Infrastructure as Code (IaC) makes deploying cloud or container configurations scalable and faster. If you are launching a microservice into a Kubernetes cluster, or even building an entire AWS virtual infrastructure, IaC can automate the deployment. By building repeatable templates you can also ensure that deployments happen exactly as you design, every time. However, errors in infrastructure configuration are now regarded as the second biggest cause of data breaches. There are many ways to give adversaries an advantage through security misconfigurations. Overly permissive storage volumes, unauthenticated database access, or ports left open to the internet have all been a cause of compromise. The solution? Treat your infrastructure code the same as your application code. During your build process, use tools to scan for infrastructure misconfigurations. When you find them raise alerts or even break the build.
In this session, we will discuss common types of IaC misconfigurations, and demonstrate a free, open-source security tool that developers can build into their pipelines to help protect infrastructure from compromise.
7.45PM - 8.00PM - Registration and sign-in to webinar
8.00PM - 8:05PM - Introduction by host from chapter EXCO
8:05PM - 8:40PM - Infrastructure is the New Code – Is Your DevSecOps Ready? - by Mr. Ori Bendet, Director of Product Management, Checkmarx
8:40PM - 8:50PM - Q&A
8:50PM - 9:00PM - Kahoot! Quiz (eGift cards for Top 5 winners)
ABOUT THE SPEAKER
Mr. Ori Bendet, Director of Product Management at Checkmarx, leads its flagship product, CxSAST - Static Application Security Testing. Previously, he held product and engineering positions at Time To Know, HPE, PicApp, and Bezeq.
For security reasons, instructions for joining the webinar will be sent to registrants one (1) day prior to the event. Please watch out for the webinar details. If in doubt, please email firstname.lastname@example.org.
This is a chapter professional development event thus 1 CPE hour will be available for your CPE submission. To facilitate submission of CPE points on your behalf by the local chapter - please identify yourself clearly by renaming yourself as <(ISC)2 membership number> + your full name when you sign in or after you've sign in. For example: '123456 Luke SkyWalker'.
Note: (ISC)2 members residing in Singapore who are not members of our local Chapter please signed up with us at www.isc2chapter.sg.
Join the community.
Professional Member: $50/- year
Associate Member (Non-credential holders): $30/- year
Student Member: $10/- year