orchestrating security tooling with aws step functions
play

Orchestrating Security Tooling With AWS Step Functions 1 - PowerPoint PPT Presentation

Nov 11, 2022 •351 likes •1.2k views

Orchestrating Security Tooling With AWS Step Functions 1 Background Jules Denardou Justin Massey @Pod_Sec @jmassey09 @JulesDT @th3r3p0 Security Engineers at Datadog Product Security team Improve security of product without

  1. Orchestrating Security Tooling With AWS Step Functions 1

  2. Background Jules Denardou Justin Massey @Pod_Sec @jmassey09 @JulesDT @th3r3p0 Security Engineers at Datadog ● Product Security team ● Improve security of product without detrimental impact to the developers ● workflows 2

  3. 3

  4. Goals: Developers own the security of their app 4

  5. Goals: Developers own the security of their app Find bugs early. Fix bugs early. 5

  6. Security Tooling and CI/CD A Love/Hate Relationship 6

  7. Security tooling and CI/CD ● Security tools often don’t integrate with CI/CD Long running jobs ○ False positives ○ Each tool has its own way of giving a report ○ 7

  8. Security tooling and CI/CD ● Security tools often don’t integrate with CI/CD Long running jobs ○ False positives ○ Each tool has its own way of giving a report ○ 8

  9. Security tooling and CI/CD ● Security tools often don’t integrate with Dev Workflows Blocking deployment pipelines ○ Reports in a third party website ○ 9

  10. Security tooling and CI/CD ● Security tools often don’t integrate with Dev Workflows Blocking deployment pipelines ○ Reports in a third party website ○ 10

  11. Plugin Based Workflow 11

  12. Plugin Based Workflow Triggers 12

  13. Plugin Based Workflow Triggers Processors 13

  14. Plugin Based Workflow Triggers Processors Outputs 14

  15. Our Solution 15

  16. Our Solution Github PR 16

  17. Our Solution Webhook Github PR API Gateway 17

  18. Our Solution Webhook Github PR Lambda Function API Gateway 18

  19. Our Solution API Security Scanning Webhook Github PR Lambda Function API Gateway 19

  20. Our Solution API Security Scanning API Webhook Github PR Lambda Function API Gateway 20 Github PR Comment

  21. Issues With This Solution Time Some scans take > 30 min ● Lambdas timeout out after 300 seconds ● 21

  22. Issues with 1st Solution Time Some scans take > 30 min ● Lambdas timeout out after 300 seconds ● 22

  23. Issues with 1st Solution Time Some scans take > 30 min ● Lambdas timeout out after 300 seconds ● Notifications Some scans have no way to notify you when complete ● 23

  24. Design ● First implementation 24

  25. Design ● First implementation AWS Lambdas 25

  26. Design First implementation ● 26

  27. Design ● First implementation AWS Lambdas ○ 27

  28. Design ● Alternative: AWS Step Functions 28

  29. Design ● Alternative: AWS Step Functions State Machine ○ Amazon States Language ◻ Individual States ○ Step Function console = State Machine GUI ○ 29

  30. Design ● States Task ○ Choice ○ Pass ○ Delay ○ Parallel ○ Success or Failure ○ 30

  31. Design Individual State State Machine 31

  32. Design 32

  33. Demo ! 33

  34. 34

  35. Design 35

  36. Design ● Integrating Github & AWS: Incompatible by default 36

  37. Design ● Integrating Github & AWS: Incompatible by default Github uses HMAC signed events ○ 37

  38. Design ● Integrating Github & AWS: Incompatible by default Github uses HMAC signed events ○ AWS API Gateway uses an “Authorizer” ○ 38

  39. Design ● Integrating Github & AWS: Incompatible by default Implement a custom authorizer as a first step of the Step function ○ Yes No 39

  40. Design ● Integrating Github & AWS: Incompatible by default Implement a custom authorizer as a first step of the Step function ○ 40

  41. Design 41

  42. Design 42

  43. Design 43

  44. Design 44

  45. Design 45

  46. Design 46

  47. Design 47

  48. Design 48

  49. Design 49

  50. Design 50

  51. Design 51

  52. Design 52

  53. Design 53

  54. Design 54

  55. Design 55

  56. Sifting through logs... 56

  57. 57

  58. 58

  59. Searching for an ID unique to the state machine: print(event) print(context) 59

  60. It 60

  61. It doesn’t 61

  62. It doesn’t exist 62

  63. 63

  64. Solution 1. Generate a Unique ID in the first lambda (state_id) 64

  65. Solution 1. Generate a Unique ID in the first lambda (state_id) 2. Override `logging.Filter.filter()` 65

  66. Solution 1. Generate a Unique ID in the first lambda 2. Override `logging.Filter.filter()` 3. Use custom filter 66

  67. Design and Implement 67

  68. 68

  69. Developer feedback 69

  70. Developer feedback ● Important part of the project: the developer Developer engagement is crucial ○ 70

  71. Developer feedback ● Important part of the project: the developer Developer engagement is crucial ○ We need to give the results in the best way possible ○ 71

