SlideShare une entreprise Scribd logo

Compliance as Code with InSpec - DevOps Melbourne 2017

Matt Ray
Matt Ray

DevOps Melbourne Meetup March 28, 2017 PCI and auditors slowing you down? Compliance and security are the next steps in building your software-defined infrastructure. Chef's open-source project InSpec (https://inspec.io) and audit cookbooks provide an accessible pattern for building compliance into your continuous delivery pipelines.

Technologie
1  sur  58
Télécharger pour lire hors ligne
Compliance as Code DevOps Melbourne March 28, 2017
Chef Workflow
SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
How will I verify this?
Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
C o m p l i a n c e
Two-thirds of organizations did not adequately test the security of all in-scope systems
Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
We Have A Communications Problem
Security != Compliance
Secure Compliant
Compliance Language
One Language Linux
One Language Linux,Windows
Windows
One Language Linux,Windows, BSD, Solaris,AIX, ...
Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge Command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs
DB Testing
One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs, Endpoints,APIs, ...
Cloud Testing
InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
Operating System & Application Coverage • Microsoft Windows • Microsoft Windows Server • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify New Workflow
Detect Correct Continuous Workflow
CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
Open Source Community •InSpec •https://inspec.io •Chef Audit cookbook •https://github.com/chef-cookbooks/audit •Kitchen-InSpec •https://github.com/chef/kitchen-inspec •Supermarket.chef.io
The Chef Automate Platform Continuous Automation for HighVelocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow
Compliance as Code with InSpec - DevOps Melbourne 2017
Compliance as Code with InSpec - DevOps Melbourne 2017

Recommandé

Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMatt Ray
 
Introduction to InSpec and 1.0 release update
Introduction to InSpec and 1.0 release updateIntroduction to InSpec and 1.0 release update
Introduction to InSpec and 1.0 release updateAlex Pop
 
Ingite Slides for InSpec
Ingite Slides for InSpecIngite Slides for InSpec
Ingite Slides for InSpecMandi Walls
 
BuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopBuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopMandi Walls
 
Enhancing OpenShift Security for Business Critical Deployments
Enhancing OpenShift Security for Business Critical DeploymentsEnhancing OpenShift Security for Business Critical Deployments
Enhancing OpenShift Security for Business Critical DeploymentsDevOps.com
 
DevOpsDays InSpec Workshop
DevOpsDays InSpec WorkshopDevOpsDays InSpec Workshop
DevOpsDays InSpec WorkshopMandi Walls
 
ViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleMichael Bahr
 

Recommandé

Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMatt Ray
 
Introduction to InSpec and 1.0 release update
Introduction to InSpec and 1.0 release updateIntroduction to InSpec and 1.0 release update
Introduction to InSpec and 1.0 release updateAlex Pop
 
Ingite Slides for InSpec
Ingite Slides for InSpecIngite Slides for InSpec
Ingite Slides for InSpecMandi Walls
 
BuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopBuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopMandi Walls
 
Enhancing OpenShift Security for Business Critical Deployments
Enhancing OpenShift Security for Business Critical DeploymentsEnhancing OpenShift Security for Business Critical Deployments
Enhancing OpenShift Security for Business Critical DeploymentsDevOps.com
 
DevOpsDays InSpec Workshop
DevOpsDays InSpec WorkshopDevOpsDays InSpec Workshop
DevOpsDays InSpec WorkshopMandi Walls
 
ViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX Tech Connect: Containers & VMs
ViFX Tech Connect: Containers & VMsViFX
 
Introduction to Ansible
Introduction to AnsibleIntroduction to Ansible
Introduction to AnsibleMichael Bahr
 
Owning computers without shell access 2
Owning computers without shell access 2Owning computers without shell access 2
Owning computers without shell access 2Royce Davis
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access darkRoyce Davis
 
RunningFreeBSDonLinuxKVM
RunningFreeBSDonLinuxKVMRunningFreeBSDonLinuxKVM
RunningFreeBSDonLinuxKVMTakeshi HASEGAWA
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege EscalationSunny Neo
 
Infinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversVladimir Shakhov
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Ontico
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever buildingEdmond Yu
 
visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsdwebuploader
 
Selenium grid workshop london 2016
Selenium grid workshop london 2016Selenium grid workshop london 2016
Selenium grid workshop london 2016Marcus Merrell
 
