Why Checking Infrastructure-as-Code for Misconfigurations Is Not Enough - Comprehensive Cloud-Native Application Security

Explore the limitations of focusing solely on misconfiguration checks in cloud-native application security in this 48-minute OWASP Foundation talk by Aakash Shah, CTO of Oak9. Learn why a comprehensive approach to security design is crucial for cloud-native applications, going beyond simple configuration checks. Discover best practices for dynamically assessing application architecture security, leveraging infrastructure-as-code automation, and addressing emergent properties in complex systems. Gain insights into modern software development trends, the importance of security-by-design principles, and strategies for holistically evaluating security and compliance objectives in cloud environments.

Intro
Software & Infrastructure Delivery PAST
Modern Infrastructure Development
Cloud Native Applications Today
Trends in Modern Software Development
Complex Systems and Emergent Properties
Security is an emergent property
Types of Emergence
Limitations of Misconfiguration checking
Addressing Cloud-Native Security
Loadbalancer. Logging
Managed Inspection Points for Database Interactions