logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Prevent Embarrassing Cluster Takeovers with This One Simple Trick!

Conference:  KubeCon + CloudNativeCon Europe 2023
Authors: Shane Lawrence, Daniele Santos
2023-04-21

tldr - powered by Generative AI

The presentation discusses the importance of identifying and preventing common misconfigurations in Kubernetes workloads to avoid cyber attacks and data breaches. The speakers demonstrate how to use Kubeaudit, an open source scanner, to detect and mitigate configuration risks without adding undue friction for developers.
  • Misconfigured settings, insecure defaults, and overly permissive controls are common causes of cyber attacks and data breaches
  • Kubeaudit is an open source scanner that provides a user-friendly way to detect and automatically mitigate configuration risks
  • Challenges of securing 1,000,000 running pods along with configuration files in a GitHub org with 15,000 repos are discussed
  • Attendees learn how to detect and resolve configuration issues without needing expert knowledge while keeping developers happy
Tags:
cyber attacks
data breaches
misconfigurations
Kubeaudit
Shopify

It's Not Your Developers' Fault

Conference:  OWASP 20th Anniversary Event
Authors: Edwin Kwan
2021-09-24
The number of security incidents and data breaches are increasing. It feels like not a week goes by without hearing of another breach or compromise. Are we getting worse at doing security? In this talk I'll provide my opinion on this, from an application security perspective, by taking a look at how software development has changed over the years. As we move towards Cloud Native workloads, staying secure is harder; and it's not always your developers' fault.
Tags:
incidents
data breaches
Cloud Native
Application Security

OWASP API Security Top 10 - A Beginner's Guide to Mitigation

Conference:  OWASP 20th Anniversary Event
Authors: Isabelle Mauny
2021-09-24

tldr - powered by Generative AI

APIs present new vulnerabilities and require specific security measures to protect data
  • APIs have changed the way we write applications and moved security controls to the client side, leaving data vulnerable
  • APIs create new vulnerabilities and require specific security measures
  • Data protection is a critical issue for APIs, and validation of data inputs is necessary
  • Parlor is an example of a social network that suffered a data breach due to zero authentication, no rate limiting, and sequential IDs
Tags:
API security
data breaches
personal information
OWASP
attack vectors