Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Leoswaldo Macias - Protecting your App in the ...
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
DevOpsDays GDL
February 21, 2020
Technology
0
380
Leoswaldo Macias - Protecting your App in the Cloud
DevOps Days GDL 2020 - February 20th
DevOpsDays GDL
February 21, 2020
Tweet
Share
More Decks by DevOpsDays GDL
See All by DevOpsDays GDL
Julian Limon - Aligned autonomy: How clarity on outcomes gets us to self-organized teams that win
devopsdaysgdl
0
580
Jorge Castro - Building DevOps Ways of Working at large Enterprise through learning, collaboration and Gamification experiences: Continuous WoWs, DevUps and Feedback
devopsdaysgdl
0
400
Salvador Elizarraras - Five Ways to Improve Team Performance
devopsdaysgdl
0
300
Tommy Adams - Cutting the Cord: Letting Your Remote Team Run Free
devopsdaysgdl
0
280
Cameron Motevasselani - Extending Spinnaker for the Enterprise
devopsdaysgdl
0
350
Jesus Contreras - Containers y DevTools en AWS
devopsdaysgdl
0
360
Liz fong-Jones - Production Excellence
devopsdaysgdl
0
370
Mofizur Rahman - Knative: Serverless Computing on Kubernetes
devopsdaysgdl
0
410
Ra Acosta - SAFe Journey 5.0
devopsdaysgdl
0
280
Other Decks in Technology
See All in Technology
型を書かないRuby開発への挑戦
riseshia
0
140
LINEアプリ開発のための Claude Code活用基盤の構築
lycorptech_jp
PRO
1
1.3k
Security Diaries of an Open Source IAM
ahus1
0
190
チームメンバー迷わないIaC設計
hayama17
5
3.6k
Datadog Cloud Cost Management で実現するFinOps
taiponrock
PRO
0
110
競争優位を生み出す戦略的内製開発の実践技法
masuda220
PRO
2
530
技術的負債の泥沼から組織を救う3つの転換点
nwiizo
4
780
全自動で回せ!Claude Codeマーケットプレイス運用術
yukyu30
3
160
組織のSREを推進するためのPlatform EngineeringとEKS / Platform Engineering and EKS to drive SRE in your organization
chmikata
0
180
What's new in Go 1.26?
ciarana
2
280
脱・コピペ!自分で調べて書くK8sマニフェスト
devops_vtj
0
110
Microsoft Fabric のワークスペースと容量の設計原則
ryomaru0825
2
240
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Become a Pro
speakerdeck
PRO
31
5.8k
The Limits of Empathy - UXLibs8
cassininazir
1
240
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
Writing Fast Ruby
sferik
630
62k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
470
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
Designing for Performance
lara
611
70k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
1
140
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
Building the Perfect Custom Keyboard
takai
2
700
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
400
Transcript
Protecting your App in the Cloud @LeoswaldoMacias
Misconception
Shared Responsibility Model
“If you have access to change it then it is
yours, if not, then it’s theirs”
Incident Prevention A process to set instruments/tools/services to avoid possible
threats or impacts during an attack Incident Response Plan What to do when once we are impacted
Compliance Updates Maintain your instances up to date (OS, Libraries)
Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret
Network: Content Delivery Network CDN Content Delivery Network Your App
WAF
Network: Web Application Firewalls Firewall Layer 3 and 4 WAF
Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more
At least you know How soon or late? What are
the actions taken?
Incident Response Plan • Preparation • Detection • Containment •
Investigation • Recovery • Lesson Learn
Preparation Log everything you can (this will also help for
auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure
Detection Monitoring and Alerting • Behaviour rules like traffic spikes,
CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(
Containment Use automated processes to isolate any further impact like:
• Creating Network rules Make sure the impacted surface does not grow
Investigation • Analyze logs and timelines • Check which alarming
systems triggered • Check Dashboards
Recovery Get your environment to normal state
Lessons Learned Make sure all missings are documented and ARs
are assigned and tracked
Take Away #1 All applications are subject to exploits
Take Away #2 I’d rather invest more money on security
checks, tools, automation, than risking customer/company data
Take Away #3 Security is a shared responsibility to be
carried among all company employees, not only the Security crew
Thanks! @LeoswaldoMacias
[email protected]
devopsdaysgdl
riseshia
lycorptech_jp
ahus1
hayama17
taiponrock
masuda220
nwiizo
yukyu30
chmikata
ciarana
devops_vtj
ryomaru0825
erikaheidi
speakerdeck
cassininazir
zakiyama
sferik
tammyeverts
morganepeng
lara
retrage
tanoku
takai
marktimemedia
![Thanks! @LeoswaldoMacias [email protected]](https://files.speakerdeck.com/presentations/ab51c71ce2b6400f80ac8eaf2e44a58b/slide_19.jpg){kind=link}