Provisioning in the past
DevSecOps Adoption
IaC (Infrastructure as Code)
Terraform Foundation
Terraform (Main commands)
Prisma Cloud (Checkov)
Demo Demonstration
Next Steps (What’s needs to be improved?)
Many human errors ╸ Infrastucture is not versioned ╸ Communication loss (Dev + Ops) ╸ Not exist IaC (Infrastructure as Code) ╸ Cloud Platforms were be creating ╸ Extra knowledge required… ╸ Documentation were poor for tools 7
culture is being strong. Companies and professionals are realizing the benefits of breaking down silos between development and operations teams to promote collaboration, efficiency and continuous delivery. 9
cloud security concepts break down. With the rise of containerized technologies, serverless functions, and IaC frameworks, it is increasingly harder to maintain visibility of cloud security posture. 12
start using LINUX (CentOS, Debian, Ubuntu) Reproduce the same automation using Ansible/Python Deep dive into AWS platform (security certifications), Azure security Learning ways to automate the system using Bash scripts focused on security. Keep the focused to understand the CI/CD pipeline focused on security model (security). Learning about Prisma Cloud architecture, cortex.
a system or application can be dynanamically modified through automation (Ansible, Puppet, Chef). MUTABLE & IMMUTABLE INFRASTRUCTURES Immutable Refers to the approach where the configurations of systems and servers is defined only once during creation and is never changed afterwards. 17
and other APIS’s. Resources: a block describes one or more infrastructure objects. Modules: a collection of “.tf” file kept together in a directory. 20
or changes infrastructures. You can pass the –auto-approve option to instruct Terraform to apply the plan without asking for confirmation. Usage: terraform apply [options] $ terraform init Initialize a Terraform working directory containing Terraform configurations files. This is the first command that should be run after writing a new Terraform code. Usage: terraform init [options] $ terraform plan Generate and show an execution plan, which lets you preview the changes that Terraform plans to make to your infrastructure. Usage: terraform plan [options]
using GitHub (GIT Flow). Each change can be associated with a specific version of the HomeLab. Tracing You can track and document changes to a system over time. From (IaC) perspective is an important feature what provides visibility into modifications like, rollback, auding, stating view. Declarative You can declare your disired state of the infrastructure and Terraform determines how to make those changes, without worrying about the specific steps to achieve it. 22
exposed by mistake. ╸ Security vulnerabilities ╸ Use of compromised or insecurely configured credentials. ╸ Compliance ╸ Not following the guideline of GDPR. 23
tool that scans cloud infrastructure definitions to find misconfigurations before they are deployed. Some of the key benefits of checkov: 1- Runs as a command line interface (CLI) tool 2- Supports many common platforms and frameworks 3- Ships with thousands of default policies 4- Works on Windows/MAC/Linux (any system with python installed) 25
and enforce policies in many different ways. To highlight a few: 1. Scans can run on individual files or entire directories. 2. Policies can be selected through selection or omission. 3. Enforcement can be determined by flags that control checkov's exit code. 26
SECURITY PILLARS Take your HomeLab to a Cloud Platform (AWS). GIT flows is essential to automate 100% your DevSecOps). Versioning and test your pipe with (IaC) tool. Get out from papers, books more insights. Essential to create a security maturity Install a distro Linux from zero to obtain more experience.
presentation possible and all the tech community. ╸ LHC (Campinas Hackerspace) ╸ Village Dumont Hackerspace ╸ BSides São Paulo Organization ╸ My family to support me on this work 45
amaurybsouza
sansan33
kaz3284
taka_aki
safie_recruit
lycorptech_jp
sailen2
masuda220
waiwai2111
shisyu_gaku
yukyu30
.png){kind=avatar}
helenjbeal
aleyda
jdejongh
katarinadahlin
aemeredith
zakiyama
62gerente
hannesfritz
skipperchong
ivargrimstad
eileencodes
rasmusluckow
![THX! Any questions? You can find me at @amaurybsouza /[email protected]](https://files.speakerdeck.com/presentations/9463bc9562294877b92e3e31cf8b59c3/slide_43.jpg){kind=link}
