Kubernetes provides plenty of enhancements for deploying software, but it can cause anxiety on the corporate security team. This talk explains how to approach your security team and how to push them to provide guardrails, not deployments.
“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.
In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...
One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.
I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.
We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.
In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.
This talk was given at KubeCon / CloudNativeCon 2017 on December 7th, 2017 in Austin, TX
Kubernetes is more or less one of the biggest players when it comes to Container orchestration. Since Kubernetes 1.7 RBAC (Role Based Access Control) is the default for the authorisation of actions in you cluster. There are many other components, like Pod Security Policies, Network Policies, Admisstion Controllers, that allows you to secure your Kubernetes cluster.
In this talk I will show you how these things can work together and which problem these components try to solve. Also I will show you an overview how other tools like Vault can fit into the Kubernetes ecosystem to make you platform more secure.
Event: DevFest Karlsruhe, 09.12.2017
Speaker: Johannes M. Scheuermann
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Weitere Tech-Artikel: https://www.inovex.de/blog/
My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Codemotion
Contiv provides a higher level of networking abstraction for microservices: it provides built-in service discovery and service routing for scale out services, working with schedulers like Docker Swarm, Kubernetes, Mesos and Openshift. A powerful policy-based management that makes networking on large scale easy. We will see some code examples, use cases and an easy tutorial on the web. This session is a follow up to the successful sessions at Codemotion Rome and Amsterdam in 2016: we'll go deeper into the architecture and the use cases.
CI / CD / CS - Continuous Security in KubernetesSysdig
Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great at reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose.
In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How can we prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?
“The Elements of Style” is one of the most important and foundational guidelines on how to write well. It has effectively summarized, in a list of seminal guidelines, how to harness the power of the English language to write high quality prose of almost any kind.
In computing, we have similar guides for various technologies. Python offers “The Zen Of Python”, Ruby has “The Rails Doctrine”, and so on...
One of the powers these documents wield is that they help serve as a “north star” that guides an entire community toward the same goals.
I believe we need a similar guide for Kubernetes. It would describe how app developers and operators should think about and use the features in Kubernetes to build and deploy reliable, stable apps. Armed with such a guide, we could all hope to better understand the “essence” of Kubernetes in pursuit of building better cloud native apps.
We don’t have anything like this today, but many in the Kubernetes community have strong, detailed opinions for what should go in this guide. Much of it is tribal knowledge or scattered in blog posts.
In this talk, I’ll try to bring many of these opinions together and lay out an “Elements of Kubernetes” guide for app developers and operators alike. I’ll do so by relating each “element” to stories and details I’ve seen in the community that reveal what makes a good Kubernetes and cloud native app.
This talk was given at KubeCon / CloudNativeCon 2017 on December 7th, 2017 in Austin, TX
Kubernetes is more or less one of the biggest players when it comes to Container orchestration. Since Kubernetes 1.7 RBAC (Role Based Access Control) is the default for the authorisation of actions in you cluster. There are many other components, like Pod Security Policies, Network Policies, Admisstion Controllers, that allows you to secure your Kubernetes cluster.
In this talk I will show you how these things can work together and which problem these components try to solve. Also I will show you an overview how other tools like Vault can fit into the Kubernetes ecosystem to make you platform more secure.
Event: DevFest Karlsruhe, 09.12.2017
Speaker: Johannes M. Scheuermann
Weitere Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Weitere Tech-Artikel: https://www.inovex.de/blog/
My cloud native security talk I gave at Innotech Austin 2018. I cover container and Kubernetes security topics, security features in Kubernetes, including opensource projects you will want to consider while building and maintaining cloud native applications.
Luca Relandini - Microservices and containers networking: Contiv, deep dive a...Codemotion
Contiv provides a higher level of networking abstraction for microservices: it provides built-in service discovery and service routing for scale out services, working with schedulers like Docker Swarm, Kubernetes, Mesos and Openshift. A powerful policy-based management that makes networking on large scale easy. We will see some code examples, use cases and an easy tutorial on the web. This session is a follow up to the successful sessions at Codemotion Rome and Amsterdam in 2016: we'll go deeper into the architecture and the use cases.
CI / CD / CS - Continuous Security in KubernetesSysdig
Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great at reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose.
In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How can we prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?
Security best practices for kubernetes deploymentMichael Cherny
Security best practices for a Kubernetes Deployment - from development, through build, ship, networking and run time controls.
Was presented at New York Kubernetes meetup https://www.meetup.com/New-York-Kubernetes-Meetup/events/237790149/
KubeCon EU 2016: Killing containers to make weather beautifulKubeAcademy
The Met Office Informatics Lab includes scientists, developers and designers. We build prototypes exploring new technologies to make environmental data useful. Here we describe a recent project to process multi-dimensional weather data to create a fully interactive 4D browser application. We used long-running containers to serve data and web pages and short-running processes to ingest and compress the data. Forecast data is issued every three hours so our data ingestion goes through regular and predictable bursts (i.e. perfect for autoscaling).
