PyCon Pune 2017

Security is a oft-forgotten, but critical aspect of DevOps (SecDevOps/DevSecOps). For Security in DevOps, you need to have security checks at multiple levels of the continuous delivery pipeline. This talk will focus on a case-study that was implemented for a product company, where we used Python as the primary platform of choice to delivery automation in application security testing, identifying security flaws in open source libraries, security hardening docker containerized implementations and performed pre-release automated security testing of the infrastructure just prior to deployment. With the entire pipeline being automated, one is able to focus on eliminating security issues early in the release pipeline, before it gets into production and results in expensive security breaches, costing organizations millions of dollars in reputation and revenue.

Outline

• Instrumented Automated Application Security Testing using Selenium, PyRESTTest and OWASP ZAP (Python API)
• Automated Hardening of Docker Containers using System Call Profiling
• Automated Infrastructure Scanning using multiple vulnerability assessment and specific exploit tools

Speaker bio

Abhay is the CTO of we45, a focused Application Security Company. He’s the author of “Secure Java for Web Application Development” and “PCI Compliance: A Definitive Guide” from CRC Press New York. He’s a passionate Pythonista with a wide-ranging skillset in both building and breaking apps. He’s spoken in world-renowned conferences like the JavaOne, OracleOpenWorld, OWASP AppSecUSA in addition to several other industry events and conferences. He runs workshops on Application Security, Security in DevOps and Mobile Application Security