Removing AWS Policy Review Fatigue with Automated Terraform Resource Analysis
Offered By: DevSecCon via YouTube
Course Description
Overview
Learn how to implement automated Terraform resource analysis for AWS policy control in this 22-minute DevSecCon talk. Discover how Yelp integrates static analysis into their Infra-as-Code (IaC) pipeline, reducing security reviewer fatigue and improving developer productivity. Explore the benefits of using tools like Regula and Atlantis to catch vulnerabilities during code review, shifting security left and eliminating manual security reviews. Gain insights into formatting output, creating custom rules, implementing waivers, and handling critical security vulnerabilities. Join speaker Muhammad Ahmed, a Software Engineer in Infrastructure Security at Yelp, as he shares his experience and expertise in cloud security and network security.
Syllabus
Introduction
Welcome
Pain Points
The Status Quo
The Goal
Status Checks
Formatting Output
Custom Rules
Waivers
Critical Security Vulnerability
OnCall Post
Questions
Taught by
DevSecCon
Related Courses
Introduction to Agile Software Development: Tools & TechniquesUniversity of California, Berkeley via edX Advanced Topics and Techniques in Agile Software Development
University of California, Berkeley via edX The Data Scientist’s Toolbox
Johns Hopkins University via Coursera How to Use Git and GitHub
Udacity Desarrollo de Videojuegos 3D en Unity: Una Introducción
Universidad de los Andes via Coursera