SlideShare a Scribd company logo

Securing ChatOps - DevSecCon Asia 2017 arun n

Download as PPTX, PDF
Arun Narayanaswamy
Arun Narayanaswamy

Securing chat apps with multi factor authentication. This slide details out the loopholes in chat ops and how they can be managed with multi factor authentication (2fa) luke yubikey and google authentication.

Technology
1 of 20
Join the conversation #devseccon Extending and securing Chat-Ops Arun N
Introduction • Arun Narayanaswamy • 14 years in Dev & Ops • Worked at large enterprises including Fortune 1 • Entrepreneur, Student, Photographer and Traveler… • Disclaimer: • “The opinions expressed, software references and any content in this presentation are solely mine and they do not represent my employer.”
How many of you use Chat @ Work? techcrunch.com
ChatOps Architecture – How does it work? © http://nordicapis.com
Chat Apps – Big Players! • Instant messaging on steroids • Your ‘whatsapp’ for business! • Collaboration • Integrated workspace - Text, audio, video • All alerting and messaging in one place • Share, Search & Integrate • Chat-ops! • Fun
Bots– Big Players! • Hubot
Hubot – Why? • CoffeeScript on Node.js based • Active development - Github • Easy integration with third part api’s • Deployable on Heroku, AWS • Works with Slack and HipChat (and more) • What’s chat without Hubot?
Typical CD Workflow • Revolves around the orchestrator • Data need to be consolidated into Splunk/ELK/Jenkins etc. • Now better with • Containers • New-gen monitoring
CI-CD – Data Flow Bot Interactions Chat Notifications HipChat / Hubot - Workflow
Risk Potential Loopholes (With and without ChatOps)
Potential Loopholes : Focus today!
Plugging in the loopholes 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Hardware keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Hardware keys • Demo [ https://devseccon.hipchat.com/chat ] [ https://id.heroku.com/login ] [ https://www.yubico.com ]
Plugging in the loopholes : Soft keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Roles 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
Plugging in the loopholes : Rooms 2FA Multiple Rooms AWS IAM Policies • Restricted Channels • Private Channels • Different Instance of Chat System • 2FA on Chat system itself
Plugging in the loopholes : IAM (AWS) 2FA Multiple Rooms AWS IAM Policies • Policies on what each system can run • Better control on AWS/Heroku where the bots run
Summary © http://nordicapis.com
Join the conversation #devseccon Thank you! linkedin.com/in/arun-n

Recommended

Optimizely Product Deep Dive: Experiment API
Optimizely Product Deep Dive: Experiment APIOptimizely Product Deep Dive: Experiment API
Optimizely Product Deep Dive: Experiment APIOptimizely
 
I set off on a journey to the house of OPS
I set off on a journey to the house of OPSI set off on a journey to the house of OPS
I set off on a journey to the house of OPSepiineg1
 
API Hack Day
API Hack DayAPI Hack Day
API Hack Daypmotyka
 
Using HipChat For Real Time Communication in Social Media - Thad West
Using HipChat For Real Time Communication in Social Media - Thad WestUsing HipChat For Real Time Communication in Social Media - Thad West
Using HipChat For Real Time Communication in Social Media - Thad WestAtlassian
 
WebRTC
WebRTCWebRTC
WebRTCDhruva Sagar
 
Infoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging ServiceInfoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging Servicerusdyaziz
 
MobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & EngagementMobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & EngagementMobiWeb
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationMarketingArrowECS_CZ
 

Recommended

Optimizely Product Deep Dive: Experiment API
Optimizely Product Deep Dive: Experiment APIOptimizely Product Deep Dive: Experiment API
Optimizely Product Deep Dive: Experiment APIOptimizely
 
I set off on a journey to the house of OPS
I set off on a journey to the house of OPSI set off on a journey to the house of OPS
I set off on a journey to the house of OPSepiineg1
 
API Hack Day
API Hack DayAPI Hack Day
API Hack Daypmotyka
 
Using HipChat For Real Time Communication in Social Media - Thad West
Using HipChat For Real Time Communication in Social Media - Thad WestUsing HipChat For Real Time Communication in Social Media - Thad West
Using HipChat For Real Time Communication in Social Media - Thad WestAtlassian
 
