Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Application Security Workflow Automation using ...

Abhisek Datta
November 07, 2019
Technology
0
510

Application Security Workflow Automation using Docker and Kubernetes

Slides from talk given at #AllDayDevOps 2019

https://www.alldaydevops.com/addo-speakers/abhisek-datta

Abhisek Datta

November 07, 2019
Tweet

More Decks by Abhisek Datta

See All by Abhisek Datta
Kubernetes from an Attacker's Perspective - fwd:CloudSec 2020
abhisek
0
390
Kubernetes 101 for Penetration Testers - null Mumbai
abhisek
6
3.8k
Securing Microservices at API Gateway using Cloud Native Solutions
abhisek
1
390
Kubernetes From an Attacker's Perspective
abhisek
4
7.1k
Application Security Workflow Automation using Docker and Kubernetes
abhisek
0
710
Towards Verifiable Infrastructure Security
abhisek
0
180
Your Internet Exposure the Makes You Vulnerable
abhisek
0
190
Towards Verifiable Infrastructure Security
abhisek
0
66
Mobile Appsec from an attacker's perspective
abhisek
0
500

Other Decks in Technology

See All in Technology
いまならこう作りたい AWSコンテナ[本格]入門ハンズオン 〜2024年版 ハンズオンの構想〜
horsewin
9
2.1k
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
27
12k
オーティファイ会社紹介資料 / Autify Company Deck
autifyhq
9
120k
Apple/Google/Amazonの決済システムの違いを踏まえた定期購読課金システムの構築 / abema-billing-system
cyberagentdevelopers
PRO
1
220
よくわからんサービスについての問い合わせが来たときの強い味方 Amazon Q について
kazzpapa3
0
220
10分でわかるfreeeのQA
freee
1
3.4k
新R25、乃木坂46 Mobileなどのファンビジネスを支えるマルチテナンシーなプラットフォームの全体像 / cam-multi-cloud
cyberagentdevelopers
PRO
1
130
プロダクトチームへのSystem Risk Records導入・運用事例の紹介/Introduction and Case Studies on Implementing and Operating System Risk Records for Product Teams
taddy_919
1
170
Product Engineer Night #6プロダクトエンジニアを育む仕組み・施策
hacomono
PRO
1
470
フルカイテン株式会社 採用資料
fullkaiten
0
36k
ネット広告に未来はあるか?「3rd Party Cookie廃止とPrivacy Sandboxの効果検証の裏側」 / third-party-cookie-privacy
cyberagentdevelopers
PRO
1
130
30万人が利用するチャットをFirebase Realtime DatabaseからActionCableへ移行する方法
ryosk7
5
350

Featured

See All Featured
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
14
1.9k
For a Future-Friendly Web
brad_frost
175
9.4k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
BBQ
matthewcrist
85
9.3k
A Philosophy of Restraint
colly
203
16k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
32
1.8k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
Gamification - CAS2011
davidbonilla
80
5k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
504
140k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
The World Runs on Bad Software
bkeepers
PRO
65
11k
4 Signs Your Business is Dying
shpigford
180
21k

Transcript

  1. NOVEMBER 6, 2019 Using Docker and Kubernetes Application Security Workflow

    Automation Abhisek Datta, Appsecco

  2. About Me – Abhisek Datta • Head of Technology (appsecco.com)

    • A boutique security consulting company • TechWing @ null0x00 (null.co.in) • An Open Security Community • Security Researcher • Discovered vulnerabilities in MS Office, Internet Explorer, HP SiteScope etc. • Certified Kubernetes Application Developer (CKAD) :-P

  3. 1. How does an Application Security Workflow look like (Our

    opinion) 2. Our approach of security automation using Kubernetes native technologies 3. How to get started in automating Application Security Workflow using KubeSecO Key Take Away

  4. Application Security Workflow

  5. An Example AppSec Workflow Domain Hosts Subdomain Enumeration CIDR ASN

    Search DNS SPF, MX etc. Port and Service Scanning URLs Technologies Cloud Infrastructure Emails Public Breach DB Query Password Spraying Application Security Scan

  6. Data Collection Analysis Inference Further Actions How does it look

    like from Automation Perspective? Security Tools Human + Learning Systems Human + Learning Systems Feedback Loop

  7. Security Tool Workflow Rules Security Automation Automating AppSec Workflow

  8. KubeSecO Live in Action github.com/appsecco/kubeseco

  9. What's under the hood? github.com/appsecco/kubeseco

  10. How does the system look like?

  11. Driving the System – Events FTW! API Service HTTP POST

    NATS Write to NATS Message Queue Scanners (Client) Minio Object Storage Persist Output Output Analysis and Feedback Alerting and Notification Tool Output Event

  12. • 3rd Party Tools are not in our control •

    We need to be able to • Receive input from NATS • Run tool with tool specific command line • Receive output or check for error • Persist output to Minio The Tool Adapter (Pattern)

  13. 1. Package 3rd party tools as Docker containers 2. Add

    Tool Adapter binary and set as entrypoint 3. Write Kubernetes deployment spec (YAML) 4. Deploy to Kubernetes 5. Write YAML rules for Feedback Processing Adding a Security Tool (3rd Party)

  14. Security Tool Dockerfile

  15. Security Tool Kubernetes Spec (YAML)

  16. Match Transform Take Action Feedback Processor (Driving the System)

  17. Feedback Processor - Example

  18. • State management is difficult due to asynchronous nature of

    the system • NATS connection issue with preemptible nodes on GKE • Capacity planning and analysis • Cost analysis Challenges, Constraints and Things to do

  19. How to Contribute 1. Clone the repository from Github 2.

    Try out and report bugs 3. Add new security tools 4. Add feedback processor rules 5. Submit PR github.com/appsecco/kubeseco

  20. Questions? [email protected] That’s all for now.. https://appsecco.com @abh1sek github.com/abhisek github.com/appsecco/kubeseco