Container security
0 likes37 views
This document summarizes best practices for container security. It begins with case studies and hygiene factors like fully patching images and scanning images before pushing them to a registry. It then discusses DevSecOps practices like architectural reviews, automation, and training. Recommendations are provided for tools to address image vulnerability scanning, source code scanning, run-time security, compliance, and comprehensive security. Finally, it discusses platform-specific considerations for AWS, Azure, DockerHub and others regarding registry access control, vulnerability scanning, and run-time protection tools.
1 of 10
Download to read offline
Recommended
Technical Architecture of RASP Technology
Technical Architecture of RASP TechnologyPriyanka Aash
油
APPSEC CHALLENGES
- Writing Secure Code is not Easy
- Most follows agile development strategies
- Frequent releases and builds
- Any release can introduce or reintroduce vulnerabilities
- Problems by design.
Ex: Session Hijacking, Credential StuffingApplication Security Workshop 
Application Security Workshop Priyanka Aash
油
The document discusses the science behind runtime application self-protection (RASP) and interactive application security testing (IAST). It describes how RASP works by instrumenting application code to perform dynamic taint analysis, tracking tainted data from inputs and checking for policy violations at sinks like database queries. IAST similarly instruments code but also correlates runtime behavior with attacks to confirm vulnerabilities. The document outlines challenges with taint analysis like under-tainting causing false negatives or over-tainting causing false positives. Both RASP and IAST add overhead, and IAST also has limitations of traditional dynamic application security testing.Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors 
Unraveling Detection Methodologies: Indicators vs. Anomalies vs. Behaviors Dragos, Inc.
油
The document discusses different methodologies for detecting cybersecurity threats: indicators of compromise (IOCs), anomalies, and behaviors. IOCs focus on known malicious artifacts but lack context and are backward-looking. Anomaly detection aims to find new threats but often generates false alerts and requires extensive tuning. Behavioral analysis correlates events across multiple systems to detect adversary techniques, but requires extensive visibility that may be difficult to achieve. The document evaluates these approaches using examples of Russian threat group APT29's activity and common credential theft attacks. It concludes that organizations should pragmatically combine approaches based on their needs and capabilities rather than rely on any single methodology.Web Application Security: Beyond PEN Testing
Web Application Security: Beyond PEN TestingRobert Grupe, CSSLP CISSP PE PMP
油
The document discusses establishing foundational security practices for web applications before conducting penetration testing. It recommends selecting an information security management system framework, creating a matrix of critical legal and regulatory data, defining potential threat agents and misuse cases, and establishing a library of standard security requirements. This foundational work involves non-coding team members and helps minimize vulnerabilities early in the development process.Agile AppSec DevOps
Agile AppSec DevOpsRobert Grupe, CSSLP CISSP PE PMP
油
This document discusses integrating application security (AppSec) into agile development processes like DevOps. It begins with an overview of moving from traditional waterfall development with separate AppSec to integrating AppSec into agile feature-driven development (FDD) and test-driven development (TDD). The rest of the document details a two-phase approach: first, implementing security FDD by adding AppSec activities to each stage of FDD; second, implementing DevSecOps by adding automated security testing and monitoring throughout TDD. Key aspects covered include threat modeling, static/dynamic testing, monitoring and response.Detection and Response Roles
Detection and Response RolesFlorian Roth
油
The document defines and provides an overview of different roles involved in detection and response, including threat intelligence analysts, threat researchers, detection engineers, investigators, and incident handlers. It describes the key activities and responsibilities of each role, as well as the typical inputs and outputs. It also provides examples of how these roles may be organized and staffed in a financial company's security operations center.AllDayDevOps 2019 AppSensor
AllDayDevOps 2019 AppSensorjtmelton
油
Modern applications can protect themselves from attackers by incorporating runtime monitoring capabilities. The OWASP AppSensor project aims to make intrusion detection primitives available within applications so they can detect attacks and automatically respond before an attacker succeeds. It works by collecting event data from applications and analyzing them for attacks using configurable rules. This allows applications to become self-defending by detecting and stopping attackers without needing manual responses.Extending Amazon GuardDuty with Cloud Insight Essentials 
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
油
This document discusses the importance of detection in security and introduces Alert Logic Cloud Insight Essentials. It notes that it takes companies on average 6 months to detect an intrusion. The essentials of security require continuous monitoring, accurate detection, and centralized management. Cloud Insight Essentials provides automated exposure and vulnerability management for AWS that extends GuardDuty findings. It offers visibility, identifies configuration flaws, and provides remediation advice. Cloud Insight Essentials integrates with AWS APIs for no-touch automation and a REST API for integration. It allows taking action sooner on threats with context and prioritized recommendations.Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider
油
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur berwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im bergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit Security-DevOps dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe 端bertragen. Durch fr端he R端ckkopplung sicherheitstechnischer Findings an die Entwicklung im Rahmen der Automatisierung haben Ihre Pentester die M旦glichkeit, sich auf die kniffligeren Sicherheitschecks zu konzentrieren trotz geforderter kurzer Releasezyklen.AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016jtmelton
油
AppSensor is an OWASP project that defines a conceptual framework, methodology, guidance and reference implementation to design and deploy malicious behavior detection and automated responses directly within software applications.