WebRTC
WebRTCWebRTC
WebRTCDhruva Sagar
 
Infoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging ServiceInfoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging Servicerusdyaziz
 
MobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & EngagementMobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & EngagementMobiWeb
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationMarketingArrowECS_CZ
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableMobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableXura
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
2FA and OTP
2FA and OTP2FA and OTP
2FA and OTPTristan Gomez
 
Presentation9
Presentation9Presentation9
Presentation9jhonnysen458
 
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 20162FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016Codemotion
 
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Sharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureSharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureHarm Boertien
 
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergHow to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergAtlassian
 
How Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectHow Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectWan Leung Wong
 
WORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designWORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designUsability Matters
 
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMicrosoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMSHOWTO Bilisim Toplulugu
 
User Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamUser Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamXBOSoft
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and CompetencyKrishna-Kumar
 
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014Gergő Ertli
 
Agile and UX
Agile and UXAgile and UX
Agile and UXHaunani Pao
 
How to write a web framework
How to write a web frameworkHow to write a web framework
How to write a web frameworkNgoc Dao
 
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentBUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentKlooff
 
How to Integrate UX and Agile
How to Integrate UX and AgileHow to Integrate UX and Agile
How to Integrate UX and AgileUserZoom
 
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryImplementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryFresche Solutions
 
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeRabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeAvtex
 

More Related Content

Viewers also liked

Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableMobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableXura
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 20162FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016Codemotion
 
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 

Viewers also liked (8)

Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015
 
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableMobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with Authy
 
2FA and OTP
2FA and OTP2FA and OTP
2FA and OTP
 
Presentation9
Presentation9Presentation9
Presentation9
 
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 20162FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
 
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 

Similar to Securing ChatOps - DevSecCon Asia 2017 arun n

Sharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureSharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureHarm Boertien
 
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergHow to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergAtlassian
 
How Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectHow Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectWan Leung Wong
 
WORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designWORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designUsability Matters
 
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMicrosoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMSHOWTO Bilisim Toplulugu
 
User Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamUser Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamXBOSoft
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and CompetencyKrishna-Kumar
 
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014Gergő Ertli
 
How to write a web framework
How to write a web frameworkHow to write a web framework
How to write a web frameworkNgoc Dao
 
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentBUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentKlooff
 
How to Integrate UX and Agile
How to Integrate UX and AgileHow to Integrate UX and Agile
How to Integrate UX and AgileUserZoom
 
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryImplementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryFresche Solutions
 
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeRabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeAvtex
 
Integrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleIntegrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleICS
 
Chris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teamsChris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teamsAgile Lietuva
 
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack PersonasJu Lim
 
Mix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesMix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesAlexis Monville
 
Mobile Usability Research in a Pinch
Mobile Usability Research in a PinchMobile Usability Research in a Pinch
Mobile Usability Research in a PinchErin Young
 
What is share point sps_denver_final
What is share point sps_denver_finalWhat is share point sps_denver_final
What is share point sps_denver_finalM Allmond
 

Similar to Securing ChatOps - DevSecCon Asia 2017 arun n (20)

Sharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps CultureSharing is Caring, How OSS can help embed a DevOps Culture
Sharing is Caring, How OSS can help embed a DevOps Culture
 
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew WeinbergHow to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
How to Use HipChat to Collaborate and Build Culture - Matthew Weinberg
 
How Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your ProjectHow Open Source / Open Technology Could Help On Your Project
How Open Source / Open Technology Could Help On Your Project
 
WORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive designWORKSHOP: 7 Elements to Responsive design
WORKSHOP: 7 Elements to Responsive design
 
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında SunumuMicrosoft Yapay Zeka Servisleri İş Başında Sunumu
Microsoft Yapay Zeka Servisleri İş Başında Sunumu
 
User Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development UpstreamUser Experience Runway - Moving UX into Agile Development Upstream
User Experience Runway - Moving UX into Agile Development Upstream
 
Open Source Building Career and Competency
Open Source Building Career and CompetencyOpen Source Building Career and Competency
Open Source Building Career and Competency
 
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
How to Train Your Developer - Phonedeck - Startup Safari Berlin 2014
 