Selenium Grid
Selenium GridSelenium Grid
Selenium Gridnirvdrum
 
Highly concurrent yet natural programming
Highly concurrent yet natural programmingHighly concurrent yet natural programming
Highly concurrent yet natural programmingInfinit
 
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Docker volume plugins and Infinit – Mini-conf Docker Paris #1Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Docker volume plugins and Infinit – Mini-conf Docker Paris #1Infinit
 
1000 to 0
1000 to 01000 to 0
1000 to 0Sunny Neo
 
"Containers do not contain"
"Containers do not contain""Containers do not contain"
"Containers do not contain"Maciej Lasyk
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
Distributed Compiler Icecc
Distributed Compiler IceccDistributed Compiler Icecc
Distributed Compiler IceccSZ Lin
 
Introduction to selenium_grid_workshop
Introduction to selenium_grid_workshopIntroduction to selenium_grid_workshop
Introduction to selenium_grid_workshopseleniumconf
 
Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at VelocityMatt Ray
 
OpenStack Deployments with Chef
OpenStack Deployments with ChefOpenStack Deployments with Chef
OpenStack Deployments with ChefMatt Ray
 

Contenu connexe

Tendances

Owning computers without shell access 2
Owning computers without shell access 2Owning computers without shell access 2
Owning computers without shell access 2Royce Davis
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access darkRoyce Davis
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege EscalationSunny Neo
 
Infinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversVladimir Shakhov
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013dotCloud
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?Pradeep Kumar
 
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Ontico
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever buildingEdmond Yu
 
Selenium grid workshop london 2016
Selenium grid workshop london 2016Selenium grid workshop london 2016
Selenium grid workshop london 2016Marcus Merrell
 
Selenium Grid
Selenium GridSelenium Grid
Selenium Gridnirvdrum
 
Highly concurrent yet natural programming
Highly concurrent yet natural programmingHighly concurrent yet natural programming
Highly concurrent yet natural programmingInfinit
 
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Docker volume plugins and Infinit – Mini-conf Docker Paris #1Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Docker volume plugins and Infinit – Mini-conf Docker Paris #1Infinit
 
"Containers do not contain"
"Containers do not contain""Containers do not contain"
"Containers do not contain"Maciej Lasyk
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
Distributed Compiler Icecc
Distributed Compiler IceccDistributed Compiler Icecc
Distributed Compiler IceccSZ Lin
 
Introduction to selenium_grid_workshop
Introduction to selenium_grid_workshopIntroduction to selenium_grid_workshop
Introduction to selenium_grid_workshopseleniumconf
 

Tendances (20)

Owning computers without shell access 2
Owning computers without shell access 2Owning computers without shell access 2
Owning computers without shell access 2
 
Owning computers without shell access dark
Owning computers without shell access darkOwning computers without shell access dark
Owning computers without shell access dark
 
RunningFreeBSDonLinuxKVM
RunningFreeBSDonLinuxKVMRunningFreeBSDonLinuxKVM
RunningFreeBSDonLinuxKVM
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege Escalation
 
Infinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloadedInfinit filesystem, Reactor reloaded
Infinit filesystem, Reactor reloaded
 
Linux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy serversLinux firmware for iRMC controller on Fujitsu Primergy servers
Linux firmware for iRMC controller on Fujitsu Primergy servers
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 
QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?QEMU Disk IO Which performs Better: Native or threads?
QEMU Disk IO Which performs Better: Native or threads?
 
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever building
 
visagie_freebsd
visagie_freebsdvisagie_freebsd
visagie_freebsd
 
Selenium grid workshop london 2016
Selenium grid workshop london 2016Selenium grid workshop london 2016
Selenium grid workshop london 2016
 
Selenium Grid
Selenium GridSelenium Grid
Selenium Grid
 
Highly concurrent yet natural programming
Highly concurrent yet natural programmingHighly concurrent yet natural programming
Highly concurrent yet natural programming
 
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Docker volume plugins and Infinit – Mini-conf Docker Paris #1Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
 
1000 to 0
1000 to 01000 to 0
1000 to 0
 
"Containers do not contain"
"Containers do not contain""Containers do not contain"
"Containers do not contain"
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
Distributed Compiler Icecc
Distributed Compiler IceccDistributed Compiler Icecc
Distributed Compiler Icecc
 
Introduction to selenium_grid_workshop
Introduction to selenium_grid_workshopIntroduction to selenium_grid_workshop
Introduction to selenium_grid_workshop
 

