Built-in security is one of the most important features in Docker. But to build a secure app, you have to understand how to take advantage of these features. Security begins with the platform, but also requires conscious secure design at all stages of app development. In this session, we'll cover the latest features in Docker security, and how you can leverage them. You'll learn how to add them to your existing development pipeline, as well as how you can and streamline your workflow while making it more secure.
Journey to Docker Production: Evolving Your Infrastructure and Processes - Br...Docker, Inc.
DevOps in the Real World is far from perfect, and we're all somewhere on the path to one day writing that "Amazing-Hacker-News-Post about your chat-bot fully-automated micro-service infrastructure." But until then, how can you *really* start using containers today, in meaningful ways that impact yours and your customers productivity? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. No Docker 101 here, this is for helping you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today.
Global Operations with Docker for the Enterprise - Nico Kabar, DockerDocker, Inc.
Enterprises often have hundreds or even thousands of applications spread across hundreds of development teams, business units and geographies. This presents challenges to IT teams as they architect an environment to run Docker apps on globally distributed hybrid cloud infrastructure, developed by distributed dev teams and consumed by customers around the world. Docker Datacenter provides the technology and framework to implement a global software supply chain. This session will dig into the design considerations, tools and best practices to address this type of environment with Docker Datacenter. And there will be data, demos and tools! Results from various performance tests will be presented in conjunction with recommendations for high-availability configurations, content cache use cases for faster developer workflow and scheduling strategies for improving application resilience.
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.
cover how Docker Cloud can help you and your team easily deploy and manage multiple Swarms across different Cloud providers in a secure and platform agnostic way. We will cover how we provide a secure authentication framework for Swarms backed by Docker Cloud and how that enables seamless collaboration across your team.
What’s New in Docker - Victor Vieux, DockerDocker, Inc.
It’s the first breakout after the keynote and you need to know more about all the latest and greatest Docker announcements. We've got you covered! In this session, Victor Vieux, will go deeper looking into what's new with Docker, demo the latest features and answer your questions.
Troubleshooting Tips from a Docker Support EngineerJeff Anderson
Troubleshooting is like going on an adventure. Here are some tips for how to tackle unexpected situations when using Docker.
These cases were pulled from the most common issues encountered while helping folks in the Docker community solve issues.
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityDocker, Inc.
Containers are made with namespacing and cgroups, but what does that really mean? In this talk we'll write a container from scratch in Go, using bare system calls, and explore how the different namespaces affect the container's view of the world and the resources it has access to.
Escape From Your VMs with Image2Docker Jeff Nickoloff, All in Geek Consulting...Docker, Inc.
Migrating apps out of Virtual Machines is difficult, especially distributed apps with multiple components, and even more so when the components run on different operating systems. But with the Docker platform and the Image2Docker tools - which extract Linux and Windows apps from existing VMs into containers - it's easy. In this session we'll take a PHP front-end application running in a Linux VM, which connects to a .NET Web Service running in a Windows VM, and convert the whole stack to Docker automatically. Then we'll run the app on a hybrid Docker Datacenter cluster, where we can manage the Windows and Linux components from a single pane of glass.
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Docker, Inc.
People typically think of Docker for microservices and try to make the smallest container they can. There are tremendous benefits to a microservices model but those are not the only apps that qualify for containers. Traditional, homegrown, monolithic apps are also great candidates for Docker - why? By containerizing these apps, many of the same agility, portability, security and cost savings benefits can be applied to the hundreds (if not thousands) of apps in your datacenters. But where to begin? Attend this session to learn how to approach modernizing traditional apps (MTA), considerations, the available tools and possibilities.
Journey to Docker Production: Evolving Your Infrastructure and Processes - Br...Docker, Inc.
DevOps in the Real World is far from perfect, and we're all somewhere on the path to one day writing that "Amazing-Hacker-News-Post about your chat-bot fully-automated micro-service infrastructure." But until then, how can you *really* start using containers today, in meaningful ways that impact yours and your customers productivity? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. No Docker 101 here, this is for helping you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today.
Global Operations with Docker for the Enterprise - Nico Kabar, DockerDocker, Inc.
