SlideShare uma empresa Scribd logo

Automating AWS Compliance with InSpec

‱
‱
Matt Ray
Matt Ray

Presentation from the Sydney AWS Security Meetup - August 10, 2017. https://www.meetup.com/Sydney-AWS-Security-User-Group/events/239370748/

Tecnologia
1 de 64
Baixar para ler offline
Automating Compliance with InSpec Sydney AWS Security Meetup August 10, 2017
Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
How will I verify this?
Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
Apache Server Information Leakage ‱ Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. ‱ How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. ‱ Misconfiguration ServerTokens Full ‱ Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
C o m p l i a n c e
Two-thirds of organizations did not adequately test the security of all in-scope systems
Key Trends ‱ While individual rule compliance is up, testing of security systems is down ‱ Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
We Have A Communications Problem
Security != Compliance
Compliance Language
One Language Linux
One Language Linux,Windows
Windows
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
What is it not? ‱ IDS / IPS ‱ Firewall ‱ Antivirus ‱ Pentesting tool
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
DB Testing
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
Cloud Testing
InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
Operating System & Application Coverage ‱ Microsoft Windows ‱ Red Hat Enterprise Linux ‱ Ubuntu Linux ‱ SUSE Linux Enterprise Server ‱ Oracle Enterprise Linux ‱ AIX ‱ HP-UX ‱ Solaris ‱ VMware ESXi ‱ MySQL ‱ Oracle ‱ PostgreSQL ‱ Tomcat ‱ SQL Server ‱ IIS ‱ HTTP request
One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
Open Source Community ‱https://inspec.io ‱https://github.com/chef/inspec ‱https://supermarket.chef.io ‱https://learn.chef.io ‱#inspec in https://chefcommunity.slack.com
CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
Continuous Workflow Detect Correct
The Chef Automate Platform Continuous Automation for High Velocity IT Workflow ‱ Local development ‱ Integration ‱ Tooling (APIs & SDKs) COLLABORATE â–Ș Package â–Ș Test â–Ș Approve BUILD â–Ș Provision â–Ș Configure â–Ș Execute â–Ș Update DEPLOY â–Ș Secure â–Ș Comply â–Ș Audit â–Ș Measure â–Ș Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed â–Ș Package infrastructure and app configuration as code â–Ș Continuously automate infrastructure and app updates Improve Efficiency â–Ș Define and execute standard workflows and automation â–Ș Audit and measure effectiveness of automation Decrease Risk â–Ș Define compliance rules as code â–Ș Deliver continuous compliance as part of standard workflow
AWS OpsWorks for Chef Automate Native Amazon Service Managed Chef Server â–Ș Utilizes RDS and other native services â–Ș May be externally accessible AWS Native â–Ș Auto Scaling in your VPC â–Ș Automatic backups and upgrades OpsWorks Stacks â–Ș New name for previous version of OpsWorks ● Partnership between Amazon and Chef, jointly developed and maintained ● Fully managed AWS service with frequent updates ● Fully compatible with open source Chef ● Amazon is your support and billing ● All Chef Automate features will be supported ○ Visibility and Workflow today ○ Compliance soon ○ Currently Northern Virginia, Oregon & Ireland with more planned
InSpec-AWS ‱ https://github.com/chef/inspec-aws
aws_ec2
aws_iam_access_key
aws_iam_password_policy
aws_iam_root_user
aws_iam_user
aws_iam_users
Dig into the new way of learning about Chef, Automation, and DevOps. Self-paced training on Linux and Windows and much more! learn.chef.io
Automating AWS Compliance with InSpec

Recomendados

Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyMatt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeMatt Ray
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteMatt Ray
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with HabitatChef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver Chef
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateChef
 

Recomendados

Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyMatt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeMatt Ray
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteMatt Ray
 
Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Compliance Automation with Inspec Part 4
Compliance Automation with Inspec Part 4Chef
 
Application Automation with Habitat
Application Automation with HabitatApplication Automation with Habitat
Application Automation with HabitatChef
 
Chef Hack Day Denver
Chef Hack Day Denver Chef Hack Day Denver
Chef Hack Day Denver Chef
 
Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Compliance Automation with Inspec Part 2
Compliance Automation with Inspec Part 2Chef
 
Achieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateAchieving DevOps Success with Chef Automate
Achieving DevOps Success with Chef AutomateChef
 
Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow DemoChef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow DemoChef
 
Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffChef
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshopChef
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupMatt Ray
 
Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Chef
 
Intermediate/Compliance training Guide
Intermediate/Compliance training GuideIntermediate/Compliance training Guide
Intermediate/Compliance training GuideChef
 
Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec Nathen Harvey
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017adamleff
 
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetLondon Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetChef
 
Chef compliance - Intermediate Training
Chef compliance - Intermediate TrainingChef compliance - Intermediate Training
Chef compliance - Intermediate TrainingSarah Hynes Cheney
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlabChef
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Chef
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecMandi Walls
 
