Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Rajsimman Ravichandiran
2023-04-20
tldr - powered by Generative AI
Using DevSpace to improve developer experience by addressing pain points in development clusters, local environment setup, and end-to-end testing.
- Shared development clusters and complex local environment setup made it difficult for developers to test and deploy code efficiently.
- Implemented DevSpace to create safe spaces for developers to test and improve productivity.
- Created hundreds of ephemeral dev environments to improve code quality.
- Addressed pain points through surveys and understanding developer perspectives.
- Implemented DevSpace for core services and iteratively improved upon workflows.
- Built monitors, alerts, and visibility dashboards to proactively address issues.
- Found DevSpace experts and standardized workflows across the organization.
- Improved developer experience and code quality.
- Future plans include wider adoption and standardization across all services.
Conference: Global AppSec San Francisco 2022
Authors: Jean-Philippe Zolesio
2022-11-17
Integrate third-party code or using HTML WYSIWYG editors increase the risk of introducing untrusted code into their web applications. But these are necessary tools and solutions needed to make a seamless and dynamic user experience. In my journey to learn how to execute untrusted code safely, I researched the different ways to solve the problem and the common pitfalls associated with each solution. I also discovered multiple Open Source Software (OSS) projects and decided to complete the set of solutions available with Coriolis. Once I built this new library, new possibilities were unlocked that were previously undreamable.In this presentation, I will present the usage of Iframe as a solution and explain how to use them securely and which drawbacks they have, including PostMessage API. I will also go through the popular option for handling unsecured third-party code with their respective pros and cons. Finally, I would go through how my solution addresses these limitations to provide a better developer experience and how you could do the same.
Conference: KubeCon + CloudNativeCon North America 2022
Authors: John Morello
2022-10-28
tldr - powered by Generative AI
Cloud native application security solutions need to protect and provide visibility and enforcement from code to deployment to test all the way into the cloud runtime environment, be technostic, and application aware.
- Cloud migration journeys are accelerating and increasing for many organizations
- Applications are increasingly becoming containerized and the tech stack for cloud native applications is continuing to evolve
- Organizations are faced with three primary challenges around Cloud Security: more entities to secure, entities are changing more quickly, and there is no one single Cloud pattern
- Successful organizations focus on three fundamental areas: security as a full life cycle thing, technostic stack, and application aware
- A good Cloud native application security solution needs to protect and provide visibility and enforcement from code to deployment to test all the way into the cloud runtime environment, be technostic, and application aware
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Anne Gentle
2022-10-27
tldr - powered by Generative AI
The presentation discusses the importance of removing problematic language from code and documentation in order to promote inclusivity and avoid potential legal issues. It provides examples of how to categorize and prioritize the work of removing problematic language, as well as tools and strategies for doing so.
- Problematic language in code and documentation can create legal and ethical issues and exclude certain groups of people
- Categorizing and prioritizing the work of removing problematic language can help teams plan and execute the work more effectively
- Tools such as VS Code extensions and automation checks can help identify and eliminate problematic language
- Product documentation can work ahead of product development in some cases
- Compliance with language policies should be defined clearly and consistently across products and teams
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Michael McCune, Bridget Kromhout
2022-10-27
tldr - powered by Generative AI
Update on cloud provider migration and graduation to GA
- AWS and GCP have tested cloud native migration
- Azure still needs to be tested
- V1 API update and graduation coming up
- No blockers identified
- Beta testing can begin with at least two implementations
- Circular dependency issue needs to be fixed for GA
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Joab Jackson, Alex Williams, Om Moolchandani, Vineeth Rajagopal, Brendan O’Leary, Emily Omier, Cindy Blake
2021-10-14
tldr - powered by Generative AI
The importance of shifting security left in the software supply chain and the role of security professionals in enabling developers to write secure code.
- Policy is code and security professionals or tools can help developers integrate security into their workflows
- Understanding the configuration of the whole infrastructure as code is becoming more important
- The network also applies to the software supply chain and needs to be looked at differently
- Transparency and clear communication between app developers and security professionals is crucial
- The role of security professionals is changing to be more strategic and consultative
- Developers do not need to become security experts but may need to upskill
- Automated tools like Acurix can help developers write secure code without needing to understand the full background of security
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Kunal Kushwaha, Kaslin Fields, Chris Short, Bart Farrell, Matt Broberg
2021-10-14
tldr - powered by Generative AI
The importance of contributing to open source projects like Kubernetes and documenting one's learning to enhance knowledge and stand out in the tech industry.
- Contributing to open source projects like Kubernetes can enhance one's knowledge and help them stand out in the tech industry
- Documenting one's learning through blogs, events, and teaching can also enhance knowledge and market oneself to companies
- The intersection of interests and needs can lead to valuable skills and experiences
- Kubernetes is a significant open source project that influences the experience of major businesses in the world
Conference: OWASP 20th Anniversary Event
Authors: Jasvir Nagra, Pedro Fortuna
2021-09-24
tldr - powered by Generative AI
The presentation discusses the need for a holistic approach to client-side web isolation to improve web application security.
- Current browser-based security features lack full isolation for browser-based apps
- A holistic approach to client-side web isolation is needed to cover all angles of web application security
- Reducing the size of the compartment, making the units stronger, and more developer-friendly is key to achieving this
- Web Page Integrity is a sandboxing solution that can be seamlessly integrated into any web app
Conference: OWASP 20th Anniversary Event
Authors: Miguel Calles
2021-09-24
tldr - powered by Generative AI
The presentation discusses the importance of implementing security measures in cloud computing, particularly in serverless technologies, to reduce costs and ensure data privacy.
- Leverage temporary credentials and short-lived policies to mitigate risks
- Monitor AWS service outages and failures to prevent data loss
- Implement multi-region and multi-cloud designs to ensure application availability
- Use local storage and session storage to store data in case of API call failures
- Perform cost engineering to optimize application costs and reduce total cost to collect for toll operators
- Implement proper cloud security principles to ensure data privacy and security
- Resources for learning about serverless and serverless security include blogs, books, and cloud provider documentation