Dates
Conferences
Tags
Sort by:
Most recent
Conference: Cloud Native SecurityCon North America 2022
Authors: Tiffany Jernigan
2022-10-24
tldr - powered by Generative AI
The presentation discusses the importance of security in DevOps and Kubernetes and provides tips on how to ensure secure software development and deployment.
- Source code analysis tools such as OASP can help analyze source code and compiled versions of code to find security flaws
- Validating the source of code, build system, and artifact pushers can ensure trusted software development and deployment
- Vulnerability scanning with tools like Claire and Trivi can help identify known CVEs
- Immutable dependencies and ephemeral builds can mitigate attacks on code dependencies and build infrastructures
- Observability through metrics and logging can help audit user and privilege changes and security events
- Source code analysis tools such as OASP can help analyze source code and compiled versions of code to find security flaws
Conference: OWASP 20th Anniversary Event
Authors: Barak Schoster
2021-09-24
tldr - powered by Generative AI
The presentation discusses the importance of infrastructure as code and automation in cloud security and DevOps. It highlights the challenges of manual security reviews and misconfigurations in open source repositories, and proposes solutions such as infrastructure linters and early feedback loops.
- Infrastructure as code and automation are crucial for cloud security and DevOps
- Manual security reviews and misconfigurations in open source repositories pose significant risks
- Infrastructure linters and early feedback loops can help prevent misconfigurations and improve security
- Collaboration between security and development teams is essential for a scalable and agile security process