Enterprises often have hundreds or even thousands of applications spread across hundreds of development teams, business units and geographies. This presents challenges to IT teams as they architect an environment to run Docker apps on globally distributed hybrid cloud infrastructure, developed by distributed dev teams and consumed by customers around the world. Docker Datacenter provides the technology and framework to implement a global software supply chain. This session will dig into the design considerations, tools and best practices to address this type of environment with Docker Datacenter. And there will be data, demos and tools! Results from various performance tests will be presented in conjunction with recommendations for high-availability configurations, content cache use cases for faster developer workflow and scheduling strategies for improving application resilience.
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.
cover how Docker Cloud can help you and your team easily deploy and manage multiple Swarms across different Cloud providers in a secure and platform agnostic way. We will cover how we provide a secure authentication framework for Swarms backed by Docker Cloud and how that enables seamless collaboration across your team.
What’s New in Docker - Victor Vieux, DockerDocker, Inc.
It’s the first breakout after the keynote and you need to know more about all the latest and greatest Docker announcements. We've got you covered! In this session, Victor Vieux, will go deeper looking into what's new with Docker, demo the latest features and answer your questions.
Troubleshooting Tips from a Docker Support EngineerJeff Anderson
Troubleshooting is like going on an adventure. Here are some tips for how to tackle unexpected situations when using Docker.
These cases were pulled from the most common issues encountered while helping folks in the Docker community solve issues.
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityDocker, Inc.
Containers are made with namespacing and cgroups, but what does that really mean? In this talk we'll write a container from scratch in Go, using bare system calls, and explore how the different namespaces affect the container's view of the world and the resources it has access to.
Escape From Your VMs with Image2Docker Jeff Nickoloff, All in Geek Consulting...Docker, Inc.
Migrating apps out of Virtual Machines is difficult, especially distributed apps with multiple components, and even more so when the components run on different operating systems. But with the Docker platform and the Image2Docker tools - which extract Linux and Windows apps from existing VMs into containers - it's easy. In this session we'll take a PHP front-end application running in a Linux VM, which connects to a .NET Web Service running in a Windows VM, and convert the whole stack to Docker automatically. Then we'll run the app on a hybrid Docker Datacenter cluster, where we can manage the Windows and Linux components from a single pane of glass.
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Docker, Inc.
People typically think of Docker for microservices and try to make the smallest container they can. There are tremendous benefits to a microservices model but those are not the only apps that qualify for containers. Traditional, homegrown, monolithic apps are also great candidates for Docker - why? By containerizing these apps, many of the same agility, portability, security and cost savings benefits can be applied to the hundreds (if not thousands) of apps in your datacenters. But where to begin? Attend this session to learn how to approach modernizing traditional apps (MTA), considerations, the available tools and possibilities.
You Don't Have to Start Over! A Practical Guide for Adopting Docker in the En...Docker, Inc.
So you are looking to adopt docker, but receive feedback and commentary such as "our development pipeline won't support containers" or "the applications aren't micro services, so I don't see a benefit." You are not alone, these and other statements are common misconceptions when considering using docker in the enterprise. Perhaps having a real enterprise use case with some tips on objection handling would support your goal of adopting docker in your organization? In this presentation, Chris Ciborowski, CEO and Principal Consultant at Nebulaworks and Docker Captain will discuss ways that you can leverage docker in existing enterprise environments providing tangible benefits to both developers and operations teams and accelerate DevOps adoption. He will also provide a few insider tips on objection handling learned while working on enterprise container adoption in enterprise clients.
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
This talk will start with a deep dive and hands on examples of BPF, possibly the most promising low level technology to address challenges in application and network security, tracing, and visibility. We will discuss how BPF evolved from a simple bytecode language to filter raw sockets for tcpdump to the a JITable virtual machine capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss and demonstrate how Cilium with the help of BPF can be combined with distributed system orchestration such as Docker to simplify security, operations, and troubleshooting of distributed applications.
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
True microservices are more than simply bolting a REST interface on your legacy application, packing it in a Docker container and hoping for the best. Security is a key component when designing and building out any new architecture, and it must be considered from top to bottom. Umpa Lumpas might not be considered "real" microservices, but Willy Wonka still has them locked down tight!
