Conference:  Global AppSec San Francisco 2022

Authors: Simon Bennetts, semgrep.dev

2022-11-18

Is OWASP Still Relevant?Do people want to go to conferences and chapter meetings in the aftermath of COVID?Do we need 260+ projects?Does anyone get past the titles of the Top 10?In this talk Simon will explain why he thinks OWASP is still very relevant and a much needed force for good.But this will be interactive and you will get a chance to have your say!

Conference:  Global AppSec San Francisco 2022

Authors: David Klein

2022-11-17

Hand sanitizers have been an important tool to prevent the Covid pandemic from spreading even further. However, not everything related to hand sanitization is as positive. Hand written sanitizing functions, frequently found on the web, are a grave security risk. Input sanitization is the main technique to defend against injection attacks such as Cross-Site Scripting (XSS). With more and more functionality being offered in the form of web applications, the importance of correct sanitizing functions increases.While evidence of broken sanitizers exist, no comprehensive study about real world JavaScript sanitizing functions existed. To close this gap we leveraged a taint-tracking enabled Web browser to detect JavaScript code performing input sanitization. We built an analysis framework to evaluate the collected functions for both generality and security. We found 10% of the analyzed sanitizers to be blatantly insecure with our framework being able to automatically generate a modified payload passing through the sanitizer. However, most of the remaining sanitizers were only secure for the exact piece of code surrounding them, running danger that a simple modification, such as changing from single to double quotes, opens the door to injection vulnerabilities.By attending this session you will learn about the intricacies of input sanitization on the web, how to protect your website and what to avoid when doing so. You will also get a glimpse towards upcoming mitigations against Client-Side XSS, which might aid to finally ridden the web of this vulnerability class.

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Steve Wong

2022-10-28

Local User Groups, with physical meetings and were growing until covid hit. Replacement Zoom based groups have seen limited success.We would like to gather the user community to brainstorm ideas on how we might come out of the covid break, with a strong support system that allow users to make friends, share experiences and best practices, while providing feedback to projects & vendors. We are seeking an environment offering coaching and education, without crossing the line into highly partial promotion of commercial products.We’ll start with a brief introduction - then turn to moderator managed audience participation. If you are a member or an organizer of a group, we need your ideas. Please attend.Topics: How can we foster and improve local physical meetings, where users have a great learning & sharing experience? How can the CNCF and projects support the groups operating now?What is the best structure for global scope Zoom based User Groups? Special interest groups based on cloud type, or should it be use case based (such as Machine Learning, Financial, Retail, etc.)? Other?Bring us your ideas, and challenges, and share your experiences with the community - Help make the cloud native journey better for users.

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Holden Karau

2022-05-18

The presentation discusses the challenges of working with big data matrices and how Apache Spark, Apache Mahout, Kubeflow, and Kubernetes can be used together to solve these challenges.

• Kubernetes allows for elastic scaling but has limitations when it comes to fitting large matrices in memory
• Apache Spark and Mahout can distribute matrices across an unbounded number of pods/nodes
• Kubeflow can be used to make the process easily reproducible
• The presentation provides an anecdote about using these tools to denoise DICOM images of lungs of COVID patients