Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Ameer Abbas, Steve McGhee
2023-04-20
tldr - powered by Generative AI
The presentation discusses the importance of starting with archetypes when building resilient platforms and services, and the trade-offs between reliability and effort.
- Archetypes provide known good starting points for building resilient platforms and services
- Applications have multiple services and microservices should be used to degrade gracefully
- Resilient teams are necessary to build robust platforms that can handle risks
- There are trade-offs between reliability and effort, and exponential curves show the increasing effort required for higher levels of reliability
Conference: Global AppSec San Francisco 2022
Authors: Chris Koehnecke
2022-11-17
tldr - powered by Generative AI
The presentation discusses the OWASP DevSecOps Maturity Model and how to practically apply security controls using open source tools for each requirement.
- The OWASP DevSecOps Maturity Model provides a framework for companies to apply security in a cloud-native and fast-paced engineering world.
- Whatever isn't automated is much more difficult to practically apply to systems.
- Open source security tools have evolved and provide good coverage for many of the layers of the DSOMM model.
- The presentation walks through the different security requirements in the DSOMM framework and does live code demos for each.
- Prioritization of security issues can be done per each pull request.
- The speaker shares their experience with implementing security processes in a startup environment.
- Developers owning security is seen as the future of the security industry.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: James Cleverley-Prance
2022-05-20
Kubernetes' networking model simplifies the user experience, but abstractions can introduce and hide complexity under the hood. This talk challenges perceived trust boundaries in Kubernetes networking and demonstrates some non-obvious and counter-intuitive behaviours. Left unchecked, these issues can mean Kubernetes clusters present a wider attack surface than may be immediately evident. The talk will cover: * The external attack surface of a Kubernetes node * Enumerating externally available cluster information * Exploiting Linux networking to access internal pods and services * Misusing CNI configurations to access internal pods and services You will gain an understanding of these attacks and how to use them, learn mitigation strategies and pragmatic defences, and be able to protect your clusters to avoid compromise.Click here to view captioning/translation in the MeetingPlay platform!