In this talk, Aaron will briefly touch on the idea and security benefits of microservices before diving into practical and real world examples of creating a secure microservices architecture. We'll start with designing and building high security Docker containers, using and examining the latest security features in Docker (such as User Namespaces and seccomp-bpf) as well as examine some typically forgotten security principals. Aaron will end on exploring related challenges and solutions in the areas of network security, secrets management and application hardening. Finally, while this talk is geared towards Microservices, it should prove informational for all Docker users, building a PaaS or otherwise.
How to be successful running Docker in ProductionDocker, Inc.
John’s presentation will cover his lessons learned from running Docker in Production @ SalesforceIQ. Learn how to scale your registry using AWS and S3. Should you use Device Mapper or AUFS? Why run Swarm, Mesos, Kubernetes, or neither. Finally, know how persistent storage (Kafka, Cassandra, or SQL) can be run successfully with Docker in Production
His team focuses on Docker based solutions to power their SaaS infrastructure and developer operations.
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...Docker, Inc.
Presentation by Michael Neale, co-founder, CloudBees
In this presentation I will show how you can use and abuse namespaces to do things that you might not think were possible in docker. In doing this I will show how you can create a volume bind mount in a running container, and use "super privileged" containers to control other containers on the same machine. There are many uses for this, but at it also demystifies what some of the namespaces in linux are, and how they work (hint: everything is files, its unix!).
Browser Testing with Docker - Craig HuberDocker, Inc.
Integration tests are an integral part of any modern web application, and regardless of which front-end or server side framework you choose, you'll likely be running Selenium tests. While Selenium tests are easy to write and execute on your local workstation, Works On My Machine™ won't get you past your CI system. Now you're stuck with two bad options, use a SaaS provider and live with slow builds or running your own Selenium Grid and managing a multitude of machines and browser versions. Rock, meet hard place, right? It doesn't have to be that way! In this talk you'll see how easy it is to setup a Selenium Grid with Docker, how easy it is to maintain, and how to extend and grow your Selenium grid to satisfy your team's needs. It's not all roses and sunshine, so you'll see some common issues presented and how to avoid them. Finally, a Selenium Grid you'll want to manage!
DockerCon EU 2015: Docker and PCI-DSS - Lessons learned in a security sensiti...Docker, Inc.
Presented by Udo Seidel, Chief Architect and Digital Evangelist, Amadeus
In the recent past there were quite some discussions about security in the context of introducing or using Docker. It is true that there are some gaps to be closed but the whole story does not start from square one either. At Amadeus we are using Docker to build our future-oriented services and to introduce devops culture. Due to the nature of our business we have to deal with Security certifications like PCI-DSS, SSAE 16 and ISO 27001. This talks described the challenges we were facing in that context and how we mastered them. The story has technical and non-technical aspects.
DCSF19 CMD and Conquer: Containerizing the Monolith Docker, Inc.
Tony Lee & Nelson Wang, Splunk
Modern microservice-oriented software architectures evangelize the principles of infrastructure-as-code and declarative directives to manage and run applications. At Splunk, we wanted to marry these ideals with the majestic monolith, Splunk Enterprise, to simplify the use of our product through containerization. Without rearchitecting the entire product from the ground-up, which can be a costly investment, we focused on incorporating a flexible configuration management layer on top of the core application. This has enabled us to make running Splunk in Docker act and behave as a true microservice, greatly reducing the friction of migrating towards more container-native software.
We not only concentrated on making our open-source Docker image initiative user-friendly and production-ready, but we also wanted to seamlessly integrate it back into our internal engineering process. Join us for this session as we discuss migrating a traditional application into a microservice ecosystem, developing a containerization strategy for both external customer usage and internal development, as well as learning about our internal container platform at scale.
A Survey of Container Security in 2016: A Security Update on Container PlatformsSalman Baset
This talk is an update of container security in 2016. It describes the security measures that containers provide, shows how containers provide security measures out of box that are prone to configuration errors when running applications directly on host, and finally lists the ongoing in container security in the community.
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveDocker, Inc.
Dockerfiles are great. They provide a zero-barrier-to-entry format for
describing a single Docker image which is immediately clear to anyone
reading them. But with that simplicity comes problems that become
apparent as your adoption of Docker gathers pace.
