AWS New York Training Part 1

#

When did application security transition from the security of the underlying application itself,to the pipeline? I must not have been paying attention, because somewhere the transition had taken place.

I received an announcement from the AWS Security TFC about an upcoming Application Security training. It was to be held this week, Monday through Wednesday, and I jumped at the opportunity to attend. However, I was still operating under the old definition of App Security.

It wasn’t until a few weeks had passed that I finally comprehended the working definition of Application Security at AWS. That is security OF your CI/CD pipeline, security WITHIN your CI/CD pipeline, and SBOMS (Software Build of Materials). OK, that’s cool too. This will be a great opportunity for me to gain experience with pipelines, as I currently have very little.

Keep an eye out for upcoming articles on CI/CD pipeline security that I’ll be publishing on my website. Yet, I wanted to notify everyone about an excellent AWS Open Source project that can speedily help in setting up a pipeline. That project is the Automated Security Helper or ASH.

ASH will ease the difficulty of running standard open source tooling on your source code repository. It currently offers support for 8 languages, such as Python, Jupyter Notebooks, JavaScript, NodeJS, Go, C#, Bash, and Java. It also offers assistance for infrastructure code in Terraform, CloudFormation, and Docker files.

Getting started is a breeze, even on your local machine. I’ll be writing more about ASH in the future.