Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Ron Vider

2023-04-19

The presentation discusses the use of openTelemetry for application security and highlights the importance of using modern tools, collecting cloud-native information, utilizing open-source tools, and prioritizing observability to make applications more secure.

• Modern problems require modern solutions, and application security testing tools need to evolve to keep up with changing vulnerabilities in modern applications.
• Collecting all available cloud-native information, such as traces and infrastructure configuration, is crucial when addressing vulnerabilities in cloud-native applications.
• Open-source tools, such as openTelemetry, can be repurposed for application security purposes to make organizations more secure.
• Observability is essential for understanding the real risk of microservices-based and Kubernetes-based applications, and analyzing each microservice separately without knowledge of the surrounding infrastructure is insufficient.

Conference:  Global AppSec San Francisco 2022

Authors: Tsvi Korren

2022-11-18

From medications to aircraft, car parts to computer parts -- humans have figured out how to secure the process of sourcing and building some of our most complicated products. With software supply chain security only now getting started, what can we learn from parallel industries that can give us a leg up on securing the supply chains of our digital world? If most of us can agree that industry involves taking in materials and processing them to make something new, why is there still this view of software developers as artisans who write everything from scratch? The fact is that most organizations today write only a small part of their software. Most software is sourced, either as finished products or as components for internal software development. This is especially true for Cloud Native applications, which are based on open source components, running in open source or Cloud-provided orchestration, and are spread across multiple types of workloads. The result is that organizations end up assuming security responsibility for an application, where much of the code was written elsewhere, and assembled in a build pipeline with varying degrees of governance and oversight.Over the years, manufacturing has developed a set of tools and processes to ensure quality and security in the supply chain and assembly lines. Similarly, Application Security needs to account for how software is sourced and used in the modern application pipeline.This presentation will show the similarities between manufacturing supply chains and software supply chain. We will use the pharmaceutical industry as a model to outline the required controls, where to place them and how to use gathered information to make better decisions and produce more secure software.

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Alejandro Pedraza, Edidiong Asikpo

2022-05-17

Linkerd and Telepresence offer a simple way to better observe and debug applications running in Kubernetes clusters.

• Cloud native applications can become hard to maintain and evolve
• Linkerd and Telepresence provide a solution for observing and debugging applications
• Sample code is available for easy replication
• An anecdote was given to illustrate how Linkerd and Telepresence can be used to locate and fix problems in a cluster