We built a Kubernetes cluster in an AWS group which auto-scales based on load. We used replication controllers to process the data. Every three hours ingestion jobs are added to a queue and the number of ingestion containers are set in proportion to the queue length. Each worker completes exactly one ingestion job from the queue and then exits, at which point Kubernetes creates a new one to process the next message. This has allowed us to remove the lifespan logic from the containers and keep them light, fast and massively scalable. We are now in the process of using this in our production systems.
Sched Link: http://sched.co/6BWQ
Introduction to Kubernetes Security (Aqua & Weaveworks)Weaveworks
Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft, currency mining and other threats. During this webinar, Aqua Security and Weaveworks will provide an overview of the current state of security-related features in Kubernetes, demonstrate how you can build a secure and reliable Kubernetes deployment pipeline with GitOps best practices, and explore how to best prevent common Git attacks. In addition we will show image scanning and briefly explore how to best prevent common Git attacks.
Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics.
This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options.
What is covered:
- general notions of Kubernetes networking - Pods and Network Policies
- implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces
- some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal
- K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example
Proactive ops for container orchestration environmentsDocker, Inc.
Break -> inspect -> fix is the Ops workflow for infrastructure stacks of the past. Distributed infrastructure and applications claim to be the new generation, but why is it so much more painful to maintain and troubleshoot them? Much of the pain comes from outdated operational models relying on reactive or, worse yet, manual monitoring and Ops.
This talk lays out a proactive Ops model for container infrastructure. By focusing on event monitoring, infrastructure state monitoring, trend analysis, and distributed log collection, a proactive Ops model delivers observability for distributed apps that was not possible before. Using real-world examples from Swarm and Kubernetes, we'll demonstrate the tools used and how we relieve Ops pain in container orchestration.
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
Today Kubernetes is mostly employed in single tenant deployment, either private cloud, or as a COE on top of IaaS. By leveraging virtualized container like Hyper, Kubernetes will be the core of multi-tenant Container-as-a-Service. This talk will present Hypernetes, a secure Kubernetes distro focusing on the public container hosting service.
Sched Link: http://sched.co/6BYD
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Security best practices for kubernetes deploymentMichael Cherny
Security best practices for a Kubernetes Deployment - from development, through build, ship, networking and run time controls.
Was presented at New York Kubernetes meetup https://www.meetup.com/New-York-Kubernetes-Meetup/events/237790149/
KubeCon EU 2016: Killing containers to make weather beautifulKubeAcademy
The Met Office Informatics Lab includes scientists, developers and designers. We build prototypes exploring new technologies to make environmental data useful. Here we describe a recent project to process multi-dimensional weather data to create a fully interactive 4D browser application. We used long-running containers to serve data and web pages and short-running processes to ingest and compress the data. Forecast data is issued every three hours so our data ingestion goes through regular and predictable bursts (i.e. perfect for autoscaling).
We built a Kubernetes cluster in an AWS group which auto-scales based on load. We used replication controllers to process the data. Every three hours ingestion jobs are added to a queue and the number of ingestion containers are set in proportion to the queue length. Each worker completes exactly one ingestion job from the queue and then exits, at which point Kubernetes creates a new one to process the next message. This has allowed us to remove the lifespan logic from the containers and keep them light, fast and massively scalable. We are now in the process of using this in our production systems.
Sched Link: http://sched.co/6BWQ
Introduction to Kubernetes Security (Aqua & Weaveworks)Weaveworks
Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft, currency mining and other threats. During this webinar, Aqua Security and Weaveworks will provide an overview of the current state of security-related features in Kubernetes, demonstrate how you can build a secure and reliable Kubernetes deployment pipeline with GitOps best practices, and explore how to best prevent common Git attacks. In addition we will show image scanning and briefly explore how to best prevent common Git attacks.
Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics.
This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options.
What is covered:
- general notions of Kubernetes networking - Pods and Network Policies
- implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces
- some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal
- K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example
Proactive ops for container orchestration environmentsDocker, Inc.
Break -> inspect -> fix is the Ops workflow for infrastructure stacks of the past. Distributed infrastructure and applications claim to be the new generation, but why is it so much more painful to maintain and troubleshoot them? Much of the pain comes from outdated operational models relying on reactive or, worse yet, manual monitoring and Ops.
This talk lays out a proactive Ops model for container infrastructure. By focusing on event monitoring, infrastructure state monitoring, trend analysis, and distributed log collection, a proactive Ops model delivers observability for distributed apps that was not possible before. Using real-world examples from Swarm and Kubernetes, we'll demonstrate the tools used and how we relieve Ops pain in container orchestration.
