Linux Security for Developers

Michael Boelen
Michael BoelenProviding companies a software solution to audit their systems (Linux, macOS, UNIX) at CISOfy
Linux Security for Developers Insights for building a (more) secure world Michael Boelen michael.boelen@cisofy.com 14 January 2016
We Love Construction Image source unknown 2
And Magic! Turning data into: - Useful output - Stable software - Nice services Image source: renoairport.com 3
Linux Security for Developers
● Spying ● Internet of Things ● Law ○ 2016 Dutch Data Protection Act ○ 2017-2018 European data protection law Why Invest in Security Now? 5
Agenda ● What can go wrong? ● What can we do? ● Strategies and Tools 6
Michael Boelen ● Open Source Security ○ Rootkit Hunter (malware scan) ○ Lynis (security scan) ● 150+ blog posts at Linux-Audit.com ● Founder of CISOfy 7
What can go wrong?
Passwords Image source unknown 9
Case: Phone House http://sijmen.ruwhof. net/weblog/608-personal-data-of- dutch-telecom-providers- extremely-poorly-protected-how-i- could-access-12-million-records
Creative Users Image source unknown 11
Linux Security for Developers
What can we do?
Solution “Developers should become auditors of their creative work, and that of others.” Michael Boelen, 14 January 2016 14
Improve in steps ● Level 1: Basics ● Level 2: Take ownership ● Level 3: Perform auditing What can we do? 15
Level 1: The Basics
Input Validation Validate! ● Trust nothing ● Double check - Client = for active user - Server = for all users 17
Input Validation Why Validate? Prevent data injection (SQL, RDF, OWL, SPARQL, SeRQL, RDQL, XML, JSON, etc.) Where? Input forms, data imports 18
Data Protection Encryption: ● Good Encryption solves a lot ● Bad Knowledge required ● Ugly Easy to implement incorrectly 19
Secure Programming Using universally unique identifier? UUID1 = Host (MAC) + sequence + time UUID4 = Random 20
Two-factor Authentication Use ● GitHub Implement ● Your apps? 21
Level 2: Take Ownership
What? ● The code ● Development systems ● Deployment ● Production Ownership 23
Hardening Photo Credits: http://commons.wikimedia.org/wiki/User:Wilson44691 ● Add new defenses ● Improve existing defenses ● Reduce weaknesses 24
Hardening What to harden? ● Operating System ● Software + Configuration ● Access controls 25
OS Hardening Operating System: ● Services ● Users ● Permissions 26
Software Hardening Software: ● Minimal installation ● Configuration ● Tuning 27
Access Hardening Users and Access Controls: ● Who can access what ● Password policies ● Accountability 28
Data Hardening Focus on data streams ● Network (data in transit) ● Storage (data at rest) ● Access 29
Network Hardening Traffic flows ● Is all incoming traffic needed? ● What about outgoing? ● IPv6? 30
HTTP Hardening Header X-Frame-Options SAMEORIGIN Allow only iframe targets from our own domain X-Frame-Options DENY Do not allow rendering in iframe 31
HTTP Hardening Header X-XSS-Protection 1; mode=block Block reflective XSS, avoid returning previous input (e.g. form) 32
HTTP Hardening Header X-Content-Type-Options nosniff Don't peek into server responses, consider text/html by default 33
HTTP Hardening 34
Hardening Myth: After hardening I’m done 35
Hardening ● Security should be an ongoing process ● Which means it is never finished ● New attacks = more hardening ○ POODLE ○ Hearthbleed 36
Level 3: Perform Auditing
Myth Auditing = ● A lot of work! ● Booooooring! ● And.. prone to errors... 38
Fact Well, it can be. 39
Common Strategy 1. Audit 2. Get a lot of findings 3. Start hardening 4. ……. 5. Quit 40
Strategy (New) 1. Focus 2. Audit 3. Focus 4. Harden 5. Repeat! 41
1. Focus ● Determine what to scan ● Limit scope of systems / applications 42
2. Audit ● Start small ● Collect data 43
3. Focus Determine hardening focus ● Impact ● Number ● Area (e.g. crypto) 44
4. Harden ● Create implementation plan ● Perform lock down ● Document ○ What, Why, How ○ Exceptions 45
5. Repeat ● Keep measuring your actions ● Again: ○ Ongoing process ○ Never finishes ○ New attacks 46
Questions?
Tools Options: 1. Guides 2. Utilities 48
Benchmarks / Guides ● Center for Internet Security (CIS) ● NIST / NSA ● OWASP ● Vendors 49
Benchmarks / Guides Pros Free to use Detailed You are in control 50 Cons Time intensive Usually no tooling Limited distributions Delayed releases
OWASP Open Web Application Security Project 51
OWASP Security Knowledge Framework 52
OWASP Link 53
OWASP 54
Tools
Tools Tools make life easier, right? Not always... 56
Tools Problem 1: There aren’t many 57
Tools Problem 2: Usually outdated 58
Tools Problem 3: Limited support 59
Tools Problem 4: Hard to use 60
Introducing Lynis
Lynis Free Open source Shell Simple Flexible Portable 62
Lynis Background ● Since 2007 ● GPLv3 ● Requirements ○ Flexible ○ Portable 63
Lynis Goals ● Perform a quick security scan ● Collect data ● Define next hardening steps 64
Lynis Simple ● No installation needed ● Run with just one parameter ● No configuration needed 65
Lynis Flexibility ● No dependencies* ● Option to extend easily ● Custom tests * Besides common tools like awk, grep, ps 66
How it works 1. Initialise 2. OS detection 3. Detect binaries 4. Run helpers/plugins/tests 5. Show report 67
Bonus: Integration ● Deployment cycle ● Create your own tests: include/tests_custom 68
Running 1. lynis 2. lynis audit system 3. lynis audit system --quick 4. lynis audit system --quick --quiet 69
Auditing Code
Code Validation Quick wins ● Python: Pylint ● Ruby: ruby-lint ● Shell: shlint 71
Code Validation Professional services ● Pentesting ● Code reviews 72
Auditing Repositories
● Secret keys ● Passwords ● Unique IDs ● Customers Sensitive Data 74 http://blog.arvidandersson.se/2013/06/10/credentials-in-git-repos http://blog.nortal.com/mining-passwords-github-repositories/
Search your GitHub repos: extension:conf password extension:pem private filename:.bashrc filename:.ssh language:ruby secret language:python password Sensitive Data 75
Hardening Harden: ● Your systems ● Your code ● Your sensitive data 76
Latest Developments
Developments ● Data protection laws ● OWASP ● New Rails security HTTP headers ● Internet of Things ● DevOps→SecDevOps / DevOpsSec 78
Conclusions
Lesson 1: Continuous Auditing Many small efforts = Big impact! 80
Lesson 2: Implement Lynis #include lynis.sh 81
Lesson 3: Leverage Security Security ● Less: Crisis and Leaks ● More: Development Time 82
You Finished This Presentation Success!
Follow Me ● Twitter: @mboelen ● Personal website: michaelboelen.com ● Blog: linux-audit.com 84 Want More?
85
1 of 85