  72. Developer feedback ● Important part of the project: the developer Developer engagement is crucial ○ We need to give the results in the best way possible ○ Low-noise, easy to read, where the developer is ○ 72

  73. Developer feedback ● Important part of the project: the developer Developer engagement is crucial ○ We need to give the results in the best way possible ○ Low-noise, easy to read, where the developer is ○ Make issues found actionable ○ 73

  74. Developer feedback ● Important part of the project: the developer Developer engagement is crucial ○ We need to give the results in the best way possible ○ Low-noise, easy to read, where the developer is ○ Make issues found actionable ○ ● The developer is our “customer” 74

  75. Developer feedback ● We reach out to them Send organization wide emails asking for feedback ○ Application Security focus group ○ Direct discussion with developers ○ 75

  76. Developer feedback ● We reach out to them Send organization wide emails asking for feedback ○ Application Security focus group ○ Direct discussion with developers ○ 76

  77. Developer feedback ● Follow their workflows Use the same CI/CD tools ○ Try to use the same technologies ○ ● Helps understanding their constraints 77

  78. Developer feedback ● Our current solution Comment on the PR ○ This is where the dev is looking 78

  79. Developer feedback ● Our current solution Comment on the PR ○ This is where the dev is looking ● Our plan for the future All the scans in a single comment ○ “Auto-fix” PR (when possible) created and linked for review ○ 79

  80. Deployment 80

  81. Deployment GitHub Authorizer ● GitHub Trigger ● Plugin that uses Go Security Scanner ● GitHub PR Commenter ● Slack Output ● 81

  82. Deployment ● Lambdas Serverless framework ○ 82

  83. Deployment ● Lambdas Serverless framework ○ ● IAM, Step Function, API Gateway Terraform ○ 83

  84. Thank you! Questions? Jules Denardou Justin Massey @Pod_Sec @jmassey09 @JulesDT @th3r3p0 We are hiring: Paris, New York, and remote! 84

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Affect PROPRIETARY & CONFIDENTIAL March 4, 2010 Strategies MANAGING A HACK: Orchestrating

Affect PROPRIETARY & CONFIDENTIAL March 4, 2010 Strategies MANAGING A HACK: Orchestrating

Affect PROPRIETARY & CONFIDENTIAL March 4, 2010 Strategies MANAGING A HACK: Orchestrating Incident Response to Preserve Brand Reputation Cyber Security Summit Chicago Sept 26-27 th , 2018 Sandra Fathi President, Affect Email:

572 views • 26 slides
High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with

High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with

High-performance FLOSS tooling for DPA Ilya Kizhvatov Digital Security group Joint work with Cees-Bart Breunesse (Riscure North America) CRYPTACUS workshop, Nijmegen, 2017-11-17 Main points In many applications, attack time and not the

386 views • 10 slides
Company Profile 19 History Founded in 1977 as TKG Tooling & Automotive Company. TKG

Company Profile 19 History Founded in 1977 as TKG Tooling & Automotive Company. TKG

Company Profile 19 History Founded in 1977 as TKG Tooling & Automotive Company. TKG Tooling division began to service automotive industry by manufacturing tools for steel and aluminium parts. In 2013, TKG Tooling demerged from

263 views • 25 slides
What is Modern Web? Web Frameworks Web Tooling Mobile / Tablet First

What is Modern Web? Web Frameworks Web Tooling Mobile / Tablet First

What is Modern Web? Web Frameworks Web Tooling Mobile / Tablet First Standards Based Responsive Design Tooling in Browser Client Frameworks Adopting Popular 3 rd Party Tools Cloud Ready

1.14k views • 36 slides
Mastering your IDE Java tooling, Tips & Tricks! Noopur Gupta @noopur2507 Eclipse JDT

Mastering your IDE Java tooling, Tips & Tricks! Noopur Gupta @noopur2507 Eclipse JDT

