Explore the application of graph theory to Policy-As-Code in this insightful conference talk. Delve into the concept of modeling modern cloud infrastructures as graphs, where compute resources, network resources, and access control resources form interconnected nodes. Learn how Infrastructure as Code projects like Terraform utilize directed acyclic graphs to manage and modify infrastructure resources across various platforms. Discover the potential of applying similar graph-based approaches to analyze and enforce policies over infrastructure as code. Gain hands-on knowledge of the open-source tool Checkov, including its internal workings and practical usage. Write a custom policy focusing on the relationships between compute resources and access control resources, demonstrating the power of graph theory in Policy-As-Code implementations.
Overview
Syllabus
OWASP Standard Classification: Introducing graph theory to Policy-As-Code - Barak Schoster
Taught by
OWASP Foundation
Related Courses
-
Scanning Infrastructure as Code for Security Vulnerabilities with Terraform
-
Choosing an Infrastructure as Code Solution - Lecture
-
Application Code of Conduct - Full-Stack Policy as Code
-
Deploying Policy-as-Code with Readable Rego Policies and Open Policy Agent
-
Policy as Code: A Game-Changer for Stack Security
-
Sentinel Policy-as-Code: Implementing Security and Compliance Guardrails in Financial Services
