Presented at
AppSec USA 2014,
Sept. 19, 2014, 1 p.m.
(45 minutes).
Securing web applications has placed extreme demands on security professionals - in addition to understanding attack patterns and defense tactics, effectively protecting web apps requires some level of programming and database management expertise. With broad adoption of public clouds, this bar is rising once again. Today's cloud enabled applications scale-up well beyond previous web applications. It is not unusual for cloud enabled web applications to have changing infrastructure footprint within minutes that scale to millions of users. This has placed a greater burden on securing these applications. How can you design auto-scaling security to match these rapidly scaling web applications? Older style web application defenses and security almost always fail. Additional web application security capacity added days or even weeks after the server farm has grown and began processing live transactions is not acceptable.
In this session the audience will learn several approaches to auto-scaling web application security, using practical examples built around Amazon Web Services. The audience will learn about:
• Common techniques and tools used to provide security for auto-scaling web applications including Chef/Puppet, CloudFormation, Elastic Load Balancer.
• Role of auto-scaling groups and common requirements for management APIs in automatically deploying web security infrastructure.
• Common scaling triggers and mechanics by which web application security infrastructure must scale to operate in lockstep with elastic web server farms.
• Impact Platform-as-a-Service (PaaS) services have on auto-scaling web application security and approaches to deploying application security controls embedded directly into web applications.
While this is a session primarily designed for an advanced audience with strong understanding of IP networking, web application security fundamentals and experience in managing security infrastructure in a public cloud environment, the information covered will also be of interest to intermediate attendees that set technology strategy and formulate requirements for cloud security controls.
Presenters:
-
Misha Govshteyn
- VP of Technology Services - Alert Logic
Misha Govshteyn co-founded Alert Logic in 2002. Govshteyn is responsible for security strategy, security research and software development at Alert Logic. Prior to founding Alert Logic, Govshteyn served as a Director of Managed Services for Reliant Energy Communications. In this role, he developed and successfully launched five major product lines including Managed Intrusion Detection Services and Managed Enterprise Firewall/VPN Products. Under Govshteyn's direction, Managed Services was the fastest growing group at Reliant Energy Communications, increasing revenue by 300 percent and reaching profitability in less than a year. Prior to Reliant Energy Communications, he held the position of Director of Advanced Technical Services at Insync Internet Services. Govshteyn is a frequent speaker, having presented at RSA Conference, Cloud Connect, AWS Summit, AWS re:Invent, and 451 Group's Hosting and Cloud Transformation Summit.
Links:
Similar Presentations: