Explore the security challenges and best practices for Software Defined Infrastructures (SDI) in this 26-minute conference talk from AppSec EU 2017. Delve into the advantages and potential vulnerabilities of configuration management tools like Puppet and Chef. Learn about the attack surface and threats in SDI deployments, and discover techniques for identifying vulnerabilities through source code analysis. Gain insights from real-world security reviews and understand how to remediate common security issues. Cover topics including insufficiently protected interfaces, insecure handling of secrets, encryption of configuration values, logging configuration changes, credential management, untrusted code, and implementing a robust security lifecycle. Benefit from practical examples and lessons learned to improve the security of your SDI implementations.