Linux Security for Developers

Download to read offline
Software

As developers, we build great things. The next step is to protect this work and our precious data, sometimes the crown jewels of the company. This extensive presentation is an introduction into information security, with many tips and thoughts for developers. It focuses on the benefits of applying information security, and how to use it in your work. Michael Boelen has a background in Linux security. He is the developer of several open source tools. This presentation includes some tips specifically for Linux, although most principles are applicable on all platforms.

Michael Boelen
Michael BoelenProviding companies a software solution to audit their systems (Linux, macOS, UNIX) at CISOfy

Recommended

Handling of compromised Linux systems by
Handling of compromised Linux systemsHandling of compromised Linux systems
Handling of compromised Linux systemsMichael Boelen
3.3K views40 slides
Linux Hardening by
Linux HardeningLinux Hardening
Linux HardeningMichael Boelen
2.4K views60 slides
How Many Linux Security Layers Are Enough? by
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?Michael Boelen
6.7K views51 slides
Mod Security by
Mod SecurityMod Security
Mod SecurityAbhishek Singh
1.1K views9 slides
When the internet bleeded : RootConf 2014 by
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
2.3K views23 slides
How to create correlation rule for threat detection in RuSIEM by
How to create correlation rule for threat detection in RuSIEMHow to create correlation rule for threat detection in RuSIEM
How to create correlation rule for threat detection in RuSIEMOlesya Shelestova
421 views17 slides

