How to run SAST (Static security testing) of your infrastructure as code

Поделиться
HTML-код
  • Опубликовано: 8 сен 2024
  • Iac (Infrastructure as code) needs also static security testing. Static testing is the evaluation and testing of the code itself before any deployment of builds focusing on security configuration, best practices, and vulnerabilities. IaC can and might be considered as an application. So same efforts for scanning the code must go to Terraform, Cloudformation, ARM, and other infra.
    In this video, I am showing you my vulnerable IaC lab where you will learn how to test your deployments before deployment even when you are not a cybersecurity professional. You will get a new DevSecOps superpower.
    Links Github:
    github.com/aqu...
    github.com/bri...
    github.com/acc...
    Links to the docs:
    snyk.io/produc...
    tfsec.dev/
    www.checkov.io...
    Amazing article that we wrote with my former colleague:
    www.revolgy.co...
    ====
    Connect with me: / mareksottl
    Blog: www.sottlmarek...
    Subscribe here: / @hackitectsplayground

Комментарии • 5

  • @Moondreavus
    @Moondreavus 2 года назад +3

    Hey, just want to let you know that I really enjoyed this video. This must've taken you a really long time to prepare, test and compare. Good job!

    • @hackitectsplayground
      @hackitectsplayground  2 года назад +1

      @Moondreavus Thank you! Every good vibe motivates me to make more. It's true that creation of such a videos is not easy and short task.

  • @Ejdy_r
    @Ejdy_r 2 года назад +2

    HELL YEAAAH MAN!

  • @hackitectsplayground
    @hackitectsplayground  2 года назад +3

    Whats your favourite SAST for Infra as code tool?

Следующие
Автовоспроизведение
Terraform least priviledge with AirIAM for AWS14:02Terraform least priviledge with AirIAM for AWS
Terraform least priviledge with AirIAM for AWSHackitect's playground
Просмотров 313
What is DevSecOps?31:06What is DevSecOps?
What is DevSecOps?Hackitect's playground
Просмотров 1,5 тыс.
How to test mobile application for security issues with AWS ECS26:39How to test mobile application for security issues with AWS ECS
How to test mobile application for security issues with AWS ECSHackitect's playground
Просмотров 445
Linkin Park: The Emptiness Machine, New Album & Return to Music with Apple Music’s Zane Lowe58:21Linkin Park: The Emptiness Machine, New Album & Return to Music with Apple Music’s Zane Lowe
Linkin Park: The Emptiness Machine, New Album & Return to Music with Apple Music’s Zane LoweLinkin Park
Просмотров 1,8 млн
What we know about the Jordan Love injury as of right now | Green Bay Packers Vs Philadelphia Eagles00:59What we know about the Jordan Love injury as of right now | Green Bay Packers Vs Philadelphia Eagles
What we know about the Jordan Love injury as of right now | Green Bay Packers Vs Philadelphia EaglesJackson Krueger Sports
Просмотров 539 тыс.
FGTeeV is Chained Together for a Day 😂22:20FGTeeV is Chained Together for a Day 😂
FGTeeV is Chained Together for a Day 😂FGTeeV
Просмотров 673 тыс.
Dude Perfect vs Mark Rober: Battle Bots17:57Dude Perfect vs Mark Rober: Battle Bots
Dude Perfect vs Mark Rober: Battle BotsDude Perfect
Просмотров 2,3 млн
The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success.39:21The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success.
The best Hacking Courses & Certs (not all these)? Your roadmap to Pentester success.David Bombal
Просмотров 292 тыс.
How to: Secrets scanning18:09How to: Secrets scanning
How to: Secrets scanningHackitect's playground
Просмотров 190
Snyk free DevSecOps tools and resources16:26Snyk free DevSecOps tools and resources
Snyk free DevSecOps tools and resourcesHackitect's playground
Просмотров 1,4 тыс.
8 Tips how to become AWS Community builder27:138 Tips how to become AWS Community builder
8 Tips how to become AWS Community builderHackitect's playground
Просмотров 2,3 тыс.
What is Ansible?11:06What is Ansible?
What is Ansible?IBM Technology
Просмотров 175 тыс.
Black Hat Bash: Bash Scripting for Hackers and Pentesters (Bonus: GraphQL and Drone hacking)1:40:11Black Hat Bash: Bash Scripting for Hackers and Pentesters (Bonus: GraphQL and Drone hacking)
Black Hat Bash: Bash Scripting for Hackers and Pentesters (Bonus: GraphQL and Drone hacking)David Bombal
Просмотров 63 тыс.
Cloudonauts: Nyx - Pursuit of the Unknown IAC Drift story16:36Cloudonauts: Nyx - Pursuit of the Unknown IAC Drift story
Cloudonauts: Nyx - Pursuit of the Unknown IAC Drift storyHackitect's playground
Просмотров 183
Free Hacking API courses (And how to use AI to help you hack)53:46Free Hacking API courses (And how to use AI to help you hack)
Free Hacking API courses (And how to use AI to help you hack)David Bombal
Просмотров 106 тыс.
Cloud security and DevSecOps certifications guide25:15Cloud security and DevSecOps certifications guide
Cloud security and DevSecOps certifications guideHackitect's playground
Просмотров 1,5 тыс.
Самый БОЛЬШОЙ iPhone в МИРЕ!00:52Самый БОЛЬШОЙ iPhone в МИРЕ!
Самый БОЛЬШОЙ iPhone в МИРЕ!ÉЖИ АКСЁНОВ
Просмотров 257 тыс.
Чистка пляжа - нашли интересную игрушку из детства00:47Чистка пляжа - нашли интересную игрушку из детства
Чистка пляжа - нашли интересную игрушку из детстваFD Vasya
Просмотров 76 тыс.
POV: Your kids ask to play the claw machine00:20POV: Your kids ask to play the claw machine
POV: Your kids ask to play the claw machineHungry FAM
Просмотров 9 млн
Перегоняю через ГРАНИЦУ Китая в Россия Тягач-Грузовик Mercedes. Обход САНКЦИЙ36:11Перегоняю через ГРАНИЦУ Китая в Россия Тягач-Грузовик Mercedes. Обход САНКЦИЙ
Перегоняю через ГРАНИЦУ Китая в Россия Тягач-Грузовик Mercedes. Обход САНКЦИЙНастя Туман
Просмотров 716 тыс.
🛑 ты за кого?00:11🛑 ты за кого?
🛑 ты за кого?Арсений Бардаш
Просмотров 114 тыс.
чем закончился прикол, смотри в тг «хей! это марьяна!» @Dasha_Da_00:33чем закончился прикол, смотри в тг «хей! это марьяна!» @Dasha_Da_
чем закончился прикол, смотри в тг «хей! это марьяна!» @Dasha_Da_Maryana Lokel
Просмотров 519 тыс.
Чайник из камня вручную. Мастеру 86 лет #ученые_против_мифов01:00Чайник из камня вручную. Мастеру 86 лет #ученые_против_мифов
Чайник из камня вручную. Мастеру 86 лет #ученые_против_мифовАНТРОПОГЕНЕЗ.РУ
Просмотров 299 тыс.
Каха домашние продукты #непосредственнокаха00:32Каха домашние продукты #непосредственнокаха
Каха домашние продукты #непосредственнокахаК-Media
Просмотров 427 тыс.