Moving applications and development to the cloud has delivered both operational benefits at scale. Faster release cycles and microservices architectures drive complexity and a need for speed that can only be solved by automation via Infrastructure-as-Code (IaC). However, deploying new tools creates new attack surfaces and IaC is no different.
Whether inadvertently exposing an S3 bucket or maliciously deploying tampered applications into production, the automation inherent to the IaC amplifies mistakes and facilitates lateral movement of attackers as much as it boosts developers’ release efficiency. Just as scanning for security vulnerabilities in source code is a de-facto best practice, proactively scanning IaC must also become automated in software delivery pipelines of security conscious organizations looking to shift left.
In this webinar, you will learn:
- About IaC and why its adoption is rapidly increasing
- Where in the SDLC you should scan
- Securing IaC in a developer-friendly way
- What types of security misconfigurations you should look for
- Preventing tampering of IaC code itself
- Preventing IaC from being used to deploy tampered applications
- Identifying drift between IaC configurations and actual production settings