Downloaded 54 times
Uploaded byShannon Lietz
Security as Code owasp
The document outlines the security configuration procedures for an organization. It details the DevSecOps approach taken with sections for security engineering, operations, compliance operations, and security science. It also outlines response times for certain security issues and the roles used within IAM. Diagrams show how tools, accounts, and data are integrated between security teams and AWS services.
Technologyâ—¦
![Governance, Deployment & Methodologies for Agentic Automation [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day2-251112135038-a386476d-thumbnail.jpg?width=640&height=640&fit=bounds)
Security as Code owasp
- 1. Christian Price Cloud SecurityArchitect, Intuit Shannon Lietz Sr. Mgr & DevSecOps Leader, Intuit
- 2. • • • • Page 3 of375 Security Configuration Procedures V 3.6.0.1.1, January 2011
- 4.
- 5.
- 6. OPS SEC DEV AppSec • Security asCode • Self-Service Testing • Red Team/Blue Team • Inline Enforcement • Analytics & Insights • Detect & Contain • Incident Response • Investigations • Forensics
- 7. DevSecOps Security Engineering Experiment, Automate, Test Security Operations Hunt, Detect, Contain Compliance Operations Respond, Manage,Train Security Science Learn, Measure, Forecast
- 9. • API KEYEXPOSURE -> 8 HRS • DEFAULT CONFIGS -> 24 HRS • SECURITY GROUPS -> 24 HRS • ESCALATION OF PRIVS -> 5 DAYS • KNOWN VULN -> 8 HRS
- 10.
- 11.
- 12. Central Account (Trusted) Admin IAM IAMIAMIAM IAM IAM SecRole SecRole SecRole SecRole SecRole SecRole IAM How did we decide which roles would be deployed? • Human • IAM Admin • Incident Response • Read Only • Services • IAM Grantor • Instance Roles required to support security services • Read Only
- 14.
- 15.
- 16. MACHINE IMAGES DOCKER CONTAINERS BASELINESCRIPTS LIBRARIES & TOOLKITS • • • •
- 17.
- 18.
- 19.
- 21.
- 23.
- 24.
- 25.
- 29.
- 30.