More Related Content

What's hot

[OWASP Poland Day] OWASP for testing mobile applications by
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applicationsOWASP
1.1K views31 slides
OSCP Preparation Guide @ Infosectrain by
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
84 views15 slides
DevSecOps: What Why and How : Blackhat 2019 by
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019NotSoSecure Global Services
6.2K views50 slides
[OWASP Poland Day] Application security - daily questions & answers by
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answersOWASP
379 views30 slides
Mod security by
Mod securityMod security
Mod securityShruthi Kamath
1.8K views15 slides
Anatomy of a Cloud Hack by
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud HackNotSoSecure Global Services
2.1K views33 slides

What's hot(20)

[OWASP Poland Day] OWASP for testing mobile applications by OWASP
[OWASP Poland Day] OWASP for testing mobile applications[OWASP Poland Day] OWASP for testing mobile applications
[OWASP Poland Day] OWASP for testing mobile applications
OWASP1.1K views
OSCP Preparation Guide @ Infosectrain by InfosecTrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
InfosecTrain84 views
DevSecOps: What Why and How : Blackhat 2019 by NotSoSecure Global Services
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
NotSoSecure Global Services6.2K views
[OWASP Poland Day] Application security - daily questions & answers by OWASP
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers
OWASP379 views
Mod security by Shruthi Kamath
Mod securityMod security
Mod security
Shruthi Kamath1.8K views
Anatomy of a Cloud Hack by NotSoSecure Global Services
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
NotSoSecure Global Services2.1K views
[OWASP Poland Day] A study of Electron security by OWASP
[OWASP Poland Day] A study of Electron security[OWASP Poland Day] A study of Electron security
[OWASP Poland Day] A study of Electron security
OWASP1.1K views
Network Security in 2016 by Qrator Labs
Network Security in 2016Network Security in 2016
Network Security in 2016
Qrator Labs784 views
NGINX User Summit. Wallarm llightning talk by Wallarm
NGINX User Summit. Wallarm llightning talkNGINX User Summit. Wallarm llightning talk
NGINX User Summit. Wallarm llightning talk
Wallarm1.8K views
[OWASP Poland Day] Security knowledge framework by OWASP
[OWASP Poland Day] Security knowledge framework[OWASP Poland Day] Security knowledge framework
[OWASP Poland Day] Security knowledge framework
OWASP781 views
CSW2017 chuanda ding_state of windows application security by CanSecWest
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
CanSecWest1.1K views
IT security for all. Bootcamp slides by Wallarm
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
Wallarm1.1K views
Securing application deployments in multi-tenant CI/CD environments by Binu Ramakrishnan
Securing application deployments in multi-tenant CI/CD environmentsSecuring application deployments in multi-tenant CI/CD environments
Securing application deployments in multi-tenant CI/CD environments
Binu Ramakrishnan2.4K views
Web Application firewall-Mod security by Romansh Yadav
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod security
Romansh Yadav675 views
RuSIEM IT assets by Olesya Shelestova
RuSIEM IT assetsRuSIEM IT assets
RuSIEM IT assets
Olesya Shelestova249 views
A Scalable Client Authentication & Authorization Service for Container-Based ... by Binu Ramakrishnan
A Scalable Client Authentication & Authorization Service for Container-Based ...A Scalable Client Authentication & Authorization Service for Container-Based ...
A Scalable Client Authentication & Authorization Service for Container-Based ...
Binu Ramakrishnan527 views
Locking Down Your Cloud by Teri Radichel
Locking Down Your CloudLocking Down Your Cloud
Locking Down Your Cloud
Teri Radichel415 views
Implementing ossec by Jeronimo Zucco
Implementing ossecImplementing ossec
Implementing ossec
Jeronimo Zucco8.5K views
Securing Application Deployments in CI/CD Environments (Updated slides: http:... by Binu Ramakrishnan
Securing Application Deployments in CI/CD Environments (Updated slides: http:...Securing Application Deployments in CI/CD Environments (Updated slides: http:...
Securing Application Deployments in CI/CD Environments (Updated slides: http:...
Binu Ramakrishnan2.6K views
Web & Cloud Security in the real world by Madhu Akula
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
Madhu Akula1.5K views

