AppSec Europe 2014 has ended
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
Thursday, June 26

13:50 BST

Barbican: Protect your Secrets at Scale
For sys admins, your servers hold many pieces of sensitive information, whether they are iron, virtual or cloud boxes. These keys to your kingdom need protection but must also also allow for infrastructure at scale. Application Security current best practices talk about key management, key rotation but have little to no practical advice beyond policy and general statements.

This presentation discusses a proposed solution for key management, named Barbican, an open source project that is part of OpenStack. Its goal was to build a secure, Cloud-ready key management solution. Barbican can be used by OpenStack implementors or anyone willing to run a server or two. This talk will walk through the current state of Barbican, its technical architecture, how to use it as an internal or cloud service and demonstrate our current proof of concept implementation.

avatar for Matt Tesauro

Matt Tesauro

Senior AppSec Engineer, Duo Security
Matt Tesauro is currently a Senior AppSec Engineer building an AppSec Pipeline and continuous security program for Duo Security.  Prior, he worked full-time for the OWASP Foundation, adding automation and awesome to OWASP projects as the Operations Director. Previously, he was... Read More →

Thursday June 26, 2014 13:50 - 14:40 BST
Filter sessions
Apply filters to sessions.