Real World Cloud Application Security

Presented at AppSec USA 2012, Oct. 26, 2012, 1 p.m. (45 minutes)

This presentation will provide the audience with a case study of how real world organizations using the public cloud are approaching application security. Netflix, one of the largest AWS and public cloud users in the world, will serve as the subject of the case study. I will cover a variety of topics of interest to application security personnel, including: -Automating and integrating security into CI/CD environments -Large scale vulnerability management -Continuous security testing and monitoring, including Netflix's Security Monkey framework -Cultural integration of security in DevOps/agile organizations

Presenters:

• Jason Chan - Cloud Security Architect - Netflix
  I work in Netflix's Cloud and Platform Engineering team as the Cloud Security Architect. In my current role, I work with Netflix engineering, IT, legal, and business teams to ensure the secure design, implementation, and operation of the company's cloud deployment and overall application environment. Prior to joining Netflix, I led the information security team at VMware and spent most of my earlier career as a security consultant for firms such as @stake and iSEC Partners. I've presented at SANS, OWASP, United, and other conferences, briefed the NSA on cloud security, contributed to a book, and served as a technical editor for a number of other publications.

Links:

• https://appsecusa2012.sched.com/event/150mFS9/real-world-cloud-application-security
• https://infocon.org/cons/OWASP/AppSecUSA 2012/Real World Cloud Application Security.mp4

Similar Presentations:

• AppSec USA 2014 / Project Monterey or How I Learned to Stop Worrying and Love the Cloud
• ShmooCon XI (2015) / The Joy Of Intelligent Proactive Security
• AppSec USA 2014 / Cloud Security at Scale and What it Means for Your Application