* Dockerfiles can inherit from other docker images, but images are not
Dockerfiles
* Dockerfile provides no built-in mechanism for creating abstractions,
so as usage grows identical or similar instructions can be duplicated
across many files
* The Docker APi exposes a build endpoint, but the API is very course,
taking Dockerfile as the transport rather than exposing the individual
instructions
* Dockerfiles are just that, files. So they can come from anywhere
The one layer per line in a Dockerfile limitation can lead to an
explosion of layers, which fail to take advantage of the promised
space and performance benefits.
It takes a Village to do the Impossible - Jeff LindsayDocker, Inc.
From one of the most quietly prolific open source developers in the Docker ecosystem comes an exciting new open source tool unlike anything you've seen before. And while that's probably true,it's actually quite mundane in his grand scheme. A two part talk starting with a demo, and then a sampling of what's to come and how you can be a part of it.
Learn best practices in container security to make your containers seaworthy through the build, ship, and run lifecycle.
Demos temporarily living at github.com/endophage/apps (look under wordpress dir)
Secure Substrate: Least Privilege Container Deployment Docker, Inc.
Riyaz Faizullabhoy - Security Engineer, Docker
Diogo Mónica - Security Lead, Docker
The popularity of containers has driven the need for distributed systems that can provide a substrate for container deployments. These systems need the ability to provision and manage resources, place workloads, and adapt in the presence of failures. In particular, container orchestrators make it easy for anyone to manage their container workloads using their cloud-based or on-premise infrastructure. Unfortunately, most of these systems have not been architected with security in mind.Compromise of a less-privileged node can allow an attacker to escalate privileges to either gain control of the whole system, or to access resources it shouldn't have access to. In this talk, we will go over how Docker has been working to build secure blocks that allow you to run a least privilege infrastructure - where any participant of the system only has access to the resources that are strictly necessary for its legitimate purpose. No more, no less.
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
Presentation by Jessie Frazelle, Software Engineer, Docker and Arnaud Porterie, Sr. Engineering Manager, Docker
Learn the latest capabilities in Docker Engine and how to use them in your application. We’ll discuss best practices for using Engine, troubleshooting tips, and cool lesser known features.
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...Docker, Inc.
Presented by Gareth Rushgrove, Sr. Software Engineer, Puppet Labs
The shipping container metaphor for Docker points to many of the advantages of building and running software using containers. But what about other essential parts of the shipping container ecosystem like the shipping manifest and bill of lading?
Many of the most powerful features of traditional package management tools like apt or yum are based on metadata associated with the packages. You can find out who created a package and when, check where a particular file came from, whether the package has a known vulnerability and more. What would this capability look like for Docker containers?
This talk will look at the power of metadata for containers, in particular:
* Docker provides labels for associating metadata with images and containers but how best to use them?* What problems can be solved by agreeing on standards for container metadata?* Exposing standard commands and endpoints to expose metadata about what is inside a container* Demo some open source toolings and also look at the sort of tools we might build atop those standards and low-level tools.
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
In celebration of Docker's 5th birthday in March, user groups all around the world hosted birthday events with an introduction to Docker presentation and hands-on-labs. We invited Docker users to recognize where they were on their Docker journey and the goal was to help them take the next step of their journey with the help of mentors. This presentation was done at the beginning of the events (this one is from the San Francisco event in HQ) and gives a run down of the birthday event series, Docker's momentum, a basic explanation of containers, the benefits of using the Docker platform, Docker + Kubernetes and more.
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
Ever find yourself needing data pipelines to feed a hungry data-driven culture, but not sure where to start, or what features are essential? In this talk, I will demonstrate a baseline data pipeline infrastructure built with Jenkins and Docker EE that checks all the boxes. Data pipelines often exist as that mysterious plumbing buried underground: occasionally inspected, but largely prone to silent failures and the ensuing hot fixes. Join the quest to daylight the infrastructure and benefit!
Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17.
To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.
Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:
1. Network security
2. Access control
3. Tamper management and trust
4. Denial of service and SLAs
5. Vulnerabilities
Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.
Watch the webinar on BrightTalk: http://bit.ly/2bpdswg
You Don't Have to Start Over! A Practical Guide for Adopting Docker in the En...Docker, Inc.