Viewers also liked

Automating OpenSCAP with Foreman by
Automating OpenSCAP with ForemanAutomating OpenSCAP with Foreman
Automating OpenSCAP with Foremanszadok
5.4K views16 slides
Linux Security, from Concept to Tooling by
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to ToolingMichael Boelen
1.9K views52 slides
Docker Security - Secure Container Deployment on Linux by
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on LinuxMichael Boelen
3.4K views48 slides
Linux Security Scanning with Lynis by
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with LynisMichael Boelen
1.2K views52 slides
Linux Security by
Linux SecurityLinux Security
Linux Securitynayakslideshare
2.2K views43 slides
Kernel Recipes 2013 - Linux Security Modules: different formal concepts by
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
2.9K views51 slides

Viewers also liked(20)

Automating OpenSCAP with Foreman by szadok
Automating OpenSCAP with ForemanAutomating OpenSCAP with Foreman
Automating OpenSCAP with Foreman
szadok5.4K views
Linux Security, from Concept to Tooling by Michael Boelen
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to Tooling
Michael Boelen1.9K views
Docker Security - Secure Container Deployment on Linux by Michael Boelen
Docker Security - Secure Container Deployment on LinuxDocker Security - Secure Container Deployment on Linux
Docker Security - Secure Container Deployment on Linux
Michael Boelen3.4K views
Linux Security Scanning with Lynis by Michael Boelen
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
Michael Boelen1.2K views
Linux Security by nayakslideshare
Linux SecurityLinux Security
Linux Security
nayakslideshare2.2K views
Kernel Recipes 2013 - Linux Security Modules: different formal concepts by Anne Nicolas
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Anne Nicolas2.9K views
Security and Linux Security by Rizky Ariestiyansyah
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
Rizky Ariestiyansyah7K views
Linux Security Myth by Mackenzie Morgan
Linux Security MythLinux Security Myth
Linux Security Myth
Mackenzie Morgan3.5K views
Introduction To Linux Security by Michael Boman
Introduction To Linux SecurityIntroduction To Linux Security
Introduction To Linux Security
Michael Boman1.5K views
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview by Shawn Wells
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells617 views
linux security: interact with linux by Ammar WK
linux security: interact with linuxlinux security: interact with linux
linux security: interact with linux
Ammar WK1.3K views
Security of Linux containers in the cloud by Dobrica Pavlinušić
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
Dobrica Pavlinušić4.6K views
Rise of the Machines - Automate your Development by Sven Peters
Rise of the Machines - Automate your DevelopmentRise of the Machines - Automate your Development
Rise of the Machines - Automate your Development
Sven Peters149.2K views
Jenkins Docker by Alex Soto
Jenkins DockerJenkins Docker
Jenkins Docker
Alex Soto65.3K views
Ic maven jenkins_sonar by Rocío Muñoz
Ic maven jenkins_sonarIc maven jenkins_sonar
Ic maven jenkins_sonar
Rocío Muñoz26.6K views
Dockercon2015 bamboo by Steve Smith
Dockercon2015 bambooDockercon2015 bamboo
Dockercon2015 bamboo
Steve Smith27.9K views
Game of Codes: the Battle for CI by Atlassian
Game of Codes: the Battle for CIGame of Codes: the Battle for CI
Game of Codes: the Battle for CI
Atlassian27.3K views
Master Continuous Delivery with CloudBees Jenkins Platform by dcjuengst
Master Continuous Delivery with CloudBees Jenkins PlatformMaster Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins Platform
dcjuengst32.3K views
GitFlow, SourceTree and GitLab by Shinu Suresh
GitFlow, SourceTree and GitLabGitFlow, SourceTree and GitLab
GitFlow, SourceTree and GitLab
Shinu Suresh32.9K views
Getting started with Jenkins by Edureka!
Getting started with JenkinsGetting started with Jenkins
Getting started with Jenkins
Edureka!28.4K views

