Paco Hope

Forecast: Cloudy with Testable Security

Software Security Expert and Leader, Amazon


Modern cloud apps look nothing like traditional software. As we secure them, we find that some security tests diminish in value while other security tests gain new importance. Many of our traditional security testing techniques offer limited value in a microservice architecture or serverless infrastructure. Paco will talk about why the old tools yield limited results and why that matters. Security testing today is as important as it ever was, but if you’re testing an app deployed to the cloud, it’s a different kind of testing.

Paco describes AWS environment security controls that are good to test and check. He talks security test activities that are redundant in the cloud, and about security testing at the application layer, which is still very much important even in the cloud. Finally, he shows a number of cloud-native services that automate and assist in security testing applications and their configurations, after they have been deployed.