Enterprise Ethical Hacking and DevSecOps for Cloud Applications Workshop
Securing a web application is an enormous task. In this talk, we will explore how to protect enterprise applications. Can we shift left and do continuous exploitation testing while the code is still in development?
We will explore different kinds of vulnerabilities and how to secure your applications properly. Security patterns need to be understood by first wearing a hacker's hat and then putting the hat as a defender. In this workshop, we will explore different security patterns and determine how to prevent attacks.
We will be using OWASP ZAP to exploit applications.
Metrics are essential to measuring success for DevOps. In this talk, we will explore different dimensions and measure the Metrics and apply quality gates for DevSecOps projects.
As part of our exploration, we will look at how businesses can connect DevOps with Business Metrics. Ultimately Business value is critical for survival for any business. Management needs to realize that keeping DevSecOps will help in the speed of development and track how well the company is doing.
Key takeaways for this workshop is:
Threat Modeling techniques using the Threat modeling tool
Reconnaissance to gather information, Google hacking database, Exploit Database
Scanning for vulnerabilities using OWASP ZAP
Exploitation with DOS attacks
Lead Time: The time from code written to entering production
Deployment Frequency: How often deploys happen
Mean-Time-To-Recover (MTTR): How quickly can teams restore service after production outages
Change Fail Rate: What percentage of deploys result in service impairment or an outage
What will benefit from this course?
Developers and Architects who want to shift left for Ethical Hacking
Some knowledge of Linux
This talk is ideal for the following roles:
Architects
Technical Leads
Programers
Integration Architects
Solution Architects
About Rohit Bhardwaj
Rohit Bhardwaj is a Director of Architecture working at Salesforce. Rohit has extensive experience architecting multi-tenant cloud-native solutions in Resilient Microservices Service-Oriented architectures using AWS Stack. In addition, Rohit has a proven ability in designing solutions and executing and delivering transformational programs that reduce costs and increase efficiencies.
As a trusted advisor, leader, and collaborator, Rohit applies problem resolution, analytical, and operational skills to all initiatives and develops strategic requirements and solution analysis through all stages of the project life cycle and product readiness to execution.
Rohit excels in designing scalable cloud microservice architectures using Spring Boot and Netflix OSS technologies using AWS and Google clouds. As a Security Ninja, Rohit looks for ways to resolve application security vulnerabilities using ethical hacking and threat modeling. Rohit is excited about architecting cloud technologies using Dockers, REDIS, NGINX, RightScale, RabbitMQ, Apigee, Azul Zing, Actuate BIRT reporting, Chef, Splunk, Rest-Assured, SoapUI, Dynatrace, and EnterpriseDB. In addition, Rohit has developed lambda architecture solutions using Apache Spark, Cassandra, and Camel for real-time analytics and integration projects.
Rohit has done MBA from Babson College in Corporate Entrepreneurship, Masters in Computer Science from Boston University and Harvard University. Rohit is a regular speaker at No Fluff Just Stuff, UberConf, RichWeb, GIDS, and other international conferences.
Rohit loves to connect on http://www.productivecloudinnovation.com.
http://linkedin.com/in/rohit-bhardwaj-cloud or using Twitter at rbhardwaj1.