Presented at
BSidesLV 2016,
Aug. 2, 2016, 11 a.m.
(45 minutes).
IT shops have trouble reliably doing the basics well: 30% of all break-ins come through systems not in inventory, 30% of servers are doing nothing useful, getting systems hardened is difficult, 70% of people who get into compliance with PCI-DSS aren't in compliance a year later, remediation of known serious patches happens slowly if at all, 90% of all sites have suffered from outages of services which aren't monitored, and keeping a suite of helpful tools correctly configured over time is time-consuming and expensive. Then of course, there's the problem of demonstrating to upper management that you're actually making progress against a formidable task. These are the problems the OWASP Assimilation project addresses.
It compares security configuration against best practices, keeps network-facing checksums up to date, provides attack surface visualization, alerts on many kinds of events, and also improves availability through monitoring systems and services.
This talk will give an overview of the project and a live demo.
Presenters:
-
Alan Robertson
- CTO - Assimilation Systems
Professional: Continuous Compliance, Availability, Scalability, Monitoring, Integrity, Business Resilience, open source, OWASP Assimilation Project,
I founded the open source Linux-HA/Pacemaker project, the OWASP Assimilation Project, and the IT Best Practice project.
Links: