Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Ziv Nevo

2022-10-28

Engineers can’t really prevent hackers form eventually breaching Apps. It is not a question of IF but of WHEN. And unfortunately, a question of how much damage was done to our or our users’ resources, data and reputation. This does not happen only to small Apps and companies with small budgets and limited resources but to huge companies and government agencies (see SolarWinds attack). The solution - automatically isolating attackers when they breach one of the Apps in your cluster (or the App you develop), keeping the rest of the cluster’s components safe. This session will present a survey encompassing many commonly used cloud native apps, engineers all love and need (like Prometheus, Kafka, Jenkins, ClearML and much more) and demonstrate the built-in vulnerability most cluster deployments exercise and how to secure it. State of the art practices leave several, rather easily breached, back doors in many clusters. We will deep dive into several real-world scenarios and see the simple, yet very often missed, blueprint for making our cluster or our App-users’ clusters much more malicious-resistant.

Conference:  OWASP 20th Anniversary Event

Authors: Vickie Li

2021-09-24

The presentation discusses the basics of conducting a security code review to find vulnerabilities in an application's source code.

• Manual code reviews are valuable for finding security issues caused by insecure coding practices
• Prioritizing analysis and using automated tools can speed up the process
• Combining automated tools with manual code analysis can ensure fewer bugs make it to production