Moving applications and development to the cloud has delivered operational benefits at scale. Faster release cycles and microservices architectures drive complexity and a need for speed that can only be solved by automation via infrastructure-as-code (IaC). However, deploying new tools creates new attack surfaces, and IaC is no different. 

Whether inadvertently exposing an S3 bucket or maliciously deploying compromised applications into production, the automation inherent in IaC amplifies mistakes and facilitates lateral movement of attackers as much as it boosts developers’ release efficiency. Just as scanning for security vulnerabilities in source code is a de facto best practice, proactively scanning IaC must also become automated in software delivery pipelines of security-conscious organizations looking to shift left.

In this webinar, you will learn:

• About IaC and why its adoption is rapidly increasing
• Where in the SDLC you should scan
• Securing IaC in a developer-friendly way
• What types of security misconfigurations you should look for
• Preventing compromise of IaC code itself
• Preventing IaC from being used to deploy altered applications
• Identifying drift between IaC configurations and actual production settings