Overview
Explore how cloud-native design patterns can enhance software security in this 52-minute Devoxx conference talk. Discover how concepts from 12-factor and cloud-native applications implicitly improve security, applicable to both legacy and new development projects, regardless of deployment environment. Learn about configuration challenges, audit trails, stateless architecture, and logging practices that contribute to robust security. Examine strategies for secret rotation, password management, and software patching. Gain insights into automating verification processes and avoiding common security pitfalls. Understand how these principles form the foundation of modern secure-by-design software development, offering protection against persistent threats.
Syllabus
Intro
Who are you
Security benefits from cloud thinking
Agenda
Configuration
Challenges
Audit trail
Environment
Stateless
Availability and integrity
Logging
Confidentiality
Log service
Three hours of enterprise security
Rotation of secrets
Changing passwords
Software patches
Automating verification
WePay approach
Common mistakes
Persistent threats
Taught by
Devoxx