It's a short introduction to Security Implications in the new emerging & highly required domain of DevOps.
As currently, the major concern around DevOps world is 'The Mantra of Automation' at the level of
+ System/Environments Provisioning
(easy & fast using Cloud Support)
+ Idempotent Configuration
(using Automated Configuration Services)
+ Logging & Analytics
(using automated detailed logging and clever analysis )
This presentation just mentions the security considerations related to all these 3 DevOps processes...
As currently, the major concern around DevOps world is 'The Mantra of Automation' at the level of
+ System/Environments Provisioning
(easy & fast using Cloud Support)
+ Idempotent Configuration
(using Automated Configuration Services)
+ Logging & Analytics
(using automated detailed logging and clever analysis )
This presentation just mentions the security considerations related to all these 3 DevOps processes...
+ Provisioning being affected by
|=+ Non-Robust Cloud Frameworks,
|=+ Vulnerable Service APIs, &
|=+ Virtualization BreakOuts
|
+ Configuration Management threatened by
|=+ Non-Robust Services, &
|=+ Non-preferred storage of sensitive
| configuration data
|
+ Analytics
|=+ Log Analysis frameworks have been
| several times attacked by infecting
| the received logs resulting in service
| level non-sanitized input attacks.
|_