.co.il
www.
“Attackers are already using their own form of continuous
delivery to overwhelm the good guys. The reason security
teams can’t keep up is because the bad guys have already
figured out how to use automation and cloud-style
technologies to scale up their attacks.”
- Tim Prendergast, CEO of Evident.io
.co.il
www.
Just as dev and ops have had to bridge
some serious cultural gulfs to start
collaborating better,
security needs to meet
the developers and
operations teams half way.
.co.il
www.
Robert’); DROP TABLE Students; --
bobby-tables.com
Slide 17
Slide 17 text
.co.il
www.
http://bobby-tables.com/about.html
Slide 18
Slide 18 text
.co.il
www.
SQLmap / sqlmap.org
Slide 19
Slide 19 text
.co.il
www.
Chef Audit mode
control_group 'Blog Post Examples' do
control 'SSH' do
it 'should be listening on port 22' do
expect(port(22)).to be_listening
end
it 'disables root logins over ssh' do
expect(file('/etc/ssh/sshd_config').content).to contain('PermitRootLogin no')
end
end
end
Slide 20
Slide 20 text
.co.il
www.
Starting audit phase
Blog Post Examples
SSH
should be listening on port 22
disables root logins over ssh (FAILED - 1)
Failures:
1) Blog Post Examples SSH disables root logins over ssh
Failure/Error: expect(file('/etc/ssh/sshd_config').content).to contain('PermitRootLogin no')
expected File "/etc/ssh/sshd_config" to contain "PermitRootLogin no"
# /tmp/kitchen/cache/cookbooks/audit-test/recipes/default.rb:8:in `block (3 levels) in from_file'
Finished in 0.13067 seconds (files took 0.32089 seconds to load)
2 examples, 1 failure
Failed examples:
rspec # Blog Post Examples SSH disables root logins over ssh
[2015-04-04T03:29:41+00:00] ERROR: Audit phase failed with error message: Audit phase found failures - 1/2 controls failed
Audit phase exception:
Audit phase found failures - 1/2 controls failed
Chef Audit mode
Slide 21
Slide 21 text
.co.il
www.
The Center for Internet Security (CIS) presents the CIS Controls for Effective Cyber
Defense Version 6.0, a recommended set of actions that provide specific and
actionable ways to stop today's most pervasive and dangerous cyber attacks.
July 01, 2015
www.cisecurity.org/critical-controls/
Slide 22
Slide 22 text
.co.il
www.
Chef PCI-DSS / CIS audit cookbook
www.chef.io/blog/2015/05/11/towards-compliance-as-code-a-real-world-example/
control_group '1 Install Updates, Patches and Additional Security Software' do
control '1.2 Configure Software Updates' do
it '1.2.2 Verify that gpgcheck is Globally Activated' do
expect(file('/etc/yum.conf').content).to match(/^gpgcheck=1/)
end
end
end
Slide 23
Slide 23 text
.co.il
www.
Slide 24
Slide 24 text
We invite you to join Operations Israel
Facebook group on on.fb.me/Ops-IL
we are hiring at [email protected]
Thank you!
www.devops.co.il