Tim Hinrichs – Security-by-Construction: How to Weave Security into the Core of Modern Applications

June 7, 2020


In our containerized application world, we can revolutionize the way apps are secured by building security and compliance guardrails into our apps and our application development processes from the start. In this session, Tim Hinrichs, CTO of Styra and co-founder/inventor of the Open Policy Agent project, will show examples of policy-as-code guardrails, deployed across the stages of app development, deployment and runtime, including:

Git: How to structure repositories so that teams can write independent API authorization policies that snap into an application-wide authorization system that enforces those policies automatically, all without relying on a paper process or PDFs.

CICD: How to impose governance over the policies written by individual teams so that just like application code, bad policies are rejected well before they cause problems.

Kubernetes: How to ensure deployment of the application is properly bound to the policies that are intended to secure it.

Runtime: How to write policies that limit the risk of data exfiltration, lateral movement and insider attacks or mistakes.

Throughout the discussion the audience will see working code snippets to ground the discussion and a bit of live-coding.

Three Key Takeaways:

1. How to leverage the open source tools to build policy-as-code guardrails.
2. Best practices from the community for limiting risk.
3. How to shift security left, and bring policy into your development culture, without manual overhead.

Share some ❤
Guest(s): Tim Hinrichs
starts in 10 seconds