$30 off During Our Annual Pro Sale. View Details »

Application Security Workflow Automation using Docker and Kubernetes

Abhisek Datta
November 07, 2019

Application Security Workflow Automation using Docker and Kubernetes

Slides from talk given at #AllDayDevOps 2019

https://www.alldaydevops.com/addo-speakers/abhisek-datta

Abhisek Datta

November 07, 2019
Tweet

More Decks by Abhisek Datta

Other Decks in Technology

Transcript

  1. NOVEMBER 6, 2019
    Using Docker and Kubernetes
    Application Security
    Workflow
    Automation
    Abhisek Datta, Appsecco

    View Slide

  2. About Me – Abhisek Datta
    • Head of Technology (appsecco.com)
    • A boutique security consulting company
    • TechWing @ null0x00 (null.co.in)
    • An Open Security Community
    • Security Researcher
    • Discovered vulnerabilities in MS Office, Internet
    Explorer, HP SiteScope etc.
    • Certified Kubernetes Application Developer
    (CKAD) :-P

    View Slide

  3. 1. How does an Application Security Workflow look like
    (Our opinion)
    2. Our approach of security automation using
    Kubernetes native technologies
    3. How to get started in automating Application
    Security Workflow using KubeSecO
    Key Take Away

    View Slide

  4. Application
    Security
    Workflow

    View Slide

  5. An Example AppSec Workflow
    Domain
    Hosts
    Subdomain
    Enumeration
    CIDR
    ASN Search
    DNS
    SPF, MX etc.
    Port and
    Service
    Scanning
    URLs
    Technologies
    Cloud
    Infrastructure
    Emails Public
    Breach DB
    Query
    Password
    Spraying
    Application
    Security Scan

    View Slide

  6. Data
    Collection
    Analysis
    Inference
    Further
    Actions
    How does it look like from Automation Perspective?
    Security
    Tools
    Human + Learning
    Systems
    Human + Learning
    Systems
    Feedback Loop

    View Slide

  7. Security
    Tool
    Workflow
    Rules
    Security
    Automation
    Automating AppSec Workflow

    View Slide

  8. KubeSecO
    Live in Action
    github.com/appsecco/kubeseco

    View Slide

  9. What's
    under the
    hood?
    github.com/appsecco/kubeseco

    View Slide

  10. How does
    the system
    look like?

    View Slide

  11. Driving the System – Events FTW!
    API Service
    HTTP POST
    NATS
    Write to NATS Message Queue
    Scanners
    (Client)
    Minio Object
    Storage
    Persist Output
    Output Analysis
    and Feedback
    Alerting and
    Notification
    Tool Output Event

    View Slide

  12. • 3rd Party Tools are not in our control
    • We need to be able to
    • Receive input from NATS
    • Run tool with tool specific command line
    • Receive output or check for error
    • Persist output to Minio
    The Tool Adapter (Pattern)

    View Slide

  13. 1. Package 3rd party tools as Docker containers
    2. Add Tool Adapter binary and set as entrypoint
    3. Write Kubernetes deployment spec (YAML)
    4. Deploy to Kubernetes
    5. Write YAML rules for Feedback Processing
    Adding a Security Tool (3rd Party)

    View Slide

  14. Security Tool Dockerfile

    View Slide

  15. Security Tool Kubernetes Spec (YAML)

    View Slide

  16. Match Transform
    Take
    Action
    Feedback Processor (Driving the System)

    View Slide

  17. Feedback Processor - Example

    View Slide

  18. • State management is difficult due to asynchronous
    nature of the system
    • NATS connection issue with preemptible nodes on GKE
    • Capacity planning and analysis
    • Cost analysis
    Challenges, Constraints and Things to do

    View Slide

  19. How to
    Contribute
    1. Clone the repository from Github
    2. Try out and report bugs
    3. Add new security tools
    4. Add feedback processor rules
    5. Submit PR
    github.com/appsecco/kubeseco

    View Slide

  20. Questions?
    [email protected]
    That’s all for now..
    https://appsecco.com
    @abh1sek
    github.com/abhisek
    github.com/appsecco/kubeseco

    View Slide