=== Computer viruses. Solutions in both worlds: biology === cybersecurity. Security Chaos Engineering: definition, principles and practices. Software Security: a roadmap of the milestones and tools in security chaos engineering. Agenda
in order to produce more copies to infect the all system :( Virus execute an algorithm to infect cells and through ribosomes and RNA assemble new copies :( Or Weis
worrying is as effective as trying to solve an algebra equation by chewing a bubble gum. The real troubles in your life are things that never crossed your worried mind, the kind that blindside you at 4 p.m. on some idle Tuesday" Mary Schmich
security control failures through proactive experimentation to build confidence in the system’s ability to defend against malicious conditions in production. Chaos Engineering Book. 2020
I do What software engineers think I do What I really do Who is a Security Chaos Engineer? Help service owners to increase their security and resilience through education, tools and encouragement.
against a system to validate or invalidate hypothesis about a system’s resilience. They are an ideal way to ease into Chaos Engineering. Brian Lee, Jason Doffing
controls. • Drop a folder like a script would do in production. • Software secret clear text disclosure. • Permission collision in a shared IAM role policy. • Disable service event logging. • API gateway shutdown. • Unencrypted S3 Bucket. • Disable MFA.
Root account in AWS left the company, we could use our cloud in a normal way. Result: Hypothesis disproved. In this experiment the access to AWS was connected to the Active Directory. When an employee left the company his account is dropped and we lost the access to AWS. Side Effect: Thinking in this scenario allows to consider another applications connected to Active Directory.
begin again, this time more intelligently." Security Chaos Engineering and Security Chaos Testing give us that opportunity. Taken from DevOpsSec by Jim Bird