Rootconf Pune edition

We are in an age when there are just too many attacker tools, techniques and procedures (TTP). It is pointless to build automation that follow a fixed workflow — a fixed way or order of doing things, which may work for one but will not fit into the requirement of others.

This talk is about building security workflow automation in a distributed environment using free security tools, packaged as Docker containers and running on Kubernetes as the underlying platform for enabling the automation.

The key takeways for the talk are

1. Creating a security workflow using 3rd party security tools
2. Packaging 3rd party tools as Docker containers
3. Connecting various tools through messaging service and object storage
4. Running all of these in a Kubernetes cluster
5. Challenges and constraints involved in such systems

The intended audience for this talk are

1. Information security engineers looking to automate workflows
2. DevOps engineers looking to build security scanning in their pipeline
3. System Architects building security platforms
4. Anyone who thinks repeatative tasks are boring and should be done by machines :)

Outline

• An Application Security Workflow - How does it look like
• Mapping an app sec workflow to 3rd party free security tools
• Designing a Distributed System using Kubernetes to execute app sec workflows
  • Architecture diagram
  • High level overview of various components involved in the system
  • Producing and consuming events to drive the workflow
  • Adapter pattern for tool integration
• Packaging 3rd party free security tools as docker containers
• Deploying in Kubernetes
• Demo

Requirements

• Internet for demo

Speaker bio

An accomplished security professional with over a decade of experience in information security solution engineering, services, vulnerability research, reverse engineering and security tools development.

Experienced in security solution development using Cloud Native and Kubernetes Native technologies. Developed tools and technology to find vulnerabilities in web applications, network servers, client-side applications. Conducted product security audit of enterprise applications and credited with vulnerability discovery (CVE) for the same.

Credited with multiple vulnerability discovery across enterprise products with CVEs to his name such as CVE-2015-0085, CVE-2015-1650, CVE-2015-1682, CVE-2015-2376, CVE-2015-2555, CVE-2014-4117, CVE-2014-6113.

An active participant of NULL – India’s largest open security community as a core team member responsible for technology development.

As an open source software contributor, he has developed or contributed to multiple projects including:

• Wireplay
• Penovox
• HiDump
• RbWinDBG

He can be reached through:

• https://github.com/abhisek
• https://twitter.com/abh1sek

Links

• • https://blog.appsecco.com/designing-distributed-systems-for-security-workflow-learning-from-our-nullcon-workshop-93c2445667f4
• • https://github.com/appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows/

Slides

https://speakerdeck.com/abhisek/application-security-workflow-automation-using-docker-and-kubernetes