There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.Security for developers
Security for developersAbdelrhman Shawky
油
This document discusses security best practices for software developers. It covers topics like the secure software development lifecycle (SDLC), threat modeling, static code analysis, and resources for developers. The SDLC framework defines the process for building applications from start to finish. Threat modeling involves analyzing potential threats and vulnerabilities. Static code analysis tools can find security issues. Resources recommended include OWASP documentation and Microsoft's security engineering practices. The goal is to integrate security practices into development like training, requirements, testing, and incident response.DevSecOps - London Gathering : June 2018
DevSecOps - London Gathering : June 2018Michael Man
油
DevSecOps focuses on breaking down silos between development, security, and operations teams. It aims to optimize workflows through value stream mapping and integrating security checks into existing pipelines without initially enforcing them. This allows teams to shift security left in the development lifecycle through tools like static code analysis, dynamic testing, and infrastructure scanning that help automate assurance.RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)Jonathan Cran
油
Ed Bellis and Jonathan Cran of Kenna Security discuss a number of fast-moving, emerging threats to the enterprise and provide insight into ways that organizations can get ahead by adding a recon capability - adding more visibility of their exposure & allowing enough time for patch windows. Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowPriyanka Aash
油
Understanding what you own is step one in securing your assets. A simple concept that still escapes the grasp of most, and its getting harder in a cloud-enabled world. Despite this struggle theres a plethora of APIs and publicly available data to give you a jumpstart on identifying high-risk assets. This session will share techniques and tools to gather data and identify unknown risks.
Learning Objectives:
1: Learn about sources and methods to identify public, unknown assets.
2: Gain access to OSS tooling allowing defenders to operationalize asset inventory process.
3: Learn to apply risk methods using public data attributes to understand quantitative risk.
(Source: RSA Conference USA 2018)Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
油
This document discusses security considerations for cloud computing versus on-premise security. It notes that while many think cloud security is managed similarly to on-premise, obtaining access to one node could provide access to the entire infrastructure. It then lists various security standards and guidelines for cloud security. Potential attack vectors like outdated software, weak configurations, and vulnerabilities in cloud applications are covered. The challenges of incident response and forensics in large cloud infrastructures are also addressed. Recommendations include conducting security assessments, access control, logging, multi-factor authentication, and employee education.Cloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
油
Much has been said about DevOps and SecDevOps for security automation and integration. However, to many in the security community, this is still a buzzword. There are many practical applications of automation in cloud security controls, however, across all security-related disciplines. This talk will delve into concrete examples of security automation in the cloud, with metrics examples, as well.
