Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Your Attackers Won't Be Happy! How GitLab Can
Help You Secure Your Applications
Introductions
● Nico Meisenzahl - white duck - Senior Cloud & DevOps Consultant - @nmeisenzahl
● Philippe Lafoucriere - Gi...
#GitLabCommit
Roles
● Nico: Application developer
● Philippe: Security operations team
● Wayne Haber: Attacker
Normal operation
#GitLabCommit
Demo: Normal application use
Photo credit: https://unsplash.com/@cgower
Exploit the application!
#GitLabCommit
Demo: Attack the application!
Photo credit: https://unsplash.com/@jackson_893
Layered security controls
Layered security controls
GitLab Secure
Layered security controls
GitLab Container
Host Security
Layered security controls
GitLab Container
Network Security
#GitLabCommit
Demo: Detect the attacks
Photo credit: https://unsplash.com/@olloweb
#GitLabCommit
Demo: Fix the security issue
Photo credit: https://unsplash.com/@vantaymedia
Defense in depth
1. Design for security
2. Check code for security issues
a. GitLab Secure stage (SAST, DAST, Dependency S...
Thank you and links
Thank you Zamir Martins Filho for the help with the demo environment!
Links:
● Demo App
○ https://gitl...
Questions? (in chat)
Upcoming SlideShare
Loading in …5
×

of

GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 1 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 2 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 3 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 4 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 5 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 6 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 7 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 8 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 9 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 10 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 11 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 12 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 13 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 14 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 15 GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications! Slide 16
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

0 Likes

Share

Download to read offline

GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications!

Download to read offline

Join Nico, Philippe, and Wayne for a session full of Containers, Kubernetes, and security!
In this talk, you will learn how GitLab Defend features can help you to effectively secure your applications and services. We will guide you through different features using real-scenarios use-cases and demos with demonstrations from the perspectives of a software developer, security engineer, and hacker. You will learn how to secure your application ingress using the Web Application Firewall, securing east-west application traffic with Container Network Security as well as threat detection with Container Behaviour Analytics. Everything within your GitLab project!
Walk away and know everything you need to know to successfully secure your cloud native applications and services!

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

GitLab Commit: Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Cloud Native Applications!

  1. 1. Your Attackers Won't Be Happy! How GitLab Can Help You Secure Your Applications
  2. 2. Introductions ● Nico Meisenzahl - white duck - Senior Cloud & DevOps Consultant - @nmeisenzahl ● Philippe Lafoucriere - GitLab - Distinguished Engineer - @plafoucriere ● Wayne Haber - GitLab - Director of Engineering: Threat Management - @waynehaber
  3. 3. #GitLabCommit Roles ● Nico: Application developer ● Philippe: Security operations team ● Wayne Haber: Attacker
  4. 4. Normal operation
  5. 5. #GitLabCommit Demo: Normal application use Photo credit: https://unsplash.com/@cgower
  6. 6. Exploit the application!
  7. 7. #GitLabCommit Demo: Attack the application! Photo credit: https://unsplash.com/@jackson_893
  8. 8. Layered security controls
  9. 9. Layered security controls GitLab Secure
  10. 10. Layered security controls GitLab Container Host Security
  11. 11. Layered security controls GitLab Container Network Security
  12. 12. #GitLabCommit Demo: Detect the attacks Photo credit: https://unsplash.com/@olloweb
  13. 13. #GitLabCommit Demo: Fix the security issue Photo credit: https://unsplash.com/@vantaymedia
  14. 14. Defense in depth 1. Design for security 2. Check code for security issues a. GitLab Secure stage (SAST, DAST, Dependency Scanning, etc) 3. Monitor for attacks. Including: a. GitLab Defend container network policies (such as WAF and Cilium) b. GitLab Defend container host policies (such as Falco and AppArmor) c. GitLab Monitor host & application logs (such as Elastic) d. Cloud provider logs (such as Cloudwatch and LogAnalytics) 4. Respond to attacks a. What did the attacker do in Redis? b. What actions should be taken to respond? (Restore data from backup, etc) c. Isolate pods for forensics 5. Determine root causes and take action to avoid recurrences a. Implement network and host policies to be default deny b. RCA and fix security bugs in code c. Developer training
  15. 15. Thank you and links Thank you Zamir Martins Filho for the help with the demo environment! Links: ● Demo App ○ https://gitlab.com/gitlab-commit-defend-demo/sample-app ● K8s management project ○ https://gitlab.com/gitlab-commit-defend-demo/gitlab-commit-aks-management ● GitLab Defend features ○ https://docs.gitlab.com/ee/topics/autodevops/#network-policy ○ https://docs.gitlab.com/ee/user/application_security/ ○ https://about.gitlab.com/handbook/engineering/development/threat-management/ ● white duck ○ https://whiteduck.de/en/
  16. 16. Questions? (in chat)

Join Nico, Philippe, and Wayne for a session full of Containers, Kubernetes, and security! In this talk, you will learn how GitLab Defend features can help you to effectively secure your applications and services. We will guide you through different features using real-scenarios use-cases and demos with demonstrations from the perspectives of a software developer, security engineer, and hacker. You will learn how to secure your application ingress using the Web Application Firewall, securing east-west application traffic with Container Network Security as well as threat detection with Container Behaviour Analytics. Everything within your GitLab project! Walk away and know everything you need to know to successfully secure your cloud native applications and services!

Views

Total views

88

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

4

Shares

0

Comments

0

Likes

0

×