The Defense Rests - Automation and APIs for Improving Security

Explore a comprehensive conference talk from Black Hat USA 2012 that delves into improving security through automation and APIs. Learn how to enhance both operations and development by leveraging tools like Chef, Puppet, Jenkins, Logstash, Elasticsearch, Splunk, and Hadoop. Discover the importance of centralized management, automation, and testing in security practices. Understand why deploying more frequently with smaller change sets can be beneficial, and how to prepare for failures while ensuring rapid recovery. Gain insights into real-world examples and open-source software implementations, including open protocols like Netconf and tools like Dasein-cloud. The presentation covers topics such as continuous integration, API design, identifying vulnerabilities, integration unit tests, and overcoming obstacles in security automation. While avoiding discussions on APT, DevOps vs. NoOps, BYOD, or Cloud Security concerns, this talk provides practical knowledge for improving security practices through automation and API utilization.

Intro
Feedback Slides
David Mortman
Jenkins HP
Continuous Integration
API Design
Obstacles
Java module
Simple RESTful API
Identifying vulnerabilities
Integration unit tests
Automation
Questions