(Source : RSA Conference USA 2017)Journey to cloud engineering
Journey to cloud engineeringMd. Sadhan Sarker
油
It about the technical session. I have given a talk so that local people know about the cloud and they feel motivated to work with the cloud. It was basically for newbies who are planning to start their career. I tried to show them who they would be a cloud engineer what's will be their future responsibility and more.Defining DevSecOps
Defining DevSecOpsUchit Vyas
油
Today everybody wants to deploy the app and infrastructure faster without any disputes. An Even, Agile framework can help to deploy faster in real-time. But Continuous Innovation may conflict with stability and security. Without security at every stage, DevOps merely introduces vulnerabilities into application quickly. To resolve such conflict, the gap in recursive feedback loops need to be eliminated. Mostly, teams are not effectively working in a collaboration and interacting with each other smoothly. This results in gaps and produce problems with code development and quality, meaning slower delivery plans and serious vulnerabilities that create security risk at most. Fortunately, these shortcomings can be addressed very well, as developers/testers are set to launch off into the DevSecOps world or via adopting rugged DevOps model.Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
油
Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle.
We will present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.Devsecops at Cimpress
Devsecops at CimpressIftach Ian Amit
油
This document discusses DevSecOps at Cimpress, an online printing company. It outlines some of the challenges of their worldwide and decentralized operations with varying technology stacks. Their approach involves threat modeling to identify threats, assets, and controls. They create security assertions based on the threat model and assure test case coverage. The focus is on integrating security into development in a way that is not burdensome to developers. The expected deliverables include automated unit test coverage and tool scans to address the threat model.DevSecOps: essential tooling to enable continuous security 2019-09-16
DevSecOps: essential tooling to enable continuous security 2019-09-16Rich Mills
油
Richard Mills discusses how DevSecOps enables continuous security in Agile development through integrating security tools and processes into CI/CD pipelines. He outlines essential categories of security tools, including static analysis, software composition analysis, vulnerability scanning, dynamic testing, and monitoring. These tools can run tests at various stages of the pipeline to catch issues early. Mills also stresses the importance of integrating security teams with development teams through structures like technical guilds to build a culture of security.Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Christian Schneider
油
The document discusses integrating security testing into continuous integration pipelines, referred to as "Security DevOps". It proposes a "Security DevOps Maturity Model" with four axes: Static Depth, Dynamic Depth, Intensity, and Consolidation. For the Dynamic Depth axis, it describes different levels of integrating dynamic application security testing tools like ZAP, Arachni, BDD-Security, and Gauntlt to test public, authenticated, and backend application layers within a CI pipeline. Examples are given for configuring the tools to perform targeted scans during commits or nightly builds.DevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
油
DevSecOps enables organizations to deliver secure software at DevOps speed.
Development - Software releases and updates
Operations - Reliability Performance & Scaling
Security - Confidentiality, Availability, IntegritySEC303 Automating Security in cloud Workloads with DevSecOps
SEC303 Automating Security in cloud Workloads with DevSecOpsAmazon Web Services
油
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. Well discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)Rich Mills
油
As we embrace Agile/DevOps with rapid, continuous deployment of software, we need to alter the way we integrate security into the process. We need ways to integrate tooling and practices into our continuous delivery pipelines to ensure that our applications are "secure enough" to defend themselves every day. We need continuous security.Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedPrateek Mishra
油
The DevSecOps concept is widely accepted yet its implementation at enterprise-scale presents challenges. This session will describe three challenges and software solutions that address them: 1) dozens of autonomous teams using varied tooling to build applications; 2) use of many different scanning tools and security information sources; and 3) Identity and context aware security guidance to development teams.Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfacePriyanka Aash
油
The document discusses security gaps in serverless architectures and tactics that red teams use to exploit them. It provides examples of abusing undocumented APIs, extracting keys from mobile apps, and discovering non-production infrastructure. Solutions proposed include implementing key protections, restricting API access, scoping assessments, and properly securing cloud storage layers and development environments.Automating Security in Cloud Workloads with DevSecOps 
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
油
This document discusses automating security in cloud workloads using DevSecOps. It outlines why security automation is important to reduce risk and keep pace with scalable infrastructure. The security team's role changes to focus on providing security as a service across the development lifecycle. Security automation can be applied in continuous integration/deployment pipelines, cloud infrastructure, and runtime environments. Practical examples are provided like automatically isolating compromised instances. A variety of tools from AWS and partners can help with tasks like validation, tracking, alerting and reporting to benchmark security posture and drive remediation. Open source projects also offer code to learn from for automating security best practices in AWS environments.Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)nick896721
油
Early Adopter's Guide to AI Moderation preview by User Interviews.How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...ScyllaDB
油
This talk shares how Discord scaled their message search infrastructure using Rust, Kubernetes, and a multi-cluster Elasticsearch architecture to achieve better performance, operability, and reliability, while also enabling new search features for Discord users.More Related Content
Similar to Container security (20)
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider
油
Diese Session zeigt Ihnen, welche Automatisierungsoptionen zur berwachung bestimmter Sicherheitsaspekte in der agilen Softwareentwicklung bestehen. Ausgehend von dem etablierten DevOps-Konzept, mit dem im bergang von Entwicklung zu Betrieb Prozesse automatisiert und verzahnt werden, wird mit Security-DevOps dieser Antrieb aufgegriffen und auf die Absicherung von Anwendungen gegen Hackerangriffe 端bertragen. Durch fr端he R端ckkopplung sicherheitstechnischer Findings an die Entwicklung im Rahmen der Automatisierung haben Ihre Pentester die M旦glichkeit, sich auf die kniffligeren Sicherheitschecks zu konzentrieren trotz geforderter kurzer Releasezyklen.AppSensor Near Real-Time Event Detection and Response - DevNexus 2016
AppSensor Near Real-Time Event Detection and Response - DevNexus 2016jtmelton
油
AppSensor is an OWASP project that defines a conceptual framework, methodology, guidance and reference implementation to design and deploy malicious behavior detection and automated responses directly within software applications.
There are many security protections available to applications today. AppSensor builds on these by providing a mechanism that allows architects and developers to build into their applications a way to detect events and attacks, then automatically respond to them. Not only can this stop and/or reduce the impact of an attack, it gives you incredibly valuable visibility and security intelligence about the operational state of your applications.Security for developers
Security for developersAbdelrhman Shawky
油
This document discusses security best practices for software developers. It covers topics like the secure software development lifecycle (SDLC), threat modeling, static code analysis, and resources for developers. The SDLC framework defines the process for building applications from start to finish. Threat modeling involves analyzing potential threats and vulnerabilities. Static code analysis tools can find security issues. Resources recommended include OWASP documentation and Microsoft's security engineering practices. The goal is to integrate security practices into development like training, requirements, testing, and incident response.DevSecOps - London Gathering : June 2018
DevSecOps - London Gathering : June 2018Michael Man
油
DevSecOps focuses on breaking down silos between development, security, and operations teams. It aims to optimize workflows through value stream mapping and integrating security checks into existing pipelines without initially enforcing them. This allows teams to shift security left in the development lifecycle through tools like static code analysis, dynamic testing, and infrastructure scanning that help automate assurance.RSA 2018: Recon For the Defender - You know nothing (about your assets)
RSA 2018: Recon For the Defender - You know nothing (about your assets)Jonathan Cran
油
Ed Bellis and Jonathan Cran of Kenna Security discuss a number of fast-moving, emerging threats to the enterprise and provide insight into ways that organizations can get ahead by adding a recon capability - adding more visibility of their exposure & allowing enough time for patch windows. Recon for the Defender: You Know Nothing (about Your Assets), Jon Snow
Recon for the Defender: You Know Nothing (about Your Assets), Jon SnowPriyanka Aash
油
Understanding what you own is step one in securing your assets. A simple concept that still escapes the grasp of most, and its getting harder in a cloud-enabled world. Despite this struggle theres a plethora of APIs and publicly available data to give you a jumpstart on identifying high-risk assets. This session will share techniques and tools to gather data and identify unknown risks.
Learning Objectives:
1: Learn about sources and methods to identify public, unknown assets.
2: Gain access to OSS tooling allowing defenders to operationalize asset inventory process.
3: Learn to apply risk methods using public data attributes to understand quantitative risk.