Similar to Linux Security for Developers

Understanding SELinux For the Win by
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Winbmbouter
777 views39 slides
Thinking DevOps in the Era of the Cloud - Demi Ben-Ari by
Thinking DevOps in the Era of the Cloud - Demi Ben-AriThinking DevOps in the Era of the Cloud - Demi Ben-Ari
Thinking DevOps in the Era of the Cloud - Demi Ben-AriDemi Ben-Ari
67 views62 slides
Security .NET.pdf by
Security .NET.pdfSecurity .NET.pdf
Security .NET.pdfAbhi Jain
115 views87 slides
Iot development from prototype to production by
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
1.2K views24 slides
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint... by
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...Mike Spaulding
394 views42 slides
Web Security: What's wrong, and how the bad guys can break your website by
Web Security: What's wrong, and how the bad guys can break your websiteWeb Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your websiteAndrew Sorensen
447 views34 slides

Similar to Linux Security for Developers(20)

Understanding SELinux For the Win by bmbouter
Understanding SELinux For the WinUnderstanding SELinux For the Win
Understanding SELinux For the Win
bmbouter777 views
Thinking DevOps in the Era of the Cloud - Demi Ben-Ari by Demi Ben-Ari
Thinking DevOps in the Era of the Cloud - Demi Ben-AriThinking DevOps in the Era of the Cloud - Demi Ben-Ari
Thinking DevOps in the Era of the Cloud - Demi Ben-Ari
Demi Ben-Ari67 views
Security .NET.pdf by Abhi Jain
Security .NET.pdfSecurity .NET.pdf
Security .NET.pdf
Abhi Jain115 views
Iot development from prototype to production by Mender.io
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
Mender.io1.2K views
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint... by Mike Spaulding
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
BlackHat Presentation - Lies and Damn Lies: Getting past the Hype of Endpoint...
Mike Spaulding394 views
Web Security: What's wrong, and how the bad guys can break your website by Andrew Sorensen
Web Security: What's wrong, and how the bad guys can break your websiteWeb Security: What's wrong, and how the bad guys can break your website
Web Security: What's wrong, and how the bad guys can break your website
Andrew Sorensen447 views
WTF is a Microservice - Rafael Schloming, Datawire by Ambassador Labs
WTF is a Microservice - Rafael Schloming, DatawireWTF is a Microservice - Rafael Schloming, Datawire
WTF is a Microservice - Rafael Schloming, Datawire
Ambassador Labs2K views
Web Application Security: Introduction to common classes of security flaws an... by Thoughtworks
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
Thoughtworks4.2K views
Tw noche geek quito webappsec by Thoughtworks
Tw noche geek quito webappsecTw noche geek quito webappsec
Tw noche geek quito webappsec
Thoughtworks1.8K views
Hardening Plone, a military-strength CMS by khink
Hardening Plone, a military-strength CMSHardening Plone, a military-strength CMS
Hardening Plone, a military-strength CMS
khink1.5K views
Bypassing Windows Security Functions(en) by abend_cve_9999_0001
Bypassing Windows Security Functions(en)Bypassing Windows Security Functions(en)
Bypassing Windows Security Functions(en)
abend_cve_9999_00019.3K views
Toronto Virtual Meetup #5 - API Security and Threats by Alexandra N. Martinez
Toronto Virtual Meetup #5 - API Security and ThreatsToronto Virtual Meetup #5 - API Security and Threats
Toronto Virtual Meetup #5 - API Security and Threats
Alexandra N. Martinez492 views
IoT Development from Prototype to Production by Mender.io
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
Mender.io290 views
C days2015 by Nuno Loureiro
C days2015C days2015
C days2015
Nuno Loureiro848 views
Applying formal methods to existing software by B.Monate by Mahaut Gouhier
Applying formal methods to existing software by B.MonateApplying formal methods to existing software by B.Monate
Applying formal methods to existing software by B.Monate
Mahaut Gouhier329 views
MobSecCon 2015 - Burning Marshmallows by Ron Munitz
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
Ron Munitz143 views
Blockade.io : One Click Browser Defense by RiskIQ, Inc.
Blockade.io : One Click Browser DefenseBlockade.io : One Click Browser Defense
Blockade.io : One Click Browser Defense
RiskIQ, Inc.405 views
vodQA(Pune) 2018 - QAing the security way by vodQA
vodQA(Pune) 2018 - QAing the security wayvodQA(Pune) 2018 - QAing the security way
vodQA(Pune) 2018 - QAing the security way
vodQA173 views
DevOps & DevSecOps in Swiss Banking by Aarno Aukia
DevOps & DevSecOps in Swiss BankingDevOps & DevSecOps in Swiss Banking
DevOps & DevSecOps in Swiss Banking
Aarno Aukia167 views
QCon SF 2017 - Microservices: Service-Oriented Development by Ambassador Labs
QCon SF 2017 - Microservices: Service-Oriented DevelopmentQCon SF 2017 - Microservices: Service-Oriented Development
QCon SF 2017 - Microservices: Service-Oriented Development
Ambassador Labs498 views

