Conference:  CloudOpen 2022

Authors: Sindhuja Durai, Bella Wiseman

2022-06-22

Well-maintained applications have thorough unit tests, integration tests and performance tests. Despite this coverage, production incidents still occur due to infrastructure failures, network faults, or unexpected traffic patterns. These failures cannot be covered with traditional test suites. In this session, we will share how we adopted the open source Chaos Toolkit to test the resilience of an application on AWS.  We will discuss design decisions on entitlements, project structure, and cloud architecture that we consider when building out a chaos test suite.

Conference:  KubeCon + CloudNativeCon Europe 2022

Authors: Lukas Pühringer, Jussi Kukkonen

2022-05-20

The Update Framework (TUF) is a framework for secure content delivery and updates. It protects against various types of supply chain attacks, and, in contrast to many other systems, provides resilience to compromise. In this talk Jussi and Lukas, both maintainers of the TUF reference implementation and core contributors to the TUF specification, will show why content delivery is such a crucial part of the supply chain, how TUF can be used to protect it, and where TUF is already used in practice. They will talk about how the TUF ecosystem is evolving: what is happening within the various sub projects and how some well-known adoptions and integration projects are proceeding. Finally, some interesting future developments are discussed.Click here to view captioning/translation in the MeetingPlay platform!

Conference:  KubeCon + CloudNativeCon North America 2021

Authors: Samar Sidharth, Uma Mukkara

2021-10-13

Though Kubernetes acts as a common abstraction and as a platform to build other platforms or applications, challenges are unique to each environment or area of operations. Telcos operate at a larger scale compared to the other environments. In these environments, the challenges of moving the applications to cloud native include a plan on the reliability of the whole service right from the beginning to the state of operations. In this session, we discuss a case study from Orange, the telecommunications operator, where they have been using Litmus, Kubernetes and other CNCF technologies to build and scale their application development process all the way till shipping them. We discuss their resilience goals of the cloud native application, scale factor, original challenges, impediments, the approach and the actual design along with the learnings in this case study. The session will wrap up with the key takeaways around resilience building technicals for large scale applications.

Conference:  OWASP 20th Anniversary Event

Authors: Aaron Rinehart

2021-09-24

Hope isn’t a strategy. Likewise, perfection isn’t a plan. The systems we are responsible for are failing as a normal function of how they operate, whether we like it or not, whether we see it or not. Security chaos engineering is about increasing confidence that our security mechanisms are effective at performing under the conditions for which we designed them. Through continuous security experimentation, we become better prepared as an organization and reduce the likelihood of being caught off guard by unforeseen disruptions. Security Chaos Engineering serves as a foundation for developing a learning culture around how organizations build, operate, instrument, and secure their systems. The goal of these experiments is to move security in practice from subjective assessment into objective measurement. Chaos experiments allow security teams to reduce the “unknown unknowns” and replace “known unknowns” with information that can drive improvements to security posture. During this session Aaron Rinehart, the O’Reilly Author and pioneer behind Security Chaos Engineering will share how you can implement Security Chaos Engineering as a practice at your organization to proactively discover system weakness before they are an advantage of a malicious adversary. In this session Aaron will introduce a new concept known as Security Chaos Engineering and share some best practices and experiences in applying the emerging discipline to create highly secure, performant, and resilient distributed systems.