating Security Event Response, from Idea to Code to Execution • SAC401 - 5 Security Automation Improvements You Can Make by Using Amazon CloudWatch Events and AWS Config Rules

Recomendados

Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...
A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...
A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...Amazon Web Services
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...
AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...
AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Amazon Web Services
 

Recomendados

Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon ECS with Docker | AWS Public Sector Summit 2016
Amazon ECS with Docker | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...
A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...
A Tale of Two Pizzas: Accelerating Software Delivery with Developer Tools - D...Amazon Web Services
 
DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017DevOps Tooling - Pop-up Loft TLV 2017
DevOps Tooling - Pop-up Loft TLV 2017Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...
AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...
AWS re:Invent 2016: Netflix: Using Amazon S3 as the fabric of our big data ec...Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Amazon Web Services
 
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...Amazon Web Services
 
Infrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationInfrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationAmazon Web Services
 
Microsoft Best Practices on AWS
Microsoft Best Practices on AWSMicrosoft Best Practices on AWS
Microsoft Best Practices on AWSAmazon Web Services
 
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...Amazon Web Services
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016Amazon Web Services
 
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...Amazon Web Services
 
Running Containerised Applications at Scale on AWS
Running Containerised Applications at Scale on AWSRunning Containerised Applications at Scale on AWS
Running Containerised Applications at Scale on AWSAmazon Web Services
 
SRV417 Deep Dive on Elastic Load Balancing
SRV417 Deep Dive on Elastic Load BalancingSRV417 Deep Dive on Elastic Load Balancing
SRV417 Deep Dive on Elastic Load BalancingAmazon Web Services
 
Introduction to AWS X-Ray
Introduction to AWS X-RayIntroduction to AWS X-Ray
Introduction to AWS X-RayAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best PracticesAmazon Web Services
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Deep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingDeep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingAmazon Web Services
 
How to Design for High Availability & Scale with AWS
How to Design for High Availability & Scale with AWSHow to Design for High Availability & Scale with AWS
How to Design for High Availability & Scale with AWSBlazeclan Technologies Private Limited
 
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Amazon Web Services
 
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)Amazon Web Services
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAmazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...Amazon Web Services
 
Infrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationInfrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationAmazon Web Services
 
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...Amazon Web Services
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...Amazon Web Services
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016Amazon Web Services
 
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...Amazon Web Services
 
Running Containerised Applications at Scale on AWS
Running Containerised Applications at Scale on AWSRunning Containerised Applications at Scale on AWS
Running Containerised Applications at Scale on AWSAmazon Web Services
 
SRV417 Deep Dive on Elastic Load Balancing
SRV417 Deep Dive on Elastic Load BalancingSRV417 Deep Dive on Elastic Load Balancing
SRV417 Deep Dive on Elastic Load BalancingAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsAmazon Web Services
 
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best PracticesAmazon Web Services
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
Deep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingDeep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingAmazon Web Services
 
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Amazon Web Services
 
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)Amazon Web Services
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAmazon Web Services
 

Mais procurados (20)

AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
 
Infrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormationInfrastructure Continuous Delivery Using AWS CloudFormation
Infrastructure Continuous Delivery Using AWS CloudFormation
 
Microsoft Best Practices on AWS
Microsoft Best Practices on AWSMicrosoft Best Practices on AWS
Microsoft Best Practices on AWS
 
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...
Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...
 
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
AWS re:Invent 2016: Managing and Supporting the Windows Platform on AWS (GPSS...
 
ENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWSENT308 Best Practices for Microsoft Architectures on AWS
ENT308 Best Practices for Microsoft Architectures on AWS
 
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
AWS Directory Service and Hybrid Strategy | AWS Public Sector Summit 2016
 
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...
Cloud-Native DevOps: Simplifying application lifecycle management with AWS | ...
 
Running Containerised Applications at Scale on AWS
Running Containerised Applications at Scale on AWSRunning Containerised Applications at Scale on AWS
Running Containerised Applications at Scale on AWS
 
SRV417 Deep Dive on Elastic Load Balancing
SRV417 Deep Dive on Elastic Load BalancingSRV417 Deep Dive on Elastic Load Balancing
SRV417 Deep Dive on Elastic Load Balancing
 
Introduction to AWS X-Ray
Introduction to AWS X-RayIntroduction to AWS X-Ray
Introduction to AWS X-Ray
 
Hack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 ThreatsHack-Proof Your Cloud: Responding to 2016 Threats
Hack-Proof Your Cloud: Responding to 2016 Threats
 
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices(CMP401) Elastic Load Balancing Deep Dive and Best Practices
(CMP401) Elastic Load Balancing Deep Dive and Best Practices
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Deep Dive on Elastic Load Balancing
Deep Dive on Elastic Load BalancingDeep Dive on Elastic Load Balancing
Deep Dive on Elastic Load Balancing
 