More from Michael Boelen

Lets make better scripts by
Lets make better scriptsLets make better scripts
Lets make better scriptsMichael Boelen
125 views91 slides
Getting Traction for (your) Open Source Projects by
Getting Traction for (your) Open Source ProjectsGetting Traction for (your) Open Source Projects
Getting Traction for (your) Open Source ProjectsMichael Boelen
420 views49 slides
Dealing with Linux Malware by
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux MalwareMichael Boelen
1.8K views35 slides
Commercieel gaan met je open source project by
Commercieel gaan met je open source projectCommercieel gaan met je open source project
Commercieel gaan met je open source projectMichael Boelen
474 views35 slides
Docker Security: Are Your Containers Tightly Secured to the Ship? by
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?Michael Boelen
8.7K views44 slides
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014 by
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014Michael Boelen
3K views17 slides

More from Michael Boelen(6)

Lets make better scripts by Michael Boelen
Lets make better scriptsLets make better scripts
Lets make better scripts
Michael Boelen125 views
Getting Traction for (your) Open Source Projects by Michael Boelen
Getting Traction for (your) Open Source ProjectsGetting Traction for (your) Open Source Projects
Getting Traction for (your) Open Source Projects
Michael Boelen420 views
Dealing with Linux Malware by Michael Boelen
Dealing with Linux MalwareDealing with Linux Malware
Dealing with Linux Malware
Michael Boelen1.8K views
Commercieel gaan met je open source project by Michael Boelen
Commercieel gaan met je open source projectCommercieel gaan met je open source project
Commercieel gaan met je open source project
Michael Boelen474 views
Docker Security: Are Your Containers Tightly Secured to the Ship? by Michael Boelen
Docker Security: Are Your Containers Tightly Secured to the Ship?Docker Security: Are Your Containers Tightly Secured to the Ship?
Docker Security: Are Your Containers Tightly Secured to the Ship?
Michael Boelen8.7K views
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014 by Michael Boelen
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014
Lynis - Hardening and auditing for Linux, Mac and Unix - NLUUG May 2014
Michael Boelen3K views

Recently uploaded

Quality Engineer: A Day in the Life by
Quality Engineer: A Day in the LifeQuality Engineer: A Day in the Life
Quality Engineer: A Day in the LifeJohn Valentino
6 views18 slides
SUGCON ANZ Presentation V2.1 Final.pptx by
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptxJack Spektor
23 views34 slides
Programming Field by
Programming FieldProgramming Field
Programming Fieldthehardtechnology
5 views9 slides
Fleet Management Software in India by
Fleet Management Software in India Fleet Management Software in India
Fleet Management Software in India Fleetable
11 views1 slide
DSD-INT 2023 The Danube Hazardous Substances Model - Kovacs by
DSD-INT 2023 The Danube Hazardous Substances Model - KovacsDSD-INT 2023 The Danube Hazardous Substances Model - Kovacs
DSD-INT 2023 The Danube Hazardous Substances Model - KovacsDeltares
10 views17 slides
Advanced API Mocking Techniques by
Advanced API Mocking TechniquesAdvanced API Mocking Techniques
Advanced API Mocking TechniquesDimpy Adhikary
19 views11 slides

Recently uploaded(20)

