Orchestrating Security Tools with AWS Step Functions

Presented at DeepSec 2018 „I like to mov &6974,%bx“, Unknown date/time (Unknown duration)

Increasingly frequent deployments make it impossible for security teams to manually review all of the code before it is released.

We wrote a Terraform-deployed application to solve this problem by tightly integrating into the developer workflow. The plugin-based application has three core components, each represented by at least one Lambda function: a trigger, processing and analysis, and output. The plugins, such as static analysis, dependency checking, github integrations, container security scanning, or secret leak detection can be written in any language supported by AWS Lambda.

The underlying technology for this tool is a serverless system utilizing several AWS Services, such as API Gateways, Step Functions and Lambdas.

In this talk you'll not only learn about our tool and how to implement it in your CI/CD pipeline, but also how to easily deploy complex serverless systems and step functions for your own automated tooling.

Presenters:

• Justin Massey - Datadog
  Jules Denardou is a Security Engineer at Datadog. He got his MS Degree in Computer Science at Ecole Centrale Paris in France, before joining the company in New York City. He especially focuses on integrating security into the developers workflow rather than blocking it. Blue teaming during the week, he is also a CTF Player on weekends. Justin Massey is a Security Engineer at Datadog. His background in managing the technical operations of an MSP led him to discovering weaknesses in many businesses' networks and applications. After leaving the MSP, he transitioned into the role of penetration tester to identify the weaknesses before the attackers. Justin's current focus is to discover new ways to ensure product security, while maintaining developers efficiency and happiness.
• Jules Denardou - Datadog
  Jules Denardou is a Security Engineer at Datadog. He got his MS Degree in Computer Science at Ecole Centrale Paris in France, before joining the company in New York City. He especially focuses on integrating security into the developers workflow rather than blocking it. Blue teaming during the week, he is also a CTF Player on weekends. Justin Massey is a Security Engineer at Datadog. His background in managing the technical operations of an MSP led him to discovering weaknesses in many businesses' networks and applications. After leaving the MSP, he transitioned into the role of penetration tester to identify the weaknesses before the attackers. Justin's current focus is to discover new ways to ensure product security, while maintaining developers efficiency and happiness.

Links:

• https://deepsec.net/archive/2018.deepsec.net/speaker.html#PSLOT374

Similar Presentations:

• AppSec USA 2016 / Serverless Security: Doing Security in 100 milliseconds
• Black Hat USA 2019 / Internet-Scale Analysis of AWS Cognito Security
• Black Hat USA 2017 / Hacking Serverless Runtimes: Profiling AWS Lambda, Azure Functions, and More