(Source: RSA Conference USA 2018)Cloud Security vs Security in the Cloud
Cloud Security vs Security in the CloudTjylen Veselyj
油
This document discusses security considerations for cloud computing versus on-premise security. It notes that while many think cloud security is managed similarly to on-premise, obtaining access to one node could provide access to the entire infrastructure. It then lists various security standards and guidelines for cloud security. Potential attack vectors like outdated software, weak configurations, and vulnerabilities in cloud applications are covered. The challenges of incident response and forensics in large cloud infrastructures are also addressed. Recommendations include conducting security assessments, access control, logging, multi-factor authentication, and employee education.Cloud security : Automate or die
Cloud security : Automate or diePriyanka Aash
油
Much has been said about DevOps and SecDevOps for security automation and integration. However, to many in the security community, this is still a buzzword. There are many practical applications of automation in cloud security controls, however, across all security-related disciplines. This talk will delve into concrete examples of security automation in the cloud, with metrics examples, as well.
(Source : RSA Conference USA 2017)Journey to cloud engineering
Journey to cloud engineeringMd. Sadhan Sarker
油
It about the technical session. I have given a talk so that local people know about the cloud and they feel motivated to work with the cloud. It was basically for newbies who are planning to start their career. I tried to show them who they would be a cloud engineer what's will be their future responsibility and more.Defining DevSecOps
Defining DevSecOpsUchit Vyas
油
Today everybody wants to deploy the app and infrastructure faster without any disputes. An Even, Agile framework can help to deploy faster in real-time. But Continuous Innovation may conflict with stability and security. Without security at every stage, DevOps merely introduces vulnerabilities into application quickly. To resolve such conflict, the gap in recursive feedback loops need to be eliminated. Mostly, teams are not effectively working in a collaboration and interacting with each other smoothly. This results in gaps and produce problems with code development and quality, meaning slower delivery plans and serious vulnerabilities that create security risk at most. Fortunately, these shortcomings can be addressed very well, as developers/testers are set to launch off into the DevSecOps world or via adopting rugged DevOps model.Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
油
Security testing is an important part of any security development life-cycle (SDLC) and, thus, should be a part of any software development life-cycle.
We will present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools. We explain the motivation behind it, how we enable global development teams to implement the strategy, across different SDLCs and report on our experiences.Devsecops at Cimpress
Devsecops at CimpressIftach Ian Amit
油
This document discusses DevSecOps at Cimpress, an online printing company. It outlines some of the challenges of their worldwide and decentralized operations with varying technology stacks. Their approach involves threat modeling to identify threats, assets, and controls. They create security assertions based on the threat model and assure test case coverage. The focus is on integrating security into development in a way that is not burdensome to developers. The expected deliverables include automated unit test coverage and tool scans to address the threat model.DevSecOps: essential tooling to enable continuous security 2019-09-16
DevSecOps: essential tooling to enable continuous security 2019-09-16Rich Mills
油
Richard Mills discusses how DevSecOps enables continuous security in Agile development through integrating security tools and processes into CI/CD pipelines. He outlines essential categories of security tools, including static analysis, software composition analysis, vulnerability scanning, dynamic testing, and monitoring. These tools can run tests at various stages of the pipeline to catch issues early. Mills also stresses the importance of integrating security teams with development teams through structures like technical guilds to build a culture of security.Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Christian Schneider
油
The document discusses integrating security testing into continuous integration pipelines, referred to as "Security DevOps". It proposes a "Security DevOps Maturity Model" with four axes: Static Depth, Dynamic Depth, Intensity, and Consolidation. For the Dynamic Depth axis, it describes different levels of integrating dynamic application security testing tools like ZAP, Arachni, BDD-Security, and Gauntlt to test public, authenticated, and backend application layers within a CI pipeline. Examples are given for configuring the tools to perform targeted scans during commits or nightly builds.DevSecOps | DevOps Sec
DevSecOps | DevOps SecRubal Jain
油
DevSecOps enables organizations to deliver secure software at DevOps speed.
Development - Software releases and updates
Operations - Reliability Performance & Scaling
Security - Confidentiality, Availability, IntegritySEC303 Automating Security in cloud Workloads with DevSecOps
SEC303 Automating Security in cloud Workloads with DevSecOpsAmazon Web Services
油
This session is designed to teach security engineers, developers, solutions architects, and other technical security practitioners how to use a DevSecOps approach to design and build robust security controls at cloud-scale. This session walks through the design considerations of operating high-assurance workloads on top of the AWS platform and provides examples of how to automate configuration management and generate audit evidence for your own workloads. Well discuss practical examples using real code for automating security tasks, then dive deeper to map the configurations against various industry frameworks. This advanced session showcases how continuous integration and deployment pipelines can accelerate the speed of security teams and improve collaboration with software development teams.
