AutoScaling Web Application Security in the Cloud

Explore auto-scaling web application security in cloud environments through this conference talk from AppSecUSA 2014. Learn practical approaches for securing rapidly scaling cloud applications, with a focus on Amazon Web Services. Discover common techniques and tools for auto-scaling security, including Chef/Puppet, CloudFormation, and Elastic Load Balancer. Understand the role of auto-scaling groups, management APIs, and scaling triggers in deploying web security infrastructure. Examine the impact of Platform-as-a-Service on application security and strategies for embedding controls directly into web applications. Gain insights into designing scalable security architectures, abstracting application security components, and implementing CloudFormation templates for efficient deployment. While primarily aimed at advanced audiences with strong networking and cloud security experience, this talk also offers valuable information for intermediate attendees involved in cloud security strategy and requirements.

Introduction
Topics We'll Cover
Cloud Architecture is Evolving
Security vs DevOps
Basic Auto Scaling Tools
Basic Auto Scaling Capabilities
Elastic Load Balancer
Configuring Auto Scaling in AWS
Creating an Auto Scaling Group
Create Auto Scaling Policy
Auto Scaling In Action
Designing for Scale
Architecture Principles
Auto Scaling Web App Firewalls?
Abstracting Application Security Components
1. Separate Processing & Control Planes
Reduce and Abstract Interactions
Store Persistent Data on EBS
Web Traffic Flow
Complete Stack - Prior to Automation
Using CloudFormation Templates
Command Line Example
Base WAF Stack Ready
10gbps Environment Test