All-in-one security with open source tools

DevSecCon Singapore 2018 speaker
23 Feb 2018
13:20 - 14:10
Talk | Merchant Court Ballroom

All-in-one security with open source tools

The talk will cover the integration of different open source tools and techniques to manage both the offensive and defensive side of security and automating the security solution and scalability. This will include the automation of SIEM and server health monitoring using custom made chron jobs and ELK. Automating web application security pen testing using different open source tools and also figuring out the cloud specific vulnerabilities through meta data information. Setting up an incident response alerting system using custom scripts and pingdom for high priority incidents for instant actions. Setting up network security automation and patch management using nessus and puppet and automating vulnerability management process using open source tools. Intense hardening & patching using ansible and app amor for sure deployment. Automating secure SDLC using sonar cube and many more. Security in Cloud (AWS, Google Cloud etc.).

We will also discuss:

  • Configuration best practices for Identity & Access Management Portals
  • Planning the right network architecture with use of VPC and VPN
  • Securing instances by running only the required services
  • Configuring instances at the boot time to remove unwanted softwares or upgrade to stable software versions with no known vulnerabilities
  • Using access tokens and Cloud API’s to regularly rotate keys/passwords

This website uses cookies to ensure you get the best experience on our website More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.