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)
DevSecOps: Essential Tooling to Enable Continuous Security(25m ADDO)Rich Mills
油
As we embrace Agile/DevOps with rapid, continuous deployment of software, we need to alter the way we integrate security into the process. We need ways to integrate tooling and practices into our continuous delivery pipelines to ensure that our applications are "secure enough" to defend themselves every day. We need continuous security.Building an Enterprise-scale DevSecOps Infrastructure: Lessons Learned
Building an Enterprise-scale DevSecOps Infrastructure: Lessons LearnedPrateek Mishra
油
The DevSecOps concept is widely accepted yet its implementation at enterprise-scale presents challenges. This session will describe three challenges and software solutions that address them: 1) dozens of autonomous teams using varied tooling to build applications; 2) use of many different scanning tools and security information sources; and 3) Identity and context aware security guidance to development teams.Red team-view-gaps-in-the-serverless-application-attack-surface
Red team-view-gaps-in-the-serverless-application-attack-surfacePriyanka Aash
油
The document discusses security gaps in serverless architectures and tactics that red teams use to exploit them. It provides examples of abusing undocumented APIs, extracting keys from mobile apps, and discovering non-production infrastructure. Solutions proposed include implementing key protections, restricting API access, scoping assessments, and properly securing cloud storage layers and development environments.Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
油
This document discusses automating security in cloud workloads using DevSecOps. It outlines why security automation is important to reduce risk and keep pace with scalable infrastructure. The security team's role changes to focus on providing security as a service across the development lifecycle. Security automation can be applied in continuous integration/deployment pipelines, cloud infrastructure, and runtime environments. Practical examples are provided like automatically isolating compromised instances. A variety of tools from AWS and partners can help with tasks like validation, tracking, alerting and reporting to benchmark security posture and drive remediation. Open source projects also offer code to learn from for automating security best practices in AWS environments.Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...Christian Schneider
油
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Christian Schneider
油
Recently uploaded (20)
Early Adopter's Guide to AI Moderation (Preview)
Early Adopter's Guide to AI Moderation (Preview)nick896721
油
Early Adopter's Guide to AI Moderation preview by User Interviews.How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...
How Discord Indexes Trillions of Messages: Scaling Search Infrastructure by V...ScyllaDB
油
This talk shares how Discord scaled their message search infrastructure using Rust, Kubernetes, and a multi-cluster Elasticsearch architecture to achieve better performance, operability, and reliability, while also enabling new search features for Discord users.A Framework for Model-Driven Digital Twin Engineering
A Framework for Model-Driven Digital Twin EngineeringDaniel Lehner
油
際際滷s from my PhD Defense at Johannes Kepler University, held on Janurary 10, 2025.
The full thesis is available here: https://epub.jku.at/urn/urn:nbn:at:at-ubl:1-83896Backstage Software Templates for Java Developers
Backstage Software Templates for Java DevelopersMarkus Eisele
油
As a Java developer you might have a hard time accepting the limitations that you feel being introduced into your development cycles. Let's look at the positives and learn everything important to know to turn Backstag's software templates into a helpful tool you can use to elevate the platform experience for all developers.UiPath Document Understanding - Generative AI and Active learning capabilities
UiPath Document Understanding - Generative AI and Active learning capabilitiesDianaGray10
油
This session focus on Generative AI features and Active learning modern experience with Document understanding.
Topics Covered:
Overview of Document Understanding
How Generative Annotation works?
What is Generative Classification?
How to use Generative Extraction activities?
What is Generative Validation?
How Active learning modern experience accelerate model training?
