• A boutique security consulting company • TechWing @ null0x00 (null.co.in) • An Open Security Community • Security Researcher • Discovered vulnerabilities in MS Office, Internet Explorer, HP SiteScope etc. • Open Source Contributor • Wireplay, RbWinDBG etc. github.com/abhisek
of visibility • Lack for formal security testing methodology especially for infrastructure What is the root cause? (In my opinion) We REACT to Security Issues
responding to vulnerabilities, we must proactively prevent them .. Continuously • We do this by applying the principles of Secure Software Development Life-cycle while building Infrastructure
infrastructure through machine readable code & configuration • It is an alternative approach compared to managing physical hardware and provisioning them with interactive setup and configuration tools
in AWS 2. Setup an EFS for shared state 3. Deploy workload 4. Get output 5. Destroy https://github.com/abhisek/afl-in-the-cloud Image Source: https://docs.microsoft.com/en-us/azure/devops/learn/what-is-infrastructure-as-code
Edit code to include the required resources and configuration • Push to repository • This triggers CI/CD • CI/CD runs test cases on code (if any) • CI/CD update the live infrastructure