En vedette

Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at VelocityMatt Ray
 
OpenStack Deployments with Chef
OpenStack Deployments with ChefOpenStack Deployments with Chef
OpenStack Deployments with ChefMatt Ray
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Walid Shaari
 
Inspec, or how to translate compliance spreadsheets into code
Inspec, or how to translate compliance spreadsheets into codeInspec, or how to translate compliance spreadsheets into code
Inspec, or how to translate compliance spreadsheets into codeMichael Goetz
 
The team is not enough: a leap to become an Agile Coach
The team is not enough: a leap to become an Agile CoachThe team is not enough: a leap to become an Agile Coach
The team is not enough: a leap to become an Agile CoachCaio Cestari
 
Certified professional - DevOps Foundation (CP-DOF) course information
Certified professional - DevOps Foundation (CP-DOF) course informationCertified professional - DevOps Foundation (CP-DOF) course information
Certified professional - DevOps Foundation (CP-DOF) course informationDevOps++ Alliance
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
 

En vedette (7)

Managing Complexity at Velocity
Managing Complexity at VelocityManaging Complexity at Velocity
Managing Complexity at Velocity
 
OpenStack Deployments with Chef
OpenStack Deployments with ChefOpenStack Deployments with Chef
OpenStack Deployments with Chef
 
Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...Containers - Portable, repeatable user-oriented application delivery. Build, ...
Containers - Portable, repeatable user-oriented application delivery. Build, ...
 
Inspec, or how to translate compliance spreadsheets into code
Inspec, or how to translate compliance spreadsheets into codeInspec, or how to translate compliance spreadsheets into code
Inspec, or how to translate compliance spreadsheets into code
 
The team is not enough: a leap to become an Agile Coach
The team is not enough: a leap to become an Agile CoachThe team is not enough: a leap to become an Agile Coach
The team is not enough: a leap to become an Agile Coach
 
Certified professional - DevOps Foundation (CP-DOF) course information
Certified professional - DevOps Foundation (CP-DOF) course informationCertified professional - DevOps Foundation (CP-DOF) course information
Certified professional - DevOps Foundation (CP-DOF) course information
 
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000
 

Similaire à Compliance as Code with InSpec - DevOps Melbourne 2017

2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpecdevopsdaysaustin
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as CodeMatt Ray
 
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMatt Ray
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupMatt Ray
 
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec Matt Ray
 
Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyMatt Ray
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeMatt Ray
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017AgileNZ Conference
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017Mandi Walls
 
DevSecCon London 2017: Inspec workshop by Mandi Walls
DevSecCon London 2017: Inspec workshop by Mandi WallsDevSecCon London 2017: Inspec workshop by Mandi Walls
DevSecCon London 2017: Inspec workshop by Mandi WallsDevSecCon
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefAlert Logic
 
InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018Mandi Walls
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsNETWAYS
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Richard Donkin
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecNETWAYS
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Mandi Walls
 
20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경
20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경
20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경영욱 김
 
Running and Scaling Magento on AWS
Running and Scaling Magento on AWSRunning and Scaling Magento on AWS
Running and Scaling Magento on AWSAOE
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecMandi Walls
 

Similaire à Compliance as Code with InSpec - DevOps Melbourne 2017 (20)

2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec2016 - Compliance as Code - InSpec
2016 - Compliance as Code - InSpec
 
Compliance as Code
Compliance as CodeCompliance as Code
Compliance as Code
 
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpecMelbourne Chef Meetup: Automating Azure Compliance with InSpec
Melbourne Chef Meetup: Automating Azure Compliance with InSpec
 
Automating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore MeetupAutomating Compliance with InSpec - Chef Singapore Meetup
Automating Compliance with InSpec - Chef Singapore Meetup
 
Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec Automating AWS Compliance with InSpec
Automating AWS Compliance with InSpec
 
Automating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North SydneyAutomating Compliance with InSpec - AWS North Sydney
Automating Compliance with InSpec - AWS North Sydney
 
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as CodeDevOpsDays Singapore - Continuous Auditing with Compliance as Code
DevOpsDays Singapore - Continuous Auditing with Compliance as Code
 
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
DevSec Delight with Compliance as Code - Matt Ray - AgileNZ 2017
 
InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017InSpec Workshop DevSecCon 2017
InSpec Workshop DevSecCon 2017
 