How to Design for High Availability & Scale with AWS
How to Design for High Availability & Scale with AWSHow to Design for High Availability & Scale with AWS
How to Design for High Availability & Scale with AWS
 
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
Hybrid IT: A Stepping Stone to All-In - Pop-up Loft TLV 2017
 
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)
AWS re:Invent 2016: Running Batch Jobs on Amazon ECS (CON310)
 
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef AutomateAchieve Scale & Velocity with AWS OpsWorks for Chef Automate
Achieve Scale & Velocity with AWS OpsWorks for Chef Automate
 

Semelhante a AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementation to Deployment Penetration Testing (SEC309)

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtHelen Rogers
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesTensult
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAPN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAmazon Web Services
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Amazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Amazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 

Semelhante a AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementation to Deployment Penetration Testing (SEC309) (20)

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John Hildebrandt
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large Enterprises
 
AWS Security
AWS Security AWS Security
AWS Security
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAPN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

AWS re:Invent 2016: Proactive Security Testing in AWS: From Early Implementation to Deployment Penetration Testing (SEC309)

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Alex Lucas, AWS Security November 29, 2016 SEC309 Proactive Security Testing in AWS From Early Implementation to Deployment Penetration Testing
  • 2. What to expect from this session • How to think about your AWS assets • Threat modeling and attack surface • Security baseline • Testing for security • Automation • Continuous Security • Close
  • 3. Threat modeling • Why? • External dependencies and assumptions • System edges and entry points • Assets and information flows • Classes of user and action / trust • Risks and mitigations
  • 4. Threat modeling  assets • What is an asset? • Amazon EC2 instance • Amazon S3 bucket • Amazon RDS • Access management • Networking • Deployment and development
  • 5. Threat modeling  actors • Users • Services • Access to shared assets
  • 6. Threat model  architecture Unknown user Authenticated user Web server Cache RDBMS Web admin DB admin DB users? CMS 1.1 Login 1. 2 Post 2.1 Admin
  • 8. Table of flows, STRIDE etc Data flow ID Description 1.1 An unauthenticated user can logon onto the CMS system with valid credentials at this point a session identifying the user controls their identity. STRIDE • Spoofing – A user could assume an incorrect identity if not checked properly • Repudiation – Attempts to login and failed login attempts may not be traced • Denial of service (DoS) - If the login flow is too expensive (computationally complex) the login call could potentially be used to deny service to other users • Elevation of Privilege (EoP) – Incorrectly logging in a user would result in this
  • 9. Feature Id Mitigation Description SESSION-104 To address spoofing concerns an external audit of the code by [X] will take place. All changes to the code post-event will undergo code review. AUDIT-7 For repudiation all login attempts will be logged into the application log and stored to Amazon CloudWatch Logs. AUDIT-7-1 In support of LOGIN-102 the team will investigate the feasibility of using CloudWatch alarms with thresholds for failed logins. LOGIN-11 For DoS prevention we will do extensive profiling of the login flow and ensure that failed and successful logins represent log computational burden. A single web server instance should be able to support O(x) login calls simultaneously.
  • 10. Management layer Private subnetPublic subnet ws Internet gateway Router Route table Route table Endpoint S3 bucket Instance role IAM ElastiCache Route 53CloudFormation KMSAmazon Inspector CloudTrail Config
  • 11. Security baseline • Core: • Instances are patched and remain so • Instances are safe to use post-startup as long as security groups only expose the expected services to the Internet • Account AWS infrastructure management is correctly controlled • Application: • The application has been security tested
  • 12. Demo – patch level • Any outstanding security patches? • Using EC2 Simple Systems Manager (SSM) run command.
  • 13.
  • 14. Build security testing in • Static analysis on code push to central repository • Adding a trigger to look for security issues • Check staging and pre-deployment • Check your application access controls
  • 15. Demo – source code • AWS CodeCommit trigger to look for AWS stored secrets
  • 16.
  • 17. Demo – deployment assessment • Using Amazon Inspector to assess a pre-production environment and move it to production.
  • 18.
  • 19. Security testing • Penetration test request process: https://aws.amazon.com/security/penetration-testing/ • Focus on baseline • Know your tools • Be selective
  • 20. Demo – network profile • Enumerate Internet endpoints • Confirm availability
  • 21.
  • 22. Continuous security • Integrated testing • Point in time questions • Monitor for changes
  • 25. Related sessions • SEC301 - Audit Your AWS Account Against Industry Best Practices: The CIS AWS Benchmarks • SEC313 - Automating Security Event Response, from Idea to Code to Execution • SAC401 - 5 Security Automation Improvements You Can Make by Using Amazon CloudWatch Events and AWS Config Rules