Sign up to save your podcasts
Or
Share Beyond the Basics: Advanced AWS Security Tactics with Marek Šottl
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Beyond the Basics: Advanced AWS Security Tactics with Marek Šottl
Web Security Dev Academy 👉 http://links.dev-academy.com/Qwrl
Secure your spot and receive exclusive bonuses 🎉
Summary
In this conversation, Bartek and Marek discuss AWS security and the importance of understanding the fundamentals. They emphasize the need for multiple tools and a shared responsibility model in securing cloud-native applications. They highlight the significance of identity and access management (IAM) in AWS environments and the need for proper IAM setup. They also discuss the importance of basics, such as AWS Landing Zone Accelerator and billing alarms, in securing cloud environments. They stress the importance of automation and DevSecOps pipelines, including automated static code analysis and software composition analysis. The conversation focused on the importance of software composition analysis (SCA) and open source vulnerabilities in the context of application security. The growth of open source libraries and the limited number of developers maintaining them pose significant security risks. The lack of correlation between SCA, static analysis, and dynamic testing tools was identified as a gap in the current tooling landscape. The conversation also touched on the cultural aspects of threat modeling and the need for education and security champion programs within organizations. Common myths about application security and DevSecOps were debunked, including the belief that buying a tool will solve all security problems and the misconception that scanning infrastructure as code guarantees security. The future trends discussed included the use of AI in code reviews and the importance of staying up to date with the latest technologies and trends in the field.
Chapters
00:00 Introduction and Overview
02:23 Marek's Journey into AWS Security
03:47 The Future and Time Travel
05:13 Marek's AWS Security Bootcamp
06:13 The Importance of Understanding the Fundamentals
08:33 The Fundamentals of Web Security
10:46 Securing Cloud-Native Applications in AWS
12:10 Identity and Access Management (IAM) in AWS
14:30 The Significance of Basics in AWS Security
25:27 Automating Security with DevSecOps Pipelines
38:20 The Importance of Software Composition Analysis and Open Source Vulnerabilities
41:41 The Need for Correlation Between SCA, Static Analysis, and Dynamic Testing Tools
43:38 Cultural Aspects of Threat Modeling: Education and Security Champion Programs
47:01 Debunking Common Myths About Application Security and DevSecOps
57:30 The Limitations of Scanning Infrastructure as Code for Security
01:11:25 The Future of Application Security: AI in Code Reviews
01:15:15 Staying Up to Date with the Latest Trends and Technologies in Cybersecurity
#SecureCoding #WebDev #WebSecurity #DevSecOps
View all episodes
By Bartosz | Dev AcademyWeb Security Dev Academy 👉 http://links.dev-academy.com/Qwrl
Secure your spot and receive exclusive bonuses 🎉
Summary
In this conversation, Bartek and Marek discuss AWS security and the importance of understanding the fundamentals. They emphasize the need for multiple tools and a shared responsibility model in securing cloud-native applications. They highlight the significance of identity and access management (IAM) in AWS environments and the need for proper IAM setup. They also discuss the importance of basics, such as AWS Landing Zone Accelerator and billing alarms, in securing cloud environments. They stress the importance of automation and DevSecOps pipelines, including automated static code analysis and software composition analysis. The conversation focused on the importance of software composition analysis (SCA) and open source vulnerabilities in the context of application security. The growth of open source libraries and the limited number of developers maintaining them pose significant security risks. The lack of correlation between SCA, static analysis, and dynamic testing tools was identified as a gap in the current tooling landscape. The conversation also touched on the cultural aspects of threat modeling and the need for education and security champion programs within organizations. Common myths about application security and DevSecOps were debunked, including the belief that buying a tool will solve all security problems and the misconception that scanning infrastructure as code guarantees security. The future trends discussed included the use of AI in code reviews and the importance of staying up to date with the latest technologies and trends in the field.
Chapters
00:00 Introduction and Overview
02:23 Marek's Journey into AWS Security
03:47 The Future and Time Travel
05:13 Marek's AWS Security Bootcamp
06:13 The Importance of Understanding the Fundamentals
08:33 The Fundamentals of Web Security
10:46 Securing Cloud-Native Applications in AWS
12:10 Identity and Access Management (IAM) in AWS
14:30 The Significance of Basics in AWS Security
25:27 Automating Security with DevSecOps Pipelines
38:20 The Importance of Software Composition Analysis and Open Source Vulnerabilities
41:41 The Need for Correlation Between SCA, Static Analysis, and Dynamic Testing Tools
43:38 Cultural Aspects of Threat Modeling: Education and Security Champion Programs
47:01 Debunking Common Myths About Application Security and DevSecOps
57:30 The Limitations of Scanning Infrastructure as Code for Security
01:11:25 The Future of Application Security: AI in Code Reviews
01:15:15 Staying Up to Date with the Latest Trends and Technologies in Cybersecurity
#SecureCoding #WebDev #WebSecurity #DevSecOps