So you are looking to adopt docker, but receive feedback and commentary such as "our development pipeline won't support containers" or "the applications aren't micro services, so I don't see a benefit." You are not alone, these and other statements are common misconceptions when considering using docker in the enterprise. Perhaps having a real enterprise use case with some tips on objection handling would support your goal of adopting docker in your organization? In this presentation, Chris Ciborowski, CEO and Principal Consultant at Nebulaworks and Docker Captain will discuss ways that you can leverage docker in existing enterprise environments providing tangible benefits to both developers and operations teams and accelerate DevOps adoption. He will also provide a few insider tips on objection handling learned while working on enterprise container adoption in enterprise clients.
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
This talk will start with a deep dive and hands on examples of BPF, possibly the most promising low level technology to address challenges in application and network security, tracing, and visibility. We will discuss how BPF evolved from a simple bytecode language to filter raw sockets for tcpdump to the a JITable virtual machine capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss and demonstrate how Cilium with the help of BPF can be combined with distributed system orchestration such as Docker to simplify security, operations, and troubleshooting of distributed applications.
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriDocker, Inc.
True microservices are more than simply bolting a REST interface on your legacy application, packing it in a Docker container and hoping for the best. Security is a key component when designing and building out any new architecture, and it must be considered from top to bottom. Umpa Lumpas might not be considered "real" microservices, but Willy Wonka still has them locked down tight!
In this talk, Aaron will briefly touch on the idea and security benefits of microservices before diving into practical and real world examples of creating a secure microservices architecture. We'll start with designing and building high security Docker containers, using and examining the latest security features in Docker (such as User Namespaces and seccomp-bpf) as well as examine some typically forgotten security principals. Aaron will end on exploring related challenges and solutions in the areas of network security, secrets management and application hardening. Finally, while this talk is geared towards Microservices, it should prove informational for all Docker users, building a PaaS or otherwise.
How to be successful running Docker in ProductionDocker, Inc.
John’s presentation will cover his lessons learned from running Docker in Production @ SalesforceIQ. Learn how to scale your registry using AWS and S3. Should you use Device Mapper or AUFS? Why run Swarm, Mesos, Kubernetes, or neither. Finally, know how persistent storage (Kafka, Cassandra, or SQL) can be run successfully with Docker in Production
His team focuses on Docker based solutions to power their SaaS infrastructure and developer operations.
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...Docker, Inc.
Presentation by Michael Neale, co-founder, CloudBees
In this presentation I will show how you can use and abuse namespaces to do things that you might not think were possible in docker. In doing this I will show how you can create a volume bind mount in a running container, and use "super privileged" containers to control other containers on the same machine. There are many uses for this, but at it also demystifies what some of the namespaces in linux are, and how they work (hint: everything is files, its unix!).
Browser Testing with Docker - Craig HuberDocker, Inc.
Integration tests are an integral part of any modern web application, and regardless of which front-end or server side framework you choose, you'll likely be running Selenium tests. While Selenium tests are easy to write and execute on your local workstation, Works On My Machine™ won't get you past your CI system. Now you're stuck with two bad options, use a SaaS provider and live with slow builds or running your own Selenium Grid and managing a multitude of machines and browser versions. Rock, meet hard place, right? It doesn't have to be that way! In this talk you'll see how easy it is to setup a Selenium Grid with Docker, how easy it is to maintain, and how to extend and grow your Selenium grid to satisfy your team's needs. It's not all roses and sunshine, so you'll see some common issues presented and how to avoid them. Finally, a Selenium Grid you'll want to manage!
DockerCon EU 2015: Docker and PCI-DSS - Lessons learned in a security sensiti...Docker, Inc.
Presented by Udo Seidel, Chief Architect and Digital Evangelist, Amadeus
In the recent past there were quite some discussions about security in the context of introducing or using Docker. It is true that there are some gaps to be closed but the whole story does not start from square one either. At Amadeus we are using Docker to build our future-oriented services and to introduce devops culture. Due to the nature of our business we have to deal with Security certifications like PCI-DSS, SSAE 16 and ISO 27001. This talks described the challenges we were facing in that context and how we mastered them. The story has technical and non-technical aspects.
DCSF19 CMD and Conquer: Containerizing the Monolith Docker, Inc.
