Beyond the Basics: Advanced AWS Security Tactics with Marek Šottl

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/ab/67/2f/ab672fad-134e-f36b-133a-c3a26a09dd5c/mza_9765846049798405650.jpg/600x600bb.jpg

Dev Academy Podcast

Bartosz | Dev Academy

13 episodes

3 days ago

Welcome to the "Dev Academy Podcast," the chill spot where we talk all things code without the fluff. Join us as we break down timeless software engineering fundamentals: think security that keeps the baddies out, testing that’s actually fun, architecture that doesn’t crumble, and design that’s as sleek as it is smart. Hosted by Bartosz Pietrucha, who's seen it all from the code trenches to the top tech stages, we’re here to share stories, tips, and laughs. Whether you’re a pro coder or just starting out, we’ve got something for you.

Technology

RSS

All content for Dev Academy Podcast is the property of Bartosz | Dev Academy and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/40497048/40497048-1714752414991-21cf195cf372d.jpg

Beyond the Basics: Advanced AWS Security Tactics with Marek Šottl

Dev Academy Podcast

1 hour 16 minutes 22 seconds

1 year ago

Beyond the Basics: Advanced AWS Security Tactics with Marek Šottl

⁠Web Security Dev Academy⁠ 👉 http://links.dev-academy.com/Qwrl

Secure your spot and receive exclusive bonuses 🎉

Summary In this conversation, Bartek and Marek discuss AWS security and the importance of understanding the fundamentals. They emphasize the need for multiple tools and a shared responsibility model in securing cloud-native applications. They highlight the significance of identity and access management (IAM) in AWS environments and the need for proper IAM setup. They also discuss the importance of basics, such as AWS Landing Zone Accelerator and billing alarms, in securing cloud environments. They stress the importance of automation and DevSecOps pipelines, including automated static code analysis and software composition analysis. The conversation focused on the importance of software composition analysis (SCA) and open source vulnerabilities in the context of application security. The growth of open source libraries and the limited number of developers maintaining them pose significant security risks. The lack of correlation between SCA, static analysis, and dynamic testing tools was identified as a gap in the current tooling landscape. The conversation also touched on the cultural aspects of threat modeling and the need for education and security champion programs within organizations. Common myths about application security and DevSecOps were debunked, including the belief that buying a tool will solve all security problems and the misconception that scanning infrastructure as code guarantees security. The future trends discussed included the use of AI in code reviews and the importance of staying up to date with the latest technologies and trends in the field.

Chapters

00:00 Introduction and Overview

02:23 Marek's Journey into AWS Security

03:47 The Future and Time Travel

05:13 Marek's AWS Security Bootcamp

06:13 The Importance of Understanding the Fundamentals

08:33 The Fundamentals of Web Security

10:46 Securing Cloud-Native Applications in AWS

12:10 Identity and Access Management (IAM) in AWS

14:30 The Significance of Basics in AWS Security

25:27 Automating Security with DevSecOps Pipelines

38:20 The Importance of Software Composition Analysis and Open Source Vulnerabilities

41:41 The Need for Correlation Between SCA, Static Analysis, and Dynamic Testing Tools

43:38 Cultural Aspects of Threat Modeling: Education and Security Champion Programs

47:01 Debunking Common Myths About Application Security and DevSecOps

57:30 The Limitations of Scanning Infrastructure as Code for Security

01:11:25 The Future of Application Security: AI in Code Reviews

01:15:15 Staying Up to Date with the Latest Trends and Technologies in Cybersecurity

#SecureCoding #WebDev #WebSecurity #DevSecOps