Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Sean Sullivan, Katrina Verey, Eddie Zaneski
2022-10-26
SIG CLI is the special interest group for the command line tooling of the Kubernetes project. The SIG maintains kubectl, kustomize, and related libraries. In this session the SIG CLI leads will provide an introduction to the SIG and an overview of how to contribute. They will share the work done over the past year and an introduction to the kuberc KEP for defining user preferences. The session will conclude with Q&A.
Conference: Cloud Native SecurityCon North America 2022
Authors: Jeremy Matos
2022-10-25
tldr - powered by Generative AI
Using Go Fuzzing to improve the test coverage of security helper libraries and gain confidence in their effectiveness
- Security helper libraries can be hard to unit test as they need to ensure 'bad' inputs are not considered valid
- Go Fuzzing can be used to identify corner cases and improve test coverage
- A real-life example of a path traversal vulnerability in Grafana OSS is used to demonstrate the effectiveness of Go Fuzzing
- Writing predicates for Go Fuzzing can be challenging as the validation logic becomes more complex
- Once trusted security helpers are identified, they should be communicated and enforced through static analysis tools
Conference: OWASP 20th Anniversary Event
Authors: Kevin Wall
2021-09-24
Abstract:This talk will explore the lessons that I have learned in more than 20 years of developing, using, and reviewing FOSS-based security libraries. It will cover the well known XYZ library from both an open source development process and technical architectural perspective.