Mastering your IDE Java tooling, Tips & Tricks! Noopur Gupta @noopur2507 Eclipse JDT co-lead @EclipseCon @EclipseJavaIDE IBM OVERVIEW Appearance Navigation Investigation Coding Debugging Java Tooling JUnit 5 Tooling APPEARANCE

657 views • 18 slides
Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web

Security Testing - Where Automation Fails Today How does security testing of web applications work What does the tooling landscape look like How does automated security testing fail What can we do Image courtesy of

583 views • 56 slides
(1, )-Evolution Strategy with Cumulative Step size Adaptation on linear cost functions

(1, )-Evolution Strategy with Cumulative Step size Adaptation on linear cost functions

(1, )-Evolution Strategy with Cumulative Step size Adaptation on linear cost functions Adrien Coutoux, Auger Anne, Hansen Nikolaus INRIA Saclay - Ile-de-France, Project team TAO (1, )-Evolution Strategy with Cumulative Step size

465 views • 23 slides
Quick guide Step 1: Purchasing a RSFirewall! membership Step 2: Download RSFirewall! Step 3:

Quick guide Step 1: Purchasing a RSFirewall! membership Step 2: Download RSFirewall! Step 3:

Quick guide Step 1: Purchasing a RSFirewall! membership Step 2: Download RSFirewall! Step 3: Installing RSFirewall! Step 4: Scan the Joomla! installation 4.1 Run the System Check 4.2 Fix the security vulnerabilities 4.2.1 Joomla! And

279 views • 17 slides
Setting up an Security Operations Center (SOC) A step by step approach Abdul Rahman Mohamed

Setting up an Security Operations Center (SOC) A step by step approach Abdul Rahman Mohamed

Ministry of Science, People First, Performance Now Technology and Innovation Setting up an Security Operations Center (SOC) A step by step approach Abdul Rahman Mohamed Abdul Rahman Mohamed VP, IT Strategy, Risk & Delivery Group IT,

906 views • 34 slides
Hash Functions, Message Hash Functions, Message Security Services Security Services

Hash Functions, Message Hash Functions, Message Security Services Security Services

Hash Functions, Message Hash Functions, Message Security Services Security Services Authentication Codes Authentication Codes Confidentiality : Symmetric encryption solves Integrity Ahmet Burak Can Authentication Hacettepe

341 views • 4 slides
min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A

a i a j a i , a j a j , a i min { a i , a j } max { a i , a j } P j P j P i P i P i P j Step 1 Step 2 Step 3 Figure 9.1 A parallel compare-exchange operation. Processes P i and P j send their elements to each other. Process P i keeps min { a i ,

372 views • 22 slides
CSCI-UA.9480 Introduction to Computer Security Session 1.1 One-Way Functions and Hash Functions

CSCI-UA.9480 Introduction to Computer Security Session 1.1 One-Way Functions and Hash Functions

CSCI-UA.9480 Introduction to Computer Security Session 1.1 One-Way Functions and Hash Functions Prof. Nadim Kobeissi 1.1a Why Hash Functions? Describing the importance of the cryptographers Swiss Army knife. 2 CSCI-UA.9480:

569 views • 34 slides
FUNCTIONS SECANT AND COSECANT A three step process BELL RINGER Explanation: WHAT IS THE

FUNCTIONS SECANT AND COSECANT A three step process BELL RINGER Explanation: WHAT IS THE

GRAPHING THE RECIPROCAL FUNCTIONS SECANT AND COSECANT A three step process BELL RINGER Explanation: WHAT IS THE RELATIONSHIP BETWEEN THEY ARE RECIPROCALS. Which tells us WE CAN USE THIS KNOWLEDGE TO HELP US GRAPH TODAY We

597 views • 15 slides
Orchestrating Proxysql with OCP Avi Apelbaum, Wix aviap@wix.com linkedin/aviapelbaum

Orchestrating Proxysql with OCP Avi Apelbaum, Wix aviap@wix.com linkedin/aviapelbaum

Orchestrating Proxysql with OCP Avi Apelbaum, Wix aviap@wix.com linkedin/aviapelbaum github.com/wix Hi. I am Eyal DBA Team Leader @WIx.com Wix in a Minute Our main production DBs Version 5.6.x & 5.7.x 3.2.12 3.0.9 DB instances

597 views • 37 slides
Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all

Step 1 Step 2 Step 3 Step 4 Step 5 Preparation of a sketch Submission of birth map of all customary information forms to Preparation and adoption of Convening and submission Submission of Application Ste land owned by ILG obtain