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Chef
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitatChef
 
NGINX Plus on AWS
NGINX Plus on AWSNGINX Plus on AWS
NGINX Plus on AWSAmazon Web Services
 
Nginx internals
Nginx internalsNginx internals
Nginx internalsliqiang xu
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation WorkshopChef
 
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMatt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
 

Mais conteĂșdo relacionado

Mais procurados

Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow DemoChef
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow DemoChef
 
Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffChef
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshopChef
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupMatt Ray
 
Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Chef
 
Intermediate/Compliance training Guide
Intermediate/Compliance training GuideIntermediate/Compliance training Guide
Intermediate/Compliance training GuideChef
 
Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec Nathen Harvey
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017adamleff
 
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetLondon Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetChef
 
Chef compliance - Intermediate Training
Chef compliance - Intermediate TrainingChef compliance - Intermediate Training
Chef compliance - Intermediate TrainingSarah Hynes Cheney
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlabChef
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Chef
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecMandi Walls
 
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Chef
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitatChef
 
Nginx internals
Nginx internalsNginx internals
Nginx internalsliqiang xu
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation WorkshopChef
 

Mais procurados (20)

Chef Workflow Demo
Chef Workflow DemoChef Workflow Demo
Chef Workflow Demo
 
Chef Automate Workflow Demo
Chef Automate Workflow DemoChef Automate Workflow Demo
Chef Automate Workflow Demo
 
Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery Chef Compliance & Workflow w/Delivery
Chef Compliance & Workflow w/Delivery
 
London Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef StuffLondon Community Summit 2016 - Fresh New Chef Stuff
London Community Summit 2016 - Fresh New Chef Stuff
 
Nike popup compliance workshop
Nike popup compliance workshopNike popup compliance workshop
Nike popup compliance workshop
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
 
Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2Devops journey chefpopup-2016.04.26-v2
Devops journey chefpopup-2016.04.26-v2
 
Intermediate/Compliance training Guide
Intermediate/Compliance training GuideIntermediate/Compliance training Guide
Intermediate/Compliance training Guide
 
Compliance Automation with InSpec
Compliance Automation with InSpec Compliance Automation with InSpec
Compliance Automation with InSpec
 
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017Compliance Automation with InSpec - Chef NYC Meetup - April 2017
Compliance Automation with InSpec - Chef NYC Meetup - April 2017
 
London Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBetLondon Community Summit - Chef at SkyBet
London Community Summit - Chef at SkyBet
 
Chef compliance - Intermediate Training
Chef compliance - Intermediate TrainingChef compliance - Intermediate Training
Chef compliance - Intermediate Training
 
Azure handsonlab
Azure handsonlabAzure handsonlab
Azure handsonlab
 
Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1Compliance Automation with Inspec Part 1
Compliance Automation with Inspec Part 1
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
 
Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3Compliance Automation with Inspec Part 3
Compliance Automation with Inspec Part 3
 
Nike pop up habitat
Nike pop up habitatNike pop up habitat
Nike pop up habitat
 
NGINX Plus on AWS
NGINX Plus on AWSNGINX Plus on AWS
NGINX Plus on AWS
 
Nginx internals
Nginx internalsNginx internals
Nginx internals
 
Compliance Automation Workshop
Compliance Automation WorkshopCompliance Automation Workshop
Compliance Automation Workshop
 

Semelhante a Automating AWS Compliance with InSpec

Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMatt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMatt Ray
 
Bay Area Chef Meetup February
Bay Area Chef Meetup FebruaryBay Area Chef Meetup February
Bay Area Chef Meetup FebruaryJessica DeVita
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Matt Ray
 
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017Matt Ray
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateMatt Ray
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefAlert Logic
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Matt Ray
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfTamir Dresher
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfAmazon Web Services
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code EverywhereMatt Ray
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAmazon Web Services
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything ChefMandi Walls
 
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...Amazon Web Services
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateMatt Ray
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build PipelineSamuel Brown
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSNGINX, Inc.
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Emerson Eduardo Rodrigues Von Staffen
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...Amazon Web Services
 

Semelhante a Automating AWS Compliance with InSpec (20)

Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpec
 
Bay Area Chef Meetup February
Bay Area Chef Meetup FebruaryBay Area Chef Meetup February
Bay Area Chef Meetup February
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017
 
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef Automate
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017
 
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdfNET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
NET Aspire - NET Conf IL 2024 - Tamir Dresher.pdf
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdf
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code Everywhere
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
 
A Bit of Everything Chef
A Bit of Everything ChefA Bit of Everything Chef
A Bit of Everything Chef
 
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build Pipeline
 
Delivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWSDelivering High-Availability Web Services with NGINX Plus on AWS
Delivering High-Availability Web Services with NGINX Plus on AWS
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
 