Q/A
If you have any questions or feedback, please refer to the "Women in Automation 2025" dedicated Forum thread. You can find there extra details and updates. THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIA
THE BIG TEN BIOPHARMACEUTICAL MNCs: GLOBAL CAPABILITY CENTERS IN INDIASrivaanchi Nathan
油
This business intelligence report, "The Big Ten Biopharmaceutical MNCs: Global Capability Centers in India", provides an in-depth analysis of the operations and contributions of the Global Capability Centers (GCCs) of ten leading biopharmaceutical multinational corporations in India. The report covers AstraZeneca, Bayer, Bristol Myers Squibb, GlaxoSmithKline (GSK), Novartis, Sanofi, Roche, Pfizer, Novo Nordisk, and Eli Lilly. In this report each company's GCC is profiled with details on location, workforce size, investment, and the strategic roles these centers play in global business operations, research and development, and information technology and digital innovation.[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps![[Webinar] Scaling Made Simple: Getting Started with No-Code Web Apps](https://cdn.slidesharecdn.com/ss_thumbnails/webinarscalingmadesimplegettingstartedwithno-codewebapps-mar52025-250305183437-f03c78a3-thumbnail.jpg?width=560&fit=bounds)
[Webinar] Scaling Made Simple: Getting Started with No-Code Web AppsSafe Software
油
Ready to simplify workflow sharing across your organization without diving into complex coding? With FME Flow Apps, you can build no-code web apps that make your data work harder for you fast.
In this webinar, well show you how to:
Build and deploy Workspace Apps to create an intuitive user interface for self-serve data processing and validation.
Automate processes using Automation Apps. Learn to create a no-code web app to kick off workflows tailored to your needs, trigger multiple workspaces and external actions, and use conditional filtering within automations to control your workflows.
Create a centralized portal with Gallery Apps to share a collection of no-code web apps across your organization.
Through real-world examples and practical demos, youll learn how to transform your workflows into intuitive, self-serve solutions that empower your team and save you time. We cant wait to show you whats possible!
Brave Browser Crack 1.45.133 Activated 2025
Brave Browser Crack 1.45.133 Activated 2025kherorpacca00126
油
https://ncracked.com/7961-2/
Note: >> Please copy the link and paste it into Google New Tab now Download link
Brave is a free Chromium browser developed for Win Downloads, macOS and Linux systems that allows users to browse the internet in a safer, faster and more secure way than its competition. Designed with security in mind, Brave automatically blocks ads and trackers which also makes it faster,
As Brave naturally blocks unwanted content from appearing in your browser, it prevents these trackers and pop-ups from slowing Download your user experience. It's also designed in a way that strips Downloaden which data is being loaded each time you use it. Without these components
Endpoint Backup: 3 Reasons MSPs Ignore It
Endpoint Backup: 3 Reasons MSPs Ignore ItMSP360
油
Many MSPs overlook endpoint backup, missing out on additional profit and leaving a gap that puts client data at risk.
Join our webinar as we break down the top challenges of endpoint backupand how to overcome them.
Fl studio crack version 12.9 Free Download
Fl studio crack version 12.9 Free Downloadkherorpacca127
油
https://ncracked.com/7961-2/
Note: >> Please copy the link and paste it into Google New Tab now Download link
The ultimate guide to FL Studio 12.9 Crack, the revolutionary digital audio workstation that empowers musicians and producers of all levels. This software has become a cornerstone in the music industry, offering unparalleled creative capabilities, cutting-edge features, and an intuitive workflow.
With FL Studio 12.9 Crack, you gain access to a vast arsenal of instruments, effects, and plugins, seamlessly integrated into a user-friendly interface. Its signature Piano Roll Editor provides an exceptional level of musical expression, while the advanced automation features empower you to create complex and dynamic compositions.Build with AI on Google Cloud Session #4
Build with AI on Google Cloud Session #4Margaret Maynard-Reid
油
This is session #4 of the 5-session online study series with Google Cloud, where we take you onto the journey learning generative AI. Youll explore the dynamic landscape of Generative AI, gaining both theoretical insights and practical know-how of Google Cloud GenAI tools such as Gemini, Vertex AI, AI agents and Imagen 3. Inside Freshworks' Migration from Cassandra to ScyllaDB by Premkumar Patturaj
Inside Freshworks' Migration from Cassandra to ScyllaDB by Premkumar PatturajScyllaDB
油
Freshworks migrated from Cassandra to ScyllaDB to handle growing audit log data efficiently. Cassandra required frequent scaling, complex repairs, and had non-linear scaling. ScyllaDB reduced costs with fewer machines and improved operations. Using Zero Downtime Migration (ZDM), they bulk-migrated data, performed dual writes, and validated consistency.