DevSecCon London 2017: Inspec workshop by Mandi Walls
DevSecCon London 2017: Inspec workshop by Mandi WallsDevSecCon London 2017: Inspec workshop by Mandi Walls
DevSecCon London 2017: Inspec workshop by Mandi Walls
 
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, ChefCompliance as Code: Velocity with Security - Fraser Pollock, Chef
Compliance as Code: Velocity with Security - Fraser Pollock, Chef
 
InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018
 
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi WallsOSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
OSDC 2017 | Building Security Into Your Workflow with InSpec by Mandi Walls
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
 
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspecOSDC 2017 - Mandi Walls - Building security into your workflow with inspec
OSDC 2017 - Mandi Walls - Building security into your workflow with inspec
 
Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)Adding Security to Your Workflow with InSpec (MAY 2017)
Adding Security to Your Workflow with InSpec (MAY 2017)
 
20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경
20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경
20160409 서브라임텍스트 대신 visual studio code로 만들어 보는 웹 환경
 
Running and Scaling Magento on AWS
Running and Scaling Magento on AWSRunning and Scaling Magento on AWS
Running and Scaling Magento on AWS
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
Adding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpecAdding Security and Compliance to Your Workflow with InSpec
Adding Security and Compliance to Your Workflow with InSpec
 

Plus de Matt Ray

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...Matt Ray
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherMatt Ray
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeMatt Ray
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatMatt Ray
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...Matt Ray
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Matt Ray
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code EverywhereMatt Ray
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018Matt Ray
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesMatt Ray
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateMatt Ray
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateMatt Ray
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteMatt Ray
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupMatt Ray
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupMatt Ray
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Matt Ray
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS Matt Ray
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Matt Ray
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryMatt Ray
 

Plus de Matt Ray (20)

Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
SCaLE 20X: Kubernetes Cloud Cost Monitoring with OpenCost & Optimization Stra...
 
HashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better TogetherHashiTalks 2020 - Chef Tools & Terraform: Better Together
HashiTalks 2020 - Chef Tools & Terraform: Better Together
 
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP ModeEmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
EmacsConf 2019: Interactive Remote Debugging and Development with TRAMP Mode
 
Wellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with HabitatWellington DevOps: Bringing Your Applications into the Future with Habitat
Wellington DevOps: Bringing Your Applications into the Future with Habitat
 
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
DevOps Days Singapore 2018 Ignite - Bringing Your Applications into the Futur...
 
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
Cloud Expo Asia 20181010 - Bringing Your Applications into the Future with Ha...
 
Compliance as Code Everywhere
Compliance as Code EverywhereCompliance as Code Everywhere
Compliance as Code Everywhere
 
DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018DevOpsDays Jakarta: State of DevOps 2018
DevOpsDays Jakarta: State of DevOps 2018
 
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and KubernetesDevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
DevOps Talks Melbourne 2018: Whales, Cats and Kubernetes
 
Infrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef AutomateInfrastructure and Compliance Delight with Chef Automate
Infrastructure and Compliance Delight with Chef Automate
 
Cooking Up Windows with Chef Automate
Cooking Up Windows with Chef AutomateCooking Up Windows with Chef Automate
Cooking Up Windows with Chef Automate
 
DevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat IgniteDevOpsDays Singapore Habitat Ignite
DevOpsDays Singapore Habitat Ignite
 
Chef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User GroupChef Automate - Azure Sydney User Group
Chef Automate - Azure Sydney User Group
 
Automating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native MeetupAutomating Applications with Habitat - Sydney Cloud Native Meetup
Automating Applications with Habitat - Sydney Cloud Native Meetup
 
Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017Chef Automate - Infracoders Canberra August 8, 2017
Chef Automate - Infracoders Canberra August 8, 2017
 
OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
 
Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017Chef Automate - Wellington DevOps August 2, 2017
Chef Automate - Wellington DevOps August 2, 2017
 
Compliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous DeliveryCompliance as Code: Shifting Compliance Left in Continuous Delivery
Compliance as Code: Shifting Compliance Left in Continuous Delivery
 

Dernier

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 

Dernier (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Compliance as Code with InSpec - DevOps Melbourne 2017