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
Today Kubernetes is mostly employed in single tenant deployment, either private cloud, or as a COE on top of IaaS. By leveraging virtualized container like Hyper, Kubernetes will be the core of multi-tenant Container-as-a-Service. This talk will present Hypernetes, a secure Kubernetes distro focusing on the public container hosting service.
Sched Link: http://sched.co/6BYD
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
Awareness presentation on the integration of Network Operations into DevOps and using tools like Ansible and UCS director to automate network operations.
A list of action items you want to keep in mind when you're devsecops'ing for your cloudnative environments. Given as a part of a talk on the Modern Security series (
https://info.signalsciences.com/securing-cloud-native-ten-tips-better-container-security).
Présentation d'une usine logicielle : du code jusqu'à la production en utilisant des composants SUSE & Rancher et des tierces parties telles que GitLab, Harbor.
Replay du webinar sur https://youtu.be/WuG716Io7sw
Smart Platform Infrastructure with AWSJames Huston
Learn from some of our insights and create a smart infrastructure that let's your team sleep at night!
Presented @DevOpsDays_CLT Feb 2017 by James Huston @hustonjs
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
Openstack Lessons learned
Continuous Integration and Deployment using Openstack
Tuning Openstack for High Availability and Performance in Large Production Deployments
DevOps Days Boston 2017: Developer first workflows for KubernetesAmbassador Labs
Kubernetes is a powerful, operational platform for containerized applications. However, the developer workflow on Kubernetes – how you code, deploy, update, and monitor your services – is much less mature.
How should you lay out your Git repo? How do you create loosely coupled services? How do you support deploying your service at any time?
In this talk, we’ll talk about these questions and more. We’ll discuss the journey towards a rapid development workflow, discuss best practices, and, talk about the process we followed to get to a rapid development workflow.
DevOps Days Boston 2017
Everyone heard about Kubernetes. Everyone wants to use this tool. However, sometimes we forget about security, which is essential throughout the container lifecycle.
Therefore, our journey with Kubernetes security should begin in the build stage when writing the code becomes the container image.
Kubernetes provides innate security advantages, and together with solid container protection, it will be invincible.
During the sessions, we will review all those features and highlight which are mandatory to use. We will discuss the main vulnerabilities which may cause compromising your system.
Contacts:
LinkedIn - https://www.linkedin.com/in/vshynkar/
GitHub - https://github.com/sqerison
-------------------------------------------------------------------------------------
Materials from the video:
The policies and docker files examples:
https://gist.github.com/sqerison/43365e30ee62298d9757deeab7643a90
The repo with the helm chart used in a demo:
https://github.com/sqerison/argo-rollouts-demo
Tools that showed in the last section:
https://github.com/armosec/kubescape
https://github.com/aquasecurity/kube-bench
https://github.com/controlplaneio/kubectl-kubesec
https://github.com/Shopify/kubeaudit#installation
https://github.com/eldadru/ksniff
Further learning.
A book released by CISA (Cybersecurity and Infrastructure Security Agency):
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
O`REILLY Kubernetes Security:
https://kubernetes-security.info/
O`REILLY Container Security:
https://info.aquasec.com/container-security-book
Thanks for watching!
Rancher et Kubernetes sont le moteur de la majorité des applications modernes en production. Mais la chaine d'automatisation permettant de livrer du code l'esprit léger commence bien plus en amont grace à un outillage Open Source.
Au programme :
- Commit Code : Avec Gitlab et les outils de collaboration
- Build Image : Toujours plus de fiabilité avec les images SLE Base Container Image
- Store in Registry : Archivage et scan de vulnérabilité avec Harbor
- Test & Go : Livraison en continue avec le mode GitOps et Rancher Fleet
Maintaining stable Linux kernels isn't easy. This talk covers the work we are doing at Red Hat to automate the testing of Linux kernels and find bugs before they make it into stable kernels.
Securing OpenStack and Beyond with AnsibleMajor Hayden
The openstack-ansible-security role applies security hardening configurations to any system -- those running OpenStack and those that don't -- without disruption.
Grow your community: Inspire an ImpostorMajor Hayden
Impostor syndrome stifles individual performance but it also has a big impact on open source communities. This talk explains how to recognize impostor syndrome and reduce its impact on software communities.
Holistic Security for OpenStack CloudsMajor Hayden
Nothing clears out a conference room faster than a discussion around information security. Securing complex computer systems, such as OpenStack clouds, is extremely difficult. To make matters worse, attackers can make many mistakes without consequences. A defender’s single mistake could lead to a breach.
Don't let fear rule the discussion around security.
Operators need a simple and scalable method for securing OpenStack clouds. That starts with grouping components into compartments and then looking at how those compartments interact with each other. Those interactions form the backbone of security policies and technical controls.
