SECURITY INCONTINUOUS DELIVERY
ENVIRONMENTWITH A STRONG MIX OF SOA
Created by / Jakub Nawalaniec @panpielgrzym
WHO AM I?Jakub Nawalaniec — Security Engineer @ Base CRM
WHAT IS BASE?
WHAT IS BASE?
POST-PC CRMSOA
AMAZON EC2
CONTINUOUS DELIVERY @BASESELF SUFFICIENT TEAMS
CONTINUOUS DELIVERY @BASESELF SUFFICIENT TEAMS
EXPERIENCES
GRIDCREATEDEPLOY
MAINTAIN
MULTIPLE ENVIRONMENTSDevelopmentSandboxStagingProduction
DEVELOPMENT SPEED
...IN ALL ENVIRONMENTS
SECURITY CONCERNS?
LEGACY APIS/API/V1/HELLO.JSON/API/V2/HELLO.JSON/API/V4/HELLO.JSON
DUPLICATEFUNCTIONALITIES
SHAREDFUNCTIONALITIES
DEPENDENCIES
REIMPLEMENTING THEWHEEL
IS THERE HOPE?
FIGHTING BLOATDIVIDE FAT MICRO-SERVICES
REPLACE LEGACY MICRO-SERVICESAUTOMATE!
INTELANALYZE DEPENDENCIES
AGGREGATE VULNERABILITIES INFOAGGREGATE SERVICE METADATA
WHY DO IT YOURSELF?MULTIPLE PLATFORMS SUPPORTINFORMATION SOURCE MASHUP
EASY TO EXPAND AND CUSTOMIZEMETRIC INTEGRATION FTW
SO WE WON?
NOPE.
HERE IS WHY:LIMITED CONTEXT AWARENESS
SERVICES INTERACTIONSANALYSIS SPEED
???
BUG BOUNTY
BUG BOUNTY
PENTESTMONITORMEASURE
THANKS!