Tony Lee & Nelson Wang, Splunk
Modern microservice-oriented software architectures evangelize the principles of infrastructure-as-code and declarative directives to manage and run applications. At Splunk, we wanted to marry these ideals with the majestic monolith, Splunk Enterprise, to simplify the use of our product through containerization. Without rearchitecting the entire product from the ground-up, which can be a costly investment, we focused on incorporating a flexible configuration management layer on top of the core application. This has enabled us to make running Splunk in Docker act and behave as a true microservice, greatly reducing the friction of migrating towards more container-native software.
We not only concentrated on making our open-source Docker image initiative user-friendly and production-ready, but we also wanted to seamlessly integrate it back into our internal engineering process. Join us for this session as we discuss migrating a traditional application into a microservice ecosystem, developing a containerization strategy for both external customer usage and internal development, as well as learning about our internal container platform at scale.
A Survey of Container Security in 2016: A Security Update on Container PlatformsSalman Baset
This talk is an update of container security in 2016. It describes the security measures that containers provide, shows how containers provide security measures out of box that are prone to configuration errors when running applications directly on host, and finally lists the ongoing in container security in the community.
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveDocker, Inc.
Dockerfiles are great. They provide a zero-barrier-to-entry format for
describing a single Docker image which is immediately clear to anyone
reading them. But with that simplicity comes problems that become
apparent as your adoption of Docker gathers pace.
* Dockerfiles can inherit from other docker images, but images are not
Dockerfiles
* Dockerfile provides no built-in mechanism for creating abstractions,
so as usage grows identical or similar instructions can be duplicated
across many files
* The Docker APi exposes a build endpoint, but the API is very course,
taking Dockerfile as the transport rather than exposing the individual
instructions
* Dockerfiles are just that, files. So they can come from anywhere
The one layer per line in a Dockerfile limitation can lead to an
explosion of layers, which fail to take advantage of the promised
space and performance benefits.
It takes a Village to do the Impossible - Jeff LindsayDocker, Inc.
From one of the most quietly prolific open source developers in the Docker ecosystem comes an exciting new open source tool unlike anything you've seen before. And while that's probably true,it's actually quite mundane in his grand scheme. A two part talk starting with a demo, and then a sampling of what's to come and how you can be a part of it.
Learn best practices in container security to make your containers seaworthy through the build, ship, and run lifecycle.
Demos temporarily living at github.com/endophage/apps (look under wordpress dir)
Secure Substrate: Least Privilege Container Deployment Docker, Inc.
Riyaz Faizullabhoy - Security Engineer, Docker
Diogo Mónica - Security Lead, Docker
The popularity of containers has driven the need for distributed systems that can provide a substrate for container deployments. These systems need the ability to provision and manage resources, place workloads, and adapt in the presence of failures. In particular, container orchestrators make it easy for anyone to manage their container workloads using their cloud-based or on-premise infrastructure. Unfortunately, most of these systems have not been architected with security in mind.Compromise of a less-privileged node can allow an attacker to escalate privileges to either gain control of the whole system, or to access resources it shouldn't have access to. In this talk, we will go over how Docker has been working to build secure blocks that allow you to run a least privilege infrastructure - where any participant of the system only has access to the resources that are strictly necessary for its legitimate purpose. No more, no less.
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
Presentation by Jessie Frazelle, Software Engineer, Docker and Arnaud Porterie, Sr. Engineering Manager, Docker
Learn the latest capabilities in Docker Engine and how to use them in your application. We’ll discuss best practices for using Engine, troubleshooting tips, and cool lesser known features.
DockerCon EU 2015: Shipping Manifests, Bill of Lading and Docker Metadata and...Docker, Inc.
Presented by Gareth Rushgrove, Sr. Software Engineer, Puppet Labs
The shipping container metaphor for Docker points to many of the advantages of building and running software using containers. But what about other essential parts of the shipping container ecosystem like the shipping manifest and bill of lading?
Many of the most powerful features of traditional package management tools like apt or yum are based on metadata associated with the packages. You can find out who created a package and when, check where a particular file came from, whether the package has a known vulnerability and more. What would this capability look like for Docker containers?
This talk will look at the power of metadata for containers, in particular:
* Docker provides labels for associating metadata with images and containers but how best to use them?* What problems can be solved by agreeing on standards for container metadata?* Exposing standard commands and endpoints to expose metadata about what is inside a container* Demo some open source toolings and also look at the sort of tools we might build atop those standards and low-level tools.
