YoVDO

Removing AWS Policy Review Fatigue with Automated Terraform Resource Analysis

Offered By: DevSecCon via YouTube

Tags

DevSecOps Courses Amazon Web Services (AWS) Courses GitHub Courses Terraform Courses Infrastructure as Code Courses Pull Requests Courses Static Analysis Courses Security Automation Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Learn how to implement automated Terraform resource analysis for AWS policy control in this 22-minute DevSecCon talk. Discover how Yelp integrates static analysis into their Infra-as-Code (IaC) pipeline, reducing security reviewer fatigue and improving developer productivity. Explore the benefits of using tools like Regula and Atlantis to catch vulnerabilities during code review, shifting security left and eliminating manual security reviews. Gain insights into formatting output, creating custom rules, implementing waivers, and handling critical security vulnerabilities. Join speaker Muhammad Ahmed, a Software Engineer in Infrastructure Security at Yelp, as he shares his experience and expertise in cloud security and network security.

Syllabus

Introduction
Welcome
Pain Points
The Status Quo
The Goal
Status Checks
Formatting Output
Custom Rules
Waivers
Critical Security Vulnerability
OnCall Post
Questions


Taught by

DevSecCon

Related Courses

Secure Software Development: Verification and More Specialized Topics
Linux Foundation via edX Developing Secure Software
LinkedIn Learning Ethical Hacking: Mobile Devices and Platforms
LinkedIn Learning Tüm Aşamalarıyla İnşaat Eğitimi - AUTOCAD/STA4/EXCEL/PROJECT
Udemy Mobile Security: Reverse Engineer Android Apps From Scratch
Udemy