AppSec Europe 2017: Improving the security of Software Defin...

View analytic

Improving the security of Software Defined Infrastructures - Theodoor Scholte (Netherlands)

Feedback form is now closed.

Configuration management tools such as Puppet or Chef have become increasingly popular as many organizations shifted towards a Software Defined Infrastructure (SDI).. These tools allow system administrators to express the infrastructure in source code once and deploy them multiple times. While configuration management tools offer many advantages in terms of single point of maintenance, (security) testing and the ability to perform security audits, they are also an attractive target for attackers as they can be used to gain control of the full software stack.

In this talk, we present the lessons learned of security reviews on real-world SDI deployments. First, we give an overview of a typical SDI deployment. Second, we explain the attack surface and threats of the SDI deployment. Third, we present how we identified vulnerabilities in this SDI deployment using source code analysis techniques. We conclude with an explanation on how to remediate these vulnerabilities.

Speakers

Theodoor Scholte

Theodoor Scholte is a software security consultant at SIG with more than 8 years experience in software security. In this role, his work ranges from establishing application security programs as well conducting manual secure code and design reviews assisted by security tools. Being part of... Read More →

Thursday May 11, 2017 12:05 - 12:35
Waterfront Center: Hall 2A

DevSecOps

AppSec Europe 2017

Theodoor Scholte

Attendees (38)

Recently Active Attendees

AppSec Europe 2017

Sign up or log in to save this to your schedule and see who's attending!

Theodoor Scholte

Attendees (38)

Recently Active Attendees