Agile and UX
Agile and UXAgile and UX
Agile and UX
 
How to write a web framework
How to write a web frameworkHow to write a web framework
How to write a web framework
 
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product DevelopmentBUILD GREAT PRODUCTS: Introduction to LEAN Product Development
BUILD GREAT PRODUCTS: Introduction to LEAN Product Development
 
How to Integrate UX and Agile
How to Integrate UX and AgileHow to Integrate UX and Agile
How to Integrate UX and Agile
 
Implementing Modernization by Trevor Perry
Implementing Modernization by Trevor PerryImplementing Modernization by Trevor Perry
Implementing Modernization by Trevor Perry
 
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_holeRabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
Rabbit Hole® – A User Experience Case StudyCx ux engage_2014_rabbit_hole
 
Integrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product LifecycleIntegrating User Experience Design into the Product Lifecycle
Integrating User Experience Design into the Product Lifecycle
 
Chris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teamsChris Covell Collaboration for distributed teams
Chris Covell Collaboration for distributed teams
 
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
2014 #vBrownBag OpenStack Summit Atlanta Ju Lim -- OpenStack Personas
 
Mix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes DistribuéesMix-IT - Des Produits avec des Equipes Distribuées
Mix-IT - Des Produits avec des Equipes Distribuées
 
Mobile Usability Research in a Pinch
Mobile Usability Research in a PinchMobile Usability Research in a Pinch
Mobile Usability Research in a Pinch
 
What is share point sps_denver_final
What is share point sps_denver_finalWhat is share point sps_denver_final
What is share point sps_denver_final
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 

Securing ChatOps - DevSecCon Asia 2017 arun n

  • 1. Join the conversation #devseccon Extending and securing Chat-Ops Arun N
  • 2. Introduction • Arun Narayanaswamy • 14 years in Dev & Ops • Worked at large enterprises including Fortune 1 • Entrepreneur, Student, Photographer and Traveler… • Disclaimer: • “The opinions expressed, software references and any content in this presentation are solely mine and they do not represent my employer.”
  • 3. How many of you use Chat @ Work? techcrunch.com
  • 4. ChatOps Architecture – How does it work? © http://nordicapis.com
  • 5. Chat Apps – Big Players! • Instant messaging on steroids • Your ‘whatsapp’ for business! • Collaboration • Integrated workspace - Text, audio, video • All alerting and messaging in one place • Share, Search & Integrate • Chat-ops! • Fun
  • 7. Hubot – Why? • CoffeeScript on Node.js based • Active development - Github • Easy integration with third part api’s • Deployable on Heroku, AWS • Works with Slack and HipChat (and more) • What’s chat without Hubot?
  • 8. Typical CD Workflow • Revolves around the orchestrator • Data need to be consolidated into Splunk/ELK/Jenkins etc. • Now better with • Containers • New-gen monitoring
  • 9. CI-CD – Data Flow Bot Interactions Chat Notifications HipChat / Hubot - Workflow
  • 10. Risk Potential Loopholes (With and without ChatOps)
  • 11. Potential Loopholes : Focus today!
  • 12. Plugging in the loopholes 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 13. Plugging in the loopholes : Hardware keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 14. Plugging in the loopholes : Hardware keys • Demo [ https://devseccon.hipchat.com/chat ] [ https://id.heroku.com/login ] [ https://www.yubico.com ]
  • 15. Plugging in the loopholes : Soft keys 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 16. Plugging in the loopholes : Roles 2FA Hardware Tokens Software Tokens Roles •Custom Code •Hubot Auth 2FA Multiple Rooms AWS IAM Policies
  • 17. Plugging in the loopholes : Rooms 2FA Multiple Rooms AWS IAM Policies • Restricted Channels • Private Channels • Different Instance of Chat System • 2FA on Chat system itself
  • 18. Plugging in the loopholes : IAM (AWS) 2FA Multiple Rooms AWS IAM Policies • Policies on what each system can run • Better control on AWS/Heroku where the bots run
  • 20. Join the conversation #devseccon Thank you! linkedin.com/in/arun-n

Editor's Notes

  1. AB Deployment / Canary Deployment // Jenkins – CA RA – Automic // Urban Code Deploy