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
In celebration of Docker's 5th birthday in March, user groups all around the world hosted birthday events with an introduction to Docker presentation and hands-on-labs. We invited Docker users to recognize where they were on their Docker journey and the goal was to help them take the next step of their journey with the help of mentors. This presentation was done at the beginning of the events (this one is from the San Francisco event in HQ) and gives a run down of the birthday event series, Docker's momentum, a basic explanation of containers, the benefits of using the Docker platform, Docker + Kubernetes and more.
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
Ever find yourself needing data pipelines to feed a hungry data-driven culture, but not sure where to start, or what features are essential? In this talk, I will demonstrate a baseline data pipeline infrastructure built with Jenkins and Docker EE that checks all the boxes. Data pipelines often exist as that mysterious plumbing buried underground: occasionally inspected, but largely prone to silent failures and the ensuing hot fixes. Join the quest to daylight the infrastructure and benefit!
Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17.
To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.
Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:
1. Network security
2. Access control
3. Tamper management and trust
4. Denial of service and SLAs
5. Vulnerabilities
Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.
Watch the webinar on BrightTalk: http://bit.ly/2bpdswg
Yuvraj Mehta - Group Product Manager, Docker
Steve Richards - Solutions Architect, Docker
Creating a Secure Supply Chain for your applications is vitally important for a compliant and smooth-running application development organization. Every organization needs to understand where their container images come from, who has access to them, understand the security risks to weigh ALL options available before deploying . In this session, we will take a closer look at how Docker Enterprise helps developers, DevOps and DevSecOps teams securely Build and Ship applications through the software pipeline. We’ll dive into security features of the platform’s private registry Image Signing which provides authenticity for image sources and Image Scanning which provides insight into any vulnerabilities. We’ll also look at how this can be automated by policy and seamlessly integrated with your software pipeline to provide a succinct audit trail.
Contain your risk: Deploy secure containers with trust and confidenceBlack Duck by Synopsys
Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck
Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption.
The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.
In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn:
• Why container environments present new application security challenges, including those posed by ever-increasing open source use.
• How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities.
• Best practices and methodologies for deploying secure containers with trust and confidence.
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
Au programme : la mise en place de plateformes agiles pour s’adapter aux nouveaux business models, l’optimisation des coûts IT dans le cadre de vos déploiements applicatifs, réussir la mise en oeuvre de Kubernetes, garantir la sécurité de vos applications tout au long de leur cycle de vie et bien plus encore.
Docker is the developer-friendly container technology that enables creation of your application stack: OS, JVM, app server, app, database and all your custom configuration. So you are a Java developer but how comfortable are you and your team taking Docker from development to production? Are you hearing developers say, “But it works on my machine!” when code breaks in production? And if you are, how many hours are then spent standing up an accurate test environment to research and fix the bug that caused the problem?
This workshop/session explains how to package, deploy, and scale Java applications using Docker.
Maxime Petazzoni, Software Engineer at SignalFx, presents how we use Docker and how we monitor containers in production.
SignalFx has been using using Docker since November 2013. We have running Docker in prod ever since we’ve had a “prod” and back when Docker’s README said “DO NOT RUN IN PRODUCTION”.
Slides of Maxime Petazzoni's talk at the Palo Alto Docker Meetup on September 1st, 2015. Discusses how we use Docker to power our software development lifecycle and run our production environments, as well as how to monitor Dockerized deployments and applications, in particular with SignalFx.
Secure Application Development in the Age of Continuous DeliveryTim Mackey
As delivered at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
Raymond Arifianto, AccelByte and
Mark Mandel, Google -
We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
Nicholas Dille, Haufe-Lexware + Docker Captain -
Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
Lukonde Mwila, Entelect -
As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud.
In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics:
- Docker Compose
- Containerizing an Nginx Server
- Containerizing an React App
- Containerizing an Node.JS App
- Containerizing anMongoDB App
- Runing Multi-Container App Locally
- Creating a CI/CD Pipeline
- Adding a build stage to test containers and push images to Docker Hub
- Deploying Multi-Container App to AWS Elastic Beanstalk
Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking.
