Leveraging Cloud SDNs to Solve OWASP Top Ten

Explore how to leverage cloud software-defined networking (SDN) to address OWASP Top Ten security concerns in this 40-minute conference talk from APPSEC Cali 2018. Dive into the advancements in SDN that enable virtualized security controls within virtual layer 2 networks, reducing complexity in cloud environments. Learn about implementing network security policies through SDN-defined service chains, allowing traffic to flow through security controls at the virtual network level. Discover how to virtualize and inject common security functions like Snort into layer 2 of a virtual network without requiring layer 3 networking changes. Gain insights into open-source technologies that make virtualized web security a reality, including Linux (CentOS), Snort, nginx, and OpenStack. Follow along with a full workshop walkthrough, available on GitHub, to implement these concepts hands-on. Understand the implications for managed service security operation centers, CI/CD integration, and load-balanced service chains in securing virtualized workloads.

Intro
Based upon a True Story... Managed Service Security Operation Center
Typical Layer 3 Cloud Security
Securing Virtualized Workloads Defined security configurations
Security VM Catalog
Securing Virtualized Workloads CI/CD Integration
Load Balanced Service Chains
Service Chain Creation
Forwarding versus In-Line NFV
Lab Overview - Virtualized Functions
Take Aways...