JuiceShop Org Example
Operations --- wants to ensure a system availability
Development --wants to deliver applications fast
Business value of DevOps
Customer-Centric --- 106 times faster lead time from commit to deploy
safety --- 7 times lower change failure rate
reliability and availability: time to restore less than 1 hour
Background story, development team and datacenter had different version of nodejs and also some network patching was missed by the network guy. Hence they had to come up with some plan to create a pipeline for the process.
New Environment:
TASK-1
3 cloud instances
TASK3
TASK4
jenkins tower plugin
same pipeline step:
stage('deploy cloud instances with tower'){
node {
ansibleTower(
towerServer: 'JuiceShop Tower',
templateType: 'workflow',
jobTemplate: 'Cloud instances workflow')
same ansible module for cloud:
name: Deploy web servers
ec2:
count_tag:
name: ec2_devops
exact_count: "{{ec2_count}}"
instance_tags:
Name: ec2_devops
function: webservers
Configure virtual server:
-name: Create JuiceShop App VS
bigip_virtual_server:
description: AnsibleJuiceShopVIP
destination: "{{f5_private_shop}}"
name: AnsibleJuiceShopVS
pool: AnsibleJuiceShopPool
workflow : functionality on ansible tower that allows to use small pieces of automation to solve complex problems
dynamic inventory: connect all the metadata and make it available for rest of the automation
What is the achieve at the end ??
frequent release and clean release
automation testing
faster infrastructure and consistent
configured load balancer
Now a hacker wants to run some basic phising and able to bypass the security getting admin privilege and got in:
sql injection attack: when malicious user is able to interact with database directly
cross site scripting attack: execute hacker's malicious code from the website
This can be pretty detrimental both for the customers and application
One more test ?
How is credit card stored?
in text and can access the customer's credit card records
What went wrong ? Where was security ??
---- How the ansible automation platform helped juiceShop ??
Ansible security automation might help:
1.Hardening: auditing existing systems . patching vulnerabilities.enforcing least privilege on systems
2. Compliance Management: implementing regulatory standards
3. Response and remediation: investigation enrichment , threat , hunting and incident response
Write a new playbook :
security integrated into juiceshop pipeline
some security terms:
static code analysis
dynamic code analysis
network isolation or micro segmentation: when hacker got access to one system, it would be isolated an no other systems would be accessible
Secured JuiceShop App Deployment:
No comments:
Post a Comment