Quality Engineer: A Day in the Life by John Valentino
Quality Engineer: A Day in the LifeQuality Engineer: A Day in the Life
Quality Engineer: A Day in the Life
John Valentino6 views
SUGCON ANZ Presentation V2.1 Final.pptx by Jack Spektor
SUGCON ANZ Presentation V2.1 Final.pptxSUGCON ANZ Presentation V2.1 Final.pptx
SUGCON ANZ Presentation V2.1 Final.pptx
Jack Spektor23 views
Programming Field by thehardtechnology
Programming FieldProgramming Field
Programming Field
thehardtechnology5 views
Fleet Management Software in India by Fleetable
Fleet Management Software in India Fleet Management Software in India
Fleet Management Software in India
Fleetable11 views
DSD-INT 2023 The Danube Hazardous Substances Model - Kovacs by Deltares
DSD-INT 2023 The Danube Hazardous Substances Model - KovacsDSD-INT 2023 The Danube Hazardous Substances Model - Kovacs
DSD-INT 2023 The Danube Hazardous Substances Model - Kovacs
Deltares10 views
Advanced API Mocking Techniques by Dimpy Adhikary
Advanced API Mocking TechniquesAdvanced API Mocking Techniques
Advanced API Mocking Techniques
Dimpy Adhikary19 views
Ports-and-Adapters Architecture for Embedded HMI by Burkhard Stubert
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMI
Burkhard Stubert21 views
MS PowerPoint.pptx by Litty Sylus
MS PowerPoint.pptxMS PowerPoint.pptx
MS PowerPoint.pptx
Litty Sylus5 views
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium... by Lisi Hocke
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Lisi Hocke35 views
Generic or specific? Making sensible software design decisions by Bert Jan Schrijver
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Bert Jan Schrijver6 views
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... by TomHalpin9
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
TomHalpin96 views
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra... by Marc Müller
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra....NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
.NET Developer Conference 2023 - .NET Microservices mit Dapr – zu viel Abstra...
Marc Müller40 views
FOSSLight Community Day 2023-11-30 by Shane Coughlan
FOSSLight Community Day 2023-11-30FOSSLight Community Day 2023-11-30
FOSSLight Community Day 2023-11-30
Shane Coughlan5 views
Myths and Facts About Hospice Care: Busting Common Misconceptions by Care Coordinations
Myths and Facts About Hospice Care: Busting Common MisconceptionsMyths and Facts About Hospice Care: Busting Common Misconceptions
Myths and Facts About Hospice Care: Busting Common Misconceptions
Care Coordinations6 views
Navigating container technology for enhanced security by Niklas Saari by Metosin Oy
Navigating container technology for enhanced security by Niklas SaariNavigating container technology for enhanced security by Niklas Saari
Navigating container technology for enhanced security by Niklas Saari
Metosin Oy14 views
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports by Ra'Fat Al-Msie'deen
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug ReportsBushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports
BushraDBR: An Automatic Approach to Retrieving Duplicate Bug Reports
Ra'Fat Al-Msie'deen8 views
HarshithAkkapelli_Presentation.pdf by harshithakkapelli
HarshithAkkapelli_Presentation.pdfHarshithAkkapelli_Presentation.pdf
HarshithAkkapelli_Presentation.pdf
harshithakkapelli11 views
SAP FOR CONTRACT MANUFACTURING.pdf by Virendra Rai, PMP
SAP FOR CONTRACT MANUFACTURING.pdfSAP FOR CONTRACT MANUFACTURING.pdf
SAP FOR CONTRACT MANUFACTURING.pdf
Virendra Rai, PMP13 views
Dapr Unleashed: Accelerating Microservice Development by Miroslav Janeski
Dapr Unleashed: Accelerating Microservice DevelopmentDapr Unleashed: Accelerating Microservice Development
Dapr Unleashed: Accelerating Microservice Development
Miroslav Janeski10 views
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action by Márton Kodok
Gen Apps on Google Cloud PaLM2 and Codey APIs in ActionGen Apps on Google Cloud PaLM2 and Codey APIs in Action
Gen Apps on Google Cloud PaLM2 and Codey APIs in Action
Márton Kodok6 views

Linux Security for Developers