$30 off During Our Annual Pro Sale. View details »

Application Security Workflow Automation using Docker and Kubernetes

Abhisek Datta
September 02, 2019

Application Security Workflow Automation using Docker and Kubernetes

Application security workflow automation using Docker and Kubernetes

Abhisek Datta

September 02, 2019

More Decks by Abhisek Datta

Other Decks in Technology


  1. Application Security Workflow Automation Using Docker and Kubernetes Abhisek Datta

    Head of Technology, Appsecco
  2. Rootconf Pune 2019

  3. About Me – Abhisek Datta • Head of Technology (appsecco.com)

    • A boutique security consulting company • TechWing @ null0x00 (null.co.in) • An Open Security Community • Security Researcher • Discovered vulnerabilities in MS Office, Internet Explorer, HP SiteScope etc. • Open Source Contributor • Wireplay, RbWinDBG etc. github.com/abhisek
  4. 1. How does an Application Security Workflow look like (Our

    opinion) 2. How to get started in automating Application Security Workflow using KubeSecO 3. Our approach of security automation using Kubernetes native technologies Key Take Away
  5. What is Docker and Kubernetes?

  6. What is Docker and Kubernetes? • https://www.katacoda.com/courses/docker • https://www.katacoda.com/courses/kubernetes

  7. Let's do HANDS ON docker run –it jess/hollywood

  8. Setup Kubernetes Deploy apps and services Run Workflow Getting Started

    with KubeSecO https://github.com/appsecco/kubeseco
  9. $ git clone https://github.com/appsecco/kubeseco $ cd kubeseco $ ./cluster_create_gcp.sh #

    Optional $ ./setup.sh # Need kubectl & helm KubeSecO: Setup and Get Started
  10. Application Security Workflow

  11. Domain / URL / ... OSINT Application Discovery Security Testing

    Exploitation Analysis AppSec Workflow
  12. An Example AppSec Workflow Domain Hosts Subdomain Enumeration CIDR ASN

    Search DNS SPF, MX etc. Port and Service Scanning URLs Technologies Cloud Infrastructure Emails Public Breach DB Query Password Spraying Application Security Scan
  13. Data Collection Analysis Inference Further Actions How does it look

    like from Automation Perspective? Security Tools Human + Learning Systems Human + Learning Systems Feedback Loop
  14. Security Tool Workflow Rules Security Automation Automating AppSec Workflow

  15. KubeSecO Live in Action

  16. What's under the hood?

  17. How does the system look like?

  18. Driving the System – Events FTW! API Service HTTP POST

    NATS Write to NATS Message Queue Scanners (Client) Minio Object Storage Persist Output Output Analysis and Feedback Alerting and Notification Tool Output Event
  19. • 3rd Party Tools are not in our control •

    We need to be able to • Receive input from NATS • Run tool with tool specific command line • Receive output or check for error • Persist output to Minio The Tool Adapter (Pattern)
  20. 1. Package 3rd party tools as Docker containers 2. Add

    Tool Adapter binary and set as entrypoint 3. Write Kubernetes deployment spec (YAML) 4. Deploy to Kubernetes 5. Write YAML rules for Feedback Processing Adding a Security Tool (3rd Party)
  21. Security Tool Dockerfile

  22. Security Tool Kubernetes Spec (YAML)

  23. Match Transform Take Action Feedback Processor (Driving the System)

  24. Feedback Processor - Example

  25. • State management is difficult due to asynchronous nature of

    the system • NATS connection issue with preemptible nodes on GKE • Capacity planning and analysis • Cost analysis Challenges, Constraints and Things to do
  26. How to Contribute 1. Clone the repository from Github 2.

    Try out and report bugs 3. Add new security tools 4. Add feedback processor rules 5. Submit PR
  27. Questions? abhisek@appsecco.com That’s all for now.. https://appsecco.com @abh1sek github.com/abhisek github.com/appsecco/kubeseco