After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.
Securing Your Containerized Applications with NGINXDocker, Inc.
Kevin Jones, NGNIX -
NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
Kathleen Juell, Digital Ocean -
Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself.
This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.
Jessica Deen, Microsoft -
Helm 3 is here; let's go hands-on! In this demo-fueled session, I'll walk you through the differences between Helm 2 and Helm 3. I'll offer tips for a successful rollout or upgrade, go over how to easily use charts created for Helm 2 with Helm 3 (without changing your syntax), and review opportunities where you can participate in the project's future.
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
Jeff Hajewski, Salesforce -
There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
James Fuller, webcomposite s.r.o. -
Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.
Fabian Stäber, Instana -
In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
Clemente Biondo, Engineering Ingegneria Informatica -
When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.
Chris Lauer, NOAA Space Weather Prediction Center -
This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
Brian Christner, 56k + Docker Captain -
In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
Brandon Mitchell, Boxboat + Docker Captain -
How do you make your builds more performant? This talk looks at options to configure caching and mirroring of images that you need to save on bandwidth costs and to keep running even if something goes down upstream.
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
Ashish Sharma, SS&C Eze -
SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.
Ara Pulido, Datadog -
Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.
Andy Clemenko, StackRox -
One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
Patrick Deloulay, Micro Focus -
Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
Lukonde Mwila, Entelect
As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud.
In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics:
- Docker Compose
- Containerizing an Nginx Server
- Containerizing an React App
- Containerizing an Node.JS App
- Containerizing anMongoDB App
- Runing Multi-Container App Locally
- Creating a CI/CD Pipeline
- Adding a build stage to test containers and push images to Docker Hub
- Deploying Multi-Container App to AWS Elastic Beanstalk
Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking.
After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
Elton Stoneman, Docker Captain + Container Consultant and Trainer
How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least).
In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product.
There's a lot of technology here from a real world case study, and I'll focus on:
- running Windows apps in Docker containers
- building a .NET Core API which can run in Linux or Windows containers
- running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud
- configuring AKS workloads in Azure to burst out to Azure Container Instances
And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.
Developing with Docker for the Arm ArchitectureDocker, Inc.
This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
5. “... tech giant Juniper Networks
revealed in a startling announcement
that it had found “unauthorized” code
embedded in an operating system
running on some of its firewalls.”
- wired.com
7. User Authentication
• Multi-Factor Authentication
• Key Based Authentication
Sign your commits
• Use hardware like Yubikeys
Secure your source
8.
9. Pin your dependencies
• Include the list with the source
• (golang) vendor.conf, Godeps.json
• (python) requirements.txt
• (ruby) Gemfile
• (node) package.json
Validate your upstreams
10. Pin your dependencies
• Include the list with the source
• Use checksums
Validate your upstreams
requires == 2.13 --hash=sha256:2cf24dba5fb0a30e26e83…
golang.org/x/crypto 5bcd134fee4dd1475da17714aac19c0a…
11. Pin your dependencies
• Include the list with the source
• Use checksums
• Use publisher keys when available
Validate your upstreams
13. Verify everything on ingress
• commit signatures
• dependency checksums
• dependency signatures
• Docker Content Trust (DCT)
signatures of base images
CI is an island
14. Be minimal, be disciplined
• do build minimal images
• do not embed secret/
sensitive data in images
• do sign built images with
Docker Content Trust (DCT)
CI is ascetic
22. Find Common Vulnerabilities and Exposures (CVEs)
• stop being reactive, get proactive
• make compliance easier
Get notified about new CVEs
• automate the auditing of existing applications
Docker Security Scanning (DSS)
23.
24.
25. Docker Trusted Registry (DTR) and Docker Hub/Cloud come with DCT metadata
hosting
• you can start signing now
• provides trust from publisher to consumer
• no need to trust the middleman
Docker Content Trust (DCT)
27. • use Docker Content Trust to only deploy signed artifacts
• use Docker EE Signing Policies to guarantee applications meet your
acceptance criteria
What are you deploying?
28. Use the absolute minimum privilege set necessary!
Don’t:
docker run --privileged ...
Do:
docker run --cap-drop=ALL --cap-add=CAP_NET_ADMIN ...
Least Privileged Microservices