Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Leoswaldo Macias - Protecting your App in the ...
Search
DevOpsDays GDL
February 21, 2020
Technology
400
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Leoswaldo Macias - Protecting your App in the Cloud
DevOps Days GDL 2020 - February 20th
DevOpsDays GDL
February 21, 2020
More Decks by DevOpsDays GDL
See All by DevOpsDays GDL
Julian Limon - Aligned autonomy: How clarity on outcomes gets us to self-organized teams that win
devopsdaysgdl
0
610
Jorge Castro - Building DevOps Ways of Working at large Enterprise through learning, collaboration and Gamification experiences: Continuous WoWs, DevUps and Feedback
devopsdaysgdl
0
420
Salvador Elizarraras - Five Ways to Improve Team Performance
devopsdaysgdl
0
330
Tommy Adams - Cutting the Cord: Letting Your Remote Team Run Free
devopsdaysgdl
0
310
Cameron Motevasselani - Extending Spinnaker for the Enterprise
devopsdaysgdl
0
370
Jesus Contreras - Containers y DevTools en AWS
devopsdaysgdl
0
390
Liz fong-Jones - Production Excellence
devopsdaysgdl
0
400
Mofizur Rahman - Knative: Serverless Computing on Kubernetes
devopsdaysgdl
0
430
Ra Acosta - SAFe Journey 5.0
devopsdaysgdl
0
310
Other Decks in Technology
See All in Technology
AWS Summit Japan 2026の振り返りと2027へ向けて / AWS Summit Japan 2026 Recap and Prospects for 2027
kaminashi
1
190
依頼文化をやめる日 EM視点で語るPlatform EngineeringとInclusive SRE / Discussing Platform Engineering and Inclusive SRE from an EM's Perspective
shin1988
0
220
NDIAS CTF 2026 問題解説会資料
bata_24
0
170
「ちゃんとやっている」は独りよがりだった ― 不安に寄り添うインシデント対応へ / Towards incident response that addresses anxieties
chmikata
1
350
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
170
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
5
370
なぜ人は自分のプロジェクトを 「なんちゃってアジャイル」と 自嘲するのか
kozotaira
0
240
きのこカンファレンス2026_肩書きを外したとき私は誰か
yamasatimi
1
130
product engineering with qa
nealle
0
140
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
220
5分でわかるDuckDB Quack
chanyou0311
4
310
どうして今サーバーサイドKotlinを選択したのか
nealle
0
190
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
46
8.2k
Designing for humans not robots
tammielis
254
26k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
620
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
880
Bash Introduction
62gerente
615
220k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
660
Building a Modern Day E-commerce SEO Strategy
aleyda
45
9.1k
Context Engineering - Making Every Token Count
addyosmani
9
1k
How STYLIGHT went responsive
nonsquared
100
6.2k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
72
40k
The SEO identity crisis: Don't let AI make you average
varn
0
510
Transcript
Protecting your App in the Cloud @LeoswaldoMacias
Misconception
Shared Responsibility Model
“If you have access to change it then it is
yours, if not, then it’s theirs”
Incident Prevention A process to set instruments/tools/services to avoid possible
threats or impacts during an attack Incident Response Plan What to do when once we are impacted
Compliance Updates Maintain your instances up to date (OS, Libraries)
Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret
Network: Content Delivery Network CDN Content Delivery Network Your App
WAF
Network: Web Application Firewalls Firewall Layer 3 and 4 WAF
Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more
At least you know How soon or late? What are
the actions taken?
Incident Response Plan • Preparation • Detection • Containment •
Investigation • Recovery • Lesson Learn
Preparation Log everything you can (this will also help for
auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure
Detection Monitoring and Alerting • Behaviour rules like traffic spikes,
CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(
Containment Use automated processes to isolate any further impact like:
• Creating Network rules Make sure the impacted surface does not grow
Investigation • Analyze logs and timelines • Check which alarming
systems triggered • Check Dashboards
Recovery Get your environment to normal state
Lessons Learned Make sure all missings are documented and ARs
are assigned and tracked
Take Away #1 All applications are subject to exploits
Take Away #2 I’d rather invest more money on security
checks, tools, automation, than risking customer/company data
Take Away #3 Security is a shared responsibility to be
carried among all company employees, not only the Security crew
Thanks! @LeoswaldoMacias
[email protected]