1.23k views • 4 slides
Composites Tooling Solutions Webinar Dan Campbell | Aurora Flight Sciences Research Group Lead

Composites Tooling Solutions Webinar Dan Campbell | Aurora Flight Sciences Research Group Lead

Cost-Effective Additive Manufactured Tooling for Composites Tooling Solutions Webinar Dan Campbell | Aurora Flight Sciences Research Group Lead Timothy Schniepp | Stratasys Leader, Tooling Solutions 2 STRATASYS / THE 3D PRINTING SOLUTIONS

580 views • 33 slides
University of Washington, Seattle ACFI workshop on Neutrino Physics 1 U. Mass., Amherst 18 20

University of Washington, Seattle ACFI workshop on Neutrino Physics 1 U. Mass., Amherst 18 20

Henry Lubatti University of Washington, Seattle ACFI workshop on Neutrino Physics 1 U. Mass., Amherst 18 20 July 2017 ACFI workshop on Neutrino Physics H. Lubatti 18 July 2017

1.03k views • 61 slides
Onboard Monitoring System Field Operational Test Program Martin Walker, Chief Research, FMCSA

Onboard Monitoring System Field Operational Test Program Martin Walker, Chief Research, FMCSA

FMCSA-Sponsored Onboard Monitoring System Field Operational Test Program Martin Walker, Chief Research, FMCSA Michael Mollenhauer, President, Transecurity, LLC May 9, 2012 Office of Research and Information Technology FMCSA Operational Test

417 views • 19 slides
From Zero to Serverless DogFoodCon October 4, 2018 Who is Chad Green Data & Solutions

From Zero to Serverless DogFoodCon October 4, 2018 Who is Chad Green Data & Solutions

Chad Green From Zero to Serverless DogFoodCon October 4, 2018 Who is Chad Green Data & Solutions Architect at ProgressiveHealth Community Involvement Code PaLOUsa Conference Chair Louisville .NET Meetup Organizer

1.17k views • 89 slides
LAB-03 BPMN Resource Perspective and Events Lecturer: Andrea MARRELLA Objectives of this

LAB-03 BPMN Resource Perspective and Events Lecturer: Andrea MARRELLA Objectives of this

Lab for the course on Process and Service Modeling and Analysis LAB-03 BPMN Resource Perspective and Events Lecturer: Andrea MARRELLA Objectives of this lecture Recap: Pools, Swimlanes and Message Flows BPMN events and event-based

851 views • 22 slides
Alert: An Architecture for Transforming a Passive DBMS into an Active DBMS Ulf Schreier, Hamid

Alert: An Architecture for Transforming a Passive DBMS into an Active DBMS Ulf Schreier, Hamid

Alert: An Architecture for Transforming a Passive DBMS into an Active DBMS Ulf Schreier, Hamid Pirasesh, Rakesh Agrawal, C. Mohan IBM Almaden Research Center Alert Idea Does not build an Active DMBS from scratch Extends a Passive DBMS into an

474 views • 16 slides
Kubernetes-Native Workflows with Argo Kai Rikhye, Senior Staff Data Engineer November 13th, 2019

Kubernetes-Native Workflows with Argo Kai Rikhye, Senior Staff Data Engineer November 13th, 2019

Kubernetes-Native Workflows with Argo Kai Rikhye, Senior Staff Data Engineer November 13th, 2019 Data Council NYC Contact: kai@skillshare.com Agenda Context & Problem Tool Selection Argo: Details and Experiences Context & Problem

1.08k views • 29 slides
F undr aising E ve nt Manage me nt By L a yla Mo o sa vi la yla m11@ ho tma il.c o m L a

F undr aising E ve nt Manage me nt By L a yla Mo o sa vi la yla m11@ ho tma il.c o m L a

F undr aising E ve nt Manage me nt By L a yla Mo o sa vi la yla m11@ ho tma il.c o m L a yla Mo o sa vi fundra ising tra ining a nd Al Be ll @ T hirdStra nd Outc ome s Wha t is F undra ising e ve nts a nd wha t is g a ine d

959 views • 68 slides
Social Media For Event pros @Nick . Borelli #myilea nickborelli.com/ileamsp @NickBorelli nick

Social Media For Event pros @Nick . Borelli #myilea nickborelli.com/ileamsp @NickBorelli nick

Social Media For Event pros @Nick . Borelli #myilea nickborelli.com/ileamsp @NickBorelli nick borelli President / Strategist of Borelli Strategies Digital Marketing Consultant for Events & Event Suppliers. Digital Engagement

777 views • 53 slides

More recommend