Mais de Matt Ray

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...Matt Ray
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherMatt Ray
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeMatt Ray
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatMatt Ray
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...Matt Ray
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Matt Ray
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018Matt Ray
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesMatt Ray
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupMatt Ray
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupMatt Ray
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS Matt Ray
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryMatt Ray
 
DevOps Sydney: Chef Automate
DevOps Sydney: Chef AutomateDevOps Sydney: Chef Automate
DevOps Sydney: Chef AutomateMatt Ray
 
Brisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef AutomateBrisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef AutomateMatt Ray
 
Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at VelocityMatt Ray
 
Habitat & Amazon's ECS
Habitat & Amazon's ECSHabitat & Amazon's ECS
Habitat & Amazon's ECSMatt Ray
 

Mais de Matt Ray (18)

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better Together
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with Habitat
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User Group
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native Meetup
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous Delivery
 
DevOps Sydney: Chef Automate
DevOps Sydney: Chef AutomateDevOps Sydney: Chef Automate
DevOps Sydney: Chef Automate
 
Brisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef AutomateBrisbane AWS Meetup: OpsWorks for Chef Automate
Brisbane AWS Meetup: OpsWorks for Chef Automate
 
Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at Velocity
 
Habitat & Amazon's ECS
Habitat & Amazon's ECSHabitat & Amazon's ECS
Habitat & Amazon's ECS
 

Último

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Último (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Automating AWS Compliance with InSpec

  • 1. Automating Compliance with InSpec Sydney AWS Security Meetup August 10, 2017
  • 2. Matt Ray Manager, Solutions Architect – APJ Chef Software matt@chef.io @mattray
  • 3.
  • 4.
  • 5.
  • 6. SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
  • 7. How will I verify this?
  • 8. Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
  • 9. Apache Server Information Leakage ‱ Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. ‱ How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. ‱ Misconfiguration ServerTokens Full ‱ Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
  • 10. More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 17.
  • 18. Two-thirds of organizations did not adequately test the security of all in-scope systems
  • 19. Key Trends ‱ While individual rule compliance is up, testing of security systems is down ‱ Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
  • 20.
  • 21. Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 22. Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
  • 23. We Have A Communications Problem
  • 24.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 36. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ...
  • 37. Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
  • 38. What is it not? ‱ IDS / IPS ‱ Firewall ‱ Antivirus ‱ Pentesting tool
  • 39. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal
  • 40. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs
  • 41. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers
  • 42. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes
  • 43. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases
  • 45. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs
  • 47. InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
  • 48. Operating System & Application Coverage ‱ Microsoft Windows ‱ Red Hat Enterprise Linux ‱ Ubuntu Linux ‱ SUSE Linux Enterprise Server ‱ Oracle Enterprise Linux ‱ AIX ‱ HP-UX ‱ Solaris ‱ VMware ESXi ‱ MySQL ‱ Oracle ‱ PostgreSQL ‱ Tomcat ‱ SQL Server ‱ IIS ‱ HTTP request
  • 49. One Language Linux,Windows, BSD, Solaris,AIX, HP-UX, ... Bare-metal,VMs, Containers Nodes, Databases,APIs, Cloud Platforms, ...
  • 51. CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
  • 53. The Chef Automate Platform Continuous Automation for High Velocity IT Workflow ‱ Local development ‱ Integration ‱ Tooling (APIs & SDKs) COLLABORATE â–Ș Package â–Ș Test â–Ș Approve BUILD â–Ș Provision â–Ș Configure â–Ș Execute â–Ș Update DEPLOY â–Ș Secure â–Ș Comply â–Ș Audit â–Ș Measure â–Ș Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed â–Ș Package infrastructure and app configuration as code â–Ș Continuously automate infrastructure and app updates Improve Efficiency â–Ș Define and execute standard workflows and automation â–Ș Audit and measure effectiveness of automation Decrease Risk â–Ș Define compliance rules as code â–Ș Deliver continuous compliance as part of standard workflow
  • 54. AWS OpsWorks for Chef Automate Native Amazon Service Managed Chef Server â–Ș Utilizes RDS and other native services â–Ș May be externally accessible AWS Native â–Ș Auto Scaling in your VPC â–Ș Automatic backups and upgrades OpsWorks Stacks â–Ș New name for previous version of OpsWorks ● Partnership between Amazon and Chef, jointly developed and maintained ● Fully managed AWS service with frequent updates ● Fully compatible with open source Chef ● Amazon is your support and billing ● All Chef Automate features will be supported ○ Visibility and Workflow today ○ Compliance soon ○ Currently Northern Virginia, Oregon & Ireland with more planned
  • 55.
  • 63. Dig into the new way of learning about Chef, Automation, and DevOps. Self-paced training on Linux and Windows and much more! learn.chef.io