Configurations: The Weak Link in the Security Chain

Explore a 30-minute conference talk from Conf42 DevSecOps 2023 that delves into the critical issue of configurations as the weak link in the security chain. Learn about common types of misconfigurations, permission issues, and the risks associated with unencrypted files. Discover the challenges in monitoring changes and the automation gap in security practices. Gain insights into effective defense strategies, including an introduction to the Configu project for managing configurations. Understand how to manage permissions effectively, ensure data encryption, implement monitoring techniques, and embrace automation to strengthen your security posture. The talk covers essential topics from the "software bible" to practical solutions for addressing configuration-related vulnerabilities in DevSecOps environments.

intro
preamble
who is peleg
what we will cover
software bible
common types of misconfigurations
permission issues
unencrypted files and risks
challenges in monitoring changes
the automation gap
defence
introduction to configu
managing permissions effectively
ensuring data encryption
effective monitoring techniques
embracing automation
thank you for your attention