$30 off During Our Annual Pro Sale. View Details »
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Leoswaldo Macias - Protecting your App in the ...
Search
DevOpsDays GDL
February 21, 2020
Technology
0
370
Leoswaldo Macias - Protecting your App in the Cloud
DevOps Days GDL 2020 - February 20th
DevOpsDays GDL
February 21, 2020
Tweet
Share
More Decks by DevOpsDays GDL
See All by DevOpsDays GDL
Julian Limon - Aligned autonomy: How clarity on outcomes gets us to self-organized teams that win
devopsdaysgdl
0
560
Jorge Castro - Building DevOps Ways of Working at large Enterprise through learning, collaboration and Gamification experiences: Continuous WoWs, DevUps and Feedback
devopsdaysgdl
0
380
Salvador Elizarraras - Five Ways to Improve Team Performance
devopsdaysgdl
0
270
Tommy Adams - Cutting the Cord: Letting Your Remote Team Run Free
devopsdaysgdl
0
270
Cameron Motevasselani - Extending Spinnaker for the Enterprise
devopsdaysgdl
0
340
Jesus Contreras - Containers y DevTools en AWS
devopsdaysgdl
0
340
Liz fong-Jones - Production Excellence
devopsdaysgdl
0
360
Mofizur Rahman - Knative: Serverless Computing on Kubernetes
devopsdaysgdl
0
380
Ra Acosta - SAFe Journey 5.0
devopsdaysgdl
0
280
Other Decks in Technology
See All in Technology
接客歴・営業歴の方が長いエンジニアから見たre:Invent2025
yama3133
0
100
AI with TiDD
shiraji
1
240
たまに起きる外部サービスの障害に備えたり備えなかったりする話
egmc
0
380
Oracle Database@Azure:サービス概要のご紹介
oracle4engineer
PRO
2
180
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
9.9k
AI との良い付き合い方を僕らは誰も知らない
asei
0
220
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
takanorig
4
1.8k
障害対応訓練、その前に
coconala_engineer
0
160
re:Invent2025 3つの Frontier Agents を紹介 / introducing-3-frontier-agents
tomoki10
0
370
[Data & AI Summit '25 Fall] AIでデータ活用を進化させる!Google Cloudで作るデータ活用の未来
kirimaru
0
320
MariaDB Connector/C のcaching_sha2_passwordプラグインの仕様について
boro1234
0
1k
IAMユーザーゼロの運用は果たして可能なのか
yama3133
2
520
Featured
See All Featured
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
34
Mind Mapping
helmedeiros
PRO
0
38
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
980
A better future with KSS
kneath
240
18k
Bash Introduction
62gerente
615
210k
Deep Space Network (abreviated)
tonyrice
0
20
ラッコキーワード サービス紹介資料
rakko
0
1.8M
The Limits of Empathy - UXLibs8
cassininazir
1
190
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.4k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
Designing for Timeless Needs
cassininazir
0
89
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
37
6.2k
Transcript
Protecting your App in the Cloud @LeoswaldoMacias
Misconception
Shared Responsibility Model
“If you have access to change it then it is
yours, if not, then it’s theirs”
Incident Prevention A process to set instruments/tools/services to avoid possible
threats or impacts during an attack Incident Response Plan What to do when once we are impacted
Compliance Updates Maintain your instances up to date (OS, Libraries)
Network Does this need to be public accessible? What ports should I let in? What traffic should go out? Encryption At rest In transit Secret Management Keep your secret data secret
Network: Content Delivery Network CDN Content Delivery Network Your App
WAF
Network: Web Application Firewalls Firewall Layer 3 and 4 WAF
Contains Layer 7 attacks by inspecting for: • SQL Injections • XSS • Origin Geographically requests • String appearances • … and more
At least you know How soon or late? What are
the actions taken?
Incident Response Plan • Preparation • Detection • Containment •
Investigation • Recovery • Lesson Learn
Preparation Log everything you can (this will also help for
auditing) • Application Logs • Server Logs • Network Logs (Traces) • Access Logs and more Design the infrastructure to prevent single point of failure
Detection Monitoring and Alerting • Behaviour rules like traffic spikes,
CPU and Memory consumption • Traffic from countries not served • Sign in failures Page System :(
Containment Use automated processes to isolate any further impact like:
• Creating Network rules Make sure the impacted surface does not grow
Investigation • Analyze logs and timelines • Check which alarming
systems triggered • Check Dashboards
Recovery Get your environment to normal state
Lessons Learned Make sure all missings are documented and ARs
are assigned and tracked
Take Away #1 All applications are subject to exploits
Take Away #2 I’d rather invest more money on security
checks, tools, automation, than risking customer/company data
Take Away #3 Security is a shared responsibility to be
carried among all company employees, not only the Security crew
Thanks! @LeoswaldoMacias
[email protected]
devopsdaysgdl
yama3133
shiraji
egmc
oracle4engineer
fullkaiten
asei
takanorig
coconala_engineer
tomoki10
kirimaru
boro1234
tmiket
helmedeiros
tammyeverts
kneath
62gerente
tonyrice
rakko
cassininazir
raygrieselhuber
erikaheidi
kevinliebholz
![Thanks! @LeoswaldoMacias [email protected]](https://files.speakerdeck.com/presentations/ab51c71ce2b6400f80ac8eaf2e44a58b/slide_19.jpg){kind=link}