  • 1. Compliance as Code DevOps Melbourne March 28, 2017
  • 2.
  • 3.
  • 5.
  • 6.
  • 7. SSH Control "SSH supports two different protocol versions.The original version, SSHv1, was subject to a number of security issues. Please use SSHv2 instead to avoid these."
  • 8. How will I verify this?
  • 9. Whip up a one-liner! grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //'
  • 10. Apache Server Information Leakage • Description This Directive Controls wheather Server response field is sent back to clients includes a description of Generic OSType of the Server. This allows attackers to identify web servers details greatly and increases the efficiency of any attack,as security vulnerabilities are dependent upon specific software versions. • How toTest In order to test for ServerToken configuration, one should check the Apache configuration file. • Misconfiguration ServerTokens Full • Remediation Configure the ServerTokens directive in the Apache configuration to value of Prod or ProductOnly.This tells Apache to only return "Apache" in the Server header, returned on every page request. ServerTokens Prod or ServerTokens ProductOnly https://www.owasp.org/index.php/SCG_WS_Apache
  • 11. More grep and sed! grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 18.
  • 19. Two-thirds of organizations did not adequately test the security of all in-scope systems
  • 20. Key Trends • While individual rule compliance is up, testing of security systems is down • Sustainability is low. Fewer than a third of companies were found to be still fully compliant less than a year after successful validation.
  • 21.
  • 22. Shell Scripts grep "^Protocol" /etc/ssh/sshd_config | sed 's/Protocol //' grep "^ServerTokens" /etc/httpd/conf/httpd.conf | sed 's/ServerTokens //'
  • 23. Infrastructure Code package 'httpd' do action :install end service 'httpd' do action [ :start, :enable ] end
  • 24. We Have A Communications Problem
  • 25.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 39. Examples of Available Resources apache_conf apt audit_policy auditd_conf auditd_rules bond bridge Command crontab directory etc_group file gem group host inetd_conf interface iptables kernel_module kernel_parameter limits_conf login_defs mount mysql_conf mysql_session npm ntp_conf oneget os os_env package parse_config parse_config_file passwd pip port postgres_conf postgres_session powershell processes registry_key security_policy service ssh_config sshd_config user windows_feature yum
  • 40. What is it not? • IDS / IPS • Firewall • Antivirus • Pentesting tool
  • 41. One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal
  • 42. One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs
  • 43. One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers
  • 44. One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes
  • 45. One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs
  • 47. One Language Linux,Windows, BSD, Solaris,AIX, ... Bare-metal,VMs, Containers Nodes, GRUB, DBs, Endpoints,APIs, ...
  • 49. InSpec > inspec exec test.rb Test a machine remotely via SSH > inspec exec test.rb -i identity.key -t ssh://root@172.17.0.1 Test your machine locally > inspec exec test.rb -t winrm://Admin@192.168.1.2 --password super Test Docker Container > inspec exec test.rb -t docker://5cc8837bb6a8 Test a machine remotely via WinRM AGENTLESS
  • 50. Operating System & Application Coverage • Microsoft Windows • Microsoft Windows Server • Red Hat Enterprise Linux • Ubuntu Linux • SUSE Linux Enterprise Server • Oracle Enterprise Linux • AIX • HP-UX • Solaris • VMware ESXi • MySQL • Oracle • PostgreSQL • Tomcat • SQL Server • IIS • HTTP request
  • 51. Scan for Compliance Build & Test Locally Build & Test CI/CD Remediate Verify New Workflow
  • 53. CONTINUOUS COMPLIANCE AUTOMATION InSpec - Part of your InfoSec toolchain FIREWALL ANTIVIRUS INTRUSION DETECTION/ PREVENTION PENETRATION TESTING
  • 54. Open Source Community •InSpec •https://inspec.io •Chef Audit cookbook •https://github.com/chef-cookbooks/audit •Kitchen-InSpec •https://github.com/chef/kitchen-inspec •Supermarket.chef.io
  • 55.
  • 56. The Chef Automate Platform Continuous Automation for HighVelocity IT Workflow • Local development • Integration • Tooling (APIs & SDKs) COLLABORATE ▪ Package ▪ Test ▪ Approve BUILD ▪ Provision ▪ Configure ▪ Execute ▪ Update DEPLOY ▪ Secure ▪ Comply ▪ Audit ▪ Measure ▪ Log MANAGE Infrastructure Automation Compliance AutomationApplication Automation OSS AUTOMATION ENGINES Increase Speed ▪ Package infrastructure and app configuration as code ▪ Continuously automate infrastructure and app updates Improve Efficiency ▪ Define and execute standard workflows and automation ▪ Audit and measure effectiveness of automation Decrease Risk ▪ Define compliance rules as code ▪ Deliver continuous compliance as part of standard workflow