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog Gavra
Replacing RocksDB with ScyllaDB in Kafka Streams by Almog GavraScyllaDB
油
Learn how Responsive replaced embedded RocksDB with ScyllaDB in Kafka Streams, simplifying the architecture and unlocking massive availability and scale. The talk covers unbundling stream processors, key ScyllaDB features tested, and lessons learned from the transition.Unlock AI Creativity: Image Generation with DALL揃E
Unlock AI Creativity: Image Generation with DALL揃EExpeed Software
油
Discover the power of AI image generation with DALL揃E, an advanced AI model that transforms text prompts into stunning, high-quality visuals. This presentation explores how artificial intelligence is revolutionizing digital creativity, from graphic design to content creation and marketing. Learn about the technology behind DALL揃E, its real-world applications, and how businesses can leverage AI-generated art for innovation. Whether you're a designer, developer, or marketer, this guide will help you unlock new creative possibilities with AI-driven image synthesis.Wondershare Filmora Crack 14.3.2.11147 Latest
Wondershare Filmora Crack 14.3.2.11147 Latestudkg888
油
https://ncracked.com/7961-2/
Note: >> Please copy the link and paste it into Google New Tab now Download link
Free Download Wondershare Filmora 14.3.2.11147 Full Version - All-in-one home video editor to make a great video.Free Download Wondershare Filmora for Windows PC is an all-in-one home video editor with powerful functionality and a fully stacked feature set. Filmora has a simple drag-and-drop top interface, allowing you to be artistic with the story you want to create.Video Editing Simplified - Ignite Your Story. A powerful and intuitive video editing experience. Filmora 10 hash two new ways to edit: Action Cam Tool (Correct lens distortion, Clean up your audio, New speed controls) and Instant Cutter (Trim or merge clips quickly, Instant export).Filmora allows you to create projects in 4:3 or 16:9, so you can crop the videos or resize them to fit the size you want. This way, quickly converting a widescreen material to SD format is possible.Future-Proof Your Career with AI Options
Future-Proof Your Career with AI OptionsDianaGray10
油
Learn about the difference between automation, AI and agentic and ways you can harness these to further your career. In this session you will learn:
Introduction to automation, AI, agentic
Trends in the marketplace
Take advantage of UiPath training and certification
In demand skills needed to strategically position yourself to stay ahead
If you have any questions or feedback, please refer to the "Women in Automation 2025" dedicated Forum thread. You can find there extra details and updates.L01 Introduction to Nanoindentation - What is hardness
L01 Introduction to Nanoindentation - What is hardnessRostislavDaniel
油
Introduction to NanoindentationContainer security
- 2. One of the main cyber-risks is to think they dont exist. The other is to try to treat all potential risks. It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it. -Stephane Nappo, CISO
- 3. Agenda Case Studies Hygiene factors DevSecOps (Best Practices) Tools Platform Specific (AWS, Azure)
- 5. Case Studies
- 6. Hygiene Factors Images Fully patched SELinux or AppArmor Least number of user accounts Scan before pushing into registry
- 7. DevSecOps Best Practices ProcessPeople Technology - Architectural reviews - Automation (SAST/DAST, freq) - Security breakpoints - Management buy-in - Shift-left philosophy - Training (time & resources) - Static code analyzers (CVE intergated) - Logging, monitoring & auditing - Vulnerability scanners - Threat Modelling
- 8. Purpose Recommendations Image Vulnerability Scanning Source-code Scanning Run-time Security Compliance & Audit Comprehensive Security Tools
- 9. Platform-specific (AWS / Azure) Registry EC2 Container Registry DockerHub* Azure Registry DockerHub Quay Access Control IAM STS IAM Vulnerability Scanning Clair Qualys Run-time protection Aqua AlertLogic PaloAlto Aqua#