Abstract

Companies and organizations have been following many traditional strategies for deploying WAF (web application firewall) in their infrastructure where most of the work is done. manually. Every ACL, every rule entry, every signature, and every other configuration was created and managed by hand. It could have various flaws: flaw of wrong ACL, flaw of accidental misconfiguration, flaw of bad signature, and other various things. The good news is that thanks to the DevOps Rebel Alliance, we now have a better way to do things: Infrastructure-as-Code (IAC).

Instead of clicking around a web UI or manually executing commands and setting up rules and configuration, the idea behind IAC is to write code to define, provision, and manage your WAF. You can validate each WAF change through code reviews and automated tests and you can create/use a library of reusable, documented, battle-tested code that makes it easier to scale and evolve your WAF. In this talk, we will have a quick on the various concept of what, how and why of "Automating AWS WAF using Terraform"

Speaker

Avinash Jain

I am a cybersecurity researcher and an ethical hacker working as a full time security engineer in an Indian E-commerce company, Grofers. I'm also a part time bug bounty hunter - acknowledged by various MNCs like Google, Yahoo, NASA, LinkedIn, Indian Railways and some top companies of India more than 100+. I am also an active blogger on Medium where I write about interesting vulnerabilities that I find on my bug bounty journeys. Various articles and interviews have been published in various security magazines, newspapers and newsletters like Economic Times, HuffingtonPost, Hakin9, Hackerone etc. I am also a cybersecurity speaker, invited by various e-commerce companies and security conferences. Recently I was over some news media for my hack in NASA and Indian Railways IRCTC.

Building DevSecOps, Managing application security, performing penetration testing, hardening network and infrastructure, and automating security tasks and fan of Ansible and Vault , are some of the things I take care of on a daily basis

Timing

Starts at Saturday August 10 2019, 12:05 PM. The sessions runs for 30 minutes.

Resources