Securing 4 C's of a Software Product - AWS Edition

👋 Introduction

Following a successful MVP demonstration, a startup recently obtained significant funding. The next step involves a soft launch where security poses a crucial challenge. The initial PoC lacks basic security standards needed for customer trust and compliance for ex: secrets are strewn all across the code, everyone is having admin privileges to AWS and Kubernetes, Compute infrastructure is non-compliant and only a basic web application pentest was conducted with very few findings.

This scenario inspired creation of ‘Securing 4C’s of Software Product,’ a specialized training program tailored to secure the core pillars of product security: Code, Container, Cluster & Cloud.

This training delves deep into key security domains such as Authentication and Authorization in AWS and Kubernetes, Secrets Management & Detection, Supply Chain Security, Container Security, and Static Application Security. It equips attendees with the necessary knowledge to establish robust security protocols, ensuring deployments carry a high level of security assurance.

🤺 Who Should Take This Course ?

  • Security professionals looking to Switch Over to Product Security
  • DevOps/SRE Professionals
  • Security Engineers
  • Software/Platform Engineers
  • Security Architects

🎩 Why Should You Take This Course ?

The course is tailored for individuals deeply involved in developing, deploying, or safeguarding applications within cloud and cloud-native environments. It offers a unique focus on embedding security measures into the platform, a frequently underestimated yet crucial aspect for a holistic security stance. Participants will gain practical exposure to implementing various security features, such as authentication, authorization, secrets management, supply chain, and container security. This course caters to software developers, security engineers, and DevOps professionals seeking to elevate their expertise in securing cloud-based applications and platforms. Upon completion, attendees will possess a robust understanding of crafting a secure platform fortified with foundational security measures, instilling confidence in the deployment process.

3️⃣ Three Takeaways

  • Comprehensive Security Framework Understanding: Gain a profound understanding of how code, containers, clusters, and the cloud interconnect from a security standpoint. Learn to recognize the inherent security implications and develop strategies to fortify these components within the ecosystem.
  • Practical Implementation of Security via Github Actions: Access a collection of practical, readily implementable GitHub Actions designed to construct security guardrails within their existing environments. These actions provide a streamlined approach to integrate security measures into the development and deployment pipeline.
  • Security Tool Starter Kit : Acquire a starting point for essential security tools such as Semgrep, OPA (Open Policy Agent), Kyverno, and Gitleaks. Understand how these tools function and leverage them as a foundation to build customized security solutions tailored to your team’s requirements.

So without much ado let’s get stated here -> https://www.rohitsalecha.com/s4cp/

Avatar
Rohit Salecha
Security Engineering

Rohit Salecha is a technology geek who loves to explore anything that runs and understands binary. As a security engineer he is passionate about learning the length,breadth and depth of technology. Being more on the defensive side he has evangelised secure software development at various organizations for more than a decade. He is ridiculously driven by “everything as code” mantra and strongly believes that security team must strive towards making themselves irrelevant.

Previous