Security @Adobe Details Chef-Automated Security Testing

Our good friends at Adobe have been awesome about providing technical insight into their use of Chef in the past. Yesterday, their lead security strategist Peleus Uhley, continued this trend with a very informative blog detailing Chef-automated security testing in Adobe’s private cloud infrastructure.

Peleus writes:

“At Adobe, we’re constantly hiring third party security consultants to test our products. They require environments for building and testing Adobe code, and they need access to tools like Cygwin, Wireshark, SysInternals, WinDbg, etc. For my personal testing, I also require access to machines with a similar set up.  Using the cloud, it is possible to quickly spin up and destroy these types of security testing environments as needed.  

For this project, I used Adobe’s private cloud infrastructure – which is just an implementation detail – this approach can work on any cloud infrastructure. Our IT department also provides an internal Chef server for hosting cookbooks and managing roles.”

Peleus goes on to describe the workflow in detail, step by step, and the Chef code commands used to execute the workflow test. The blog concludes:

“The fact that I was able to go from a limited amount of knowledge to a working implementation fairly quickly speaks to the ease of Chef. If you are interested in learning more about the cloud, you don’t need a large, massively scalable project in order to get your hands dirty. It is possible to start with simple problems like creating disposable workstations.”

There’s a ton of great hands-on content and guidance in Peleus’ post, which you can see here.

Thanks Peleus!

Lucas Welch

Former Chef Employee