SECURITY IN CONTINUOUS DELIVERY ENVIRONMENT · security in continuous delivery environment with a strong mix of soa created by jakub nawalaniec / @panpielgrzym. ... /api/v4/hello.json.

SECURITY INCONTINUOUS DELIVERY

ENVIRONMENTWITH A STRONG MIX OF SOA

Created by / Jakub Nawalaniec @panpielgrzym

http://twitter.com/panpielgrzym

https://github.com/pielgrzym

WHO AM I?Jakub Nawalaniec — Security Engineer @ Base CRM

WHAT IS BASE?

WHAT IS BASE?

POST-PC CRMSOA

AMAZON EC2

CONTINUOUS DELIVERY @BASESELF SUFFICIENT TEAMS

CONTINUOUS DELIVERY @BASESELF SUFFICIENT TEAMS

EXPERIENCES

GRIDCREATEDEPLOY

MAINTAIN

MULTIPLE ENVIRONMENTSDevelopmentSandboxStagingProduction

DEVELOPMENT SPEED

...IN ALL ENVIRONMENTS

SECURITY CONCERNS?

LEGACY APIS/API/V1/HELLO.JSON/API/V2/HELLO.JSON/API/V4/HELLO.JSON

DUPLICATEFUNCTIONALITIES

SHAREDFUNCTIONALITIES

DEPENDENCIES

REIMPLEMENTING THEWHEEL

IS THERE HOPE?

FIGHTING BLOATDIVIDE FAT MICRO-SERVICES

REPLACE LEGACY MICRO-SERVICESAUTOMATE!

INTELANALYZE DEPENDENCIES

AGGREGATE VULNERABILITIES INFOAGGREGATE SERVICE METADATA

WHY DO IT YOURSELF?MULTIPLE PLATFORMS SUPPORTINFORMATION SOURCE MASHUP

EASY TO EXPAND AND CUSTOMIZEMETRIC INTEGRATION FTW

SO WE WON?

NOPE.

HERE IS WHY:LIMITED CONTEXT AWARENESS

SERVICES INTERACTIONSANALYSIS SPEED

???

BUG BOUNTY

BUG BOUNTY

PENTESTMONITORMEASURE

THANKS!

SECURITY IN CONTINUOUS DELIVERY ENVIRONMENT · security in continuous delivery environment with a strong mix of soa created by jakub nawalaniec / @panpielgrzym. ... /api/v4/hello.json.

Documents