In this vendor-neutral talk, Major Hayden, principal architect at Rackspace, will break down the complexity of securing OpenStack clouds using real-world scenarios. Attendees will learn how to:
Divide OpenStack deployments into compartments
Analyze the interactions between each component
Develop security policies and apply technical controls
When flexibility met simplicity: the friendship of OpenStack and AnsibleMajor Hayden
Learn how to reduce complexity with OpenStack clouds while maintaining all of the flexibility. Ansible is the tool that makes it possible.
Robyn Bergeron and I delivered this talk at the 2016 Red Hat Summit.
Flexible, simple deployments with OpenStack-AnsibleMajor Hayden
I gave this talk at the OpenStack Austin Meetup on June 20, 2016. The talk covers the reasons why OpenStack-Ansible exists and the value that it brings for production OpenStack deployments.
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
The OpenStack-Ansible project has a security role that applies over 200 host security hardening configurations in less than two minutes. It's based on the Security Technical Implementation Guide (STIG) from the US federal government and it is heavily customized to work well with an OpenStack environment.
Taming the Technical Talk - OWASP San AntonioMajor Hayden
Successful technical talks hinge upon making a deep connection with the audience on an emotional and rational level. This talk will help technical people frame their ideas, prepare efficiently, and deliver on the day of the talk.
Successful technical talks hinge upon making a deep connection with the audience on an emotional and rational level. This talk will help technical people frame their ideas, prepare efficiently, and deliver on the day of the talk.
With new vulnerabilities surfacing daily, businesses need a solid strategy and internal plans to deal with them. This vendor-neutral talk helps people discover the things they need to do to get their house in order before considering costly technology purchases.
Five things I learned about information securityMajor Hayden
I delivered this presentation at the University of the Incarnate Word in San Antonio, Texas, to a group of students studying information security. They're learning plenty about the technical aspects of information security, but I wanted to talk to them about the non-technical aspects as well. This presentation is meant to be a low-tech, more social introduction on how to handle security within a large organization.
Be an inspiration, not an impostor (Texas Linux Fest 2015)Major Hayden
Impostor syndrome is common within the technical world but it's not well defined and difficult to identify. My talk goes into detail around defining it, identifying it, and overcoming it. We can work together as a community to use common frameworks, like OODA, to have a better approach to social situations.
Be an inspiration, not an impostor (Fedora Flock 2015)Major Hayden
Impostor syndrome is common within the technical world but it's not well defined and difficult to identify. My talk goes into detail around defining it, identifying it, and overcoming it. We can work together as a community to use common frameworks, like OODA, to have a better approach to social situations.
The New Normal: Managing the constant stream of new vulnerabilitiesMajor Hayden
It’s 3AM. Do you know what your servers are doing? In this age of increased attacks and highly publicized vulnerabilities, deploying your infrastructure in a secure way is mission critical. In this session, Aaron Hackney and Major Hayden from Rackspace will reveal security strategies to focus your spending and reduce your risk.
Presentation delivered to UT Health Science Center, San Antonio, Texas. Covers data security, how to store data securely with cloud hosting vendors, and potential pitfalls from improper data storage techniques.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Deploying Kubernetes without scaring off your security team - KubeCon 2017
1. Deploying Kubernetes
without scaring away your security team
Paul Czarkowski, Pivotal Software (@pczarkowsi)
Major Hayden, Rackspace (@majorhayden)
2. Deploying Kubernetes
Without Scaring Away Your Security Team
Principal Technologist @ Pivotal
Always doing things and promoting agile
synergistic principles that resonate down
the value chain
Principal Architect @ Rackspace
Secures OpenStack/Kubernetes clouds
and owns far too many domain names
(including icanhazip.com)
12. Deploying Kubernetes
Without Scaring Away Your Security Team
• Orchestration
• Configuration management
• Software deployment
• Stackable building blocks
• Everything as codehttps://www.ansible.com/
13. Deploying Kubernetes
Without Scaring Away Your Security Team
Tasks
Role
Tasks
Tasks
Tasks
Role
Tasks
Tasks
Tasks
Role
Tasks
Tasks
Playbook
Ansible explained
in three bullets:
• Each task does one thing
• Tasks are grouped into roles
• Playbooks apply one or more roles
to one or more servers
14. Deploying Kubernetes
Without Scaring Away Your Security Team
• Tasks are read one at a time, top-down
• Tasks are written in YAML
• No need for dependency chaining
or complex ordering
• Simple inventory system
Ansible is simple
15. Deploying Kubernetes
Without Scaring Away Your Security Team
• Automates containers, virtual
machines, servers, network devices,
clouds, laptops
• No daemons or complex dependencies
• Got Python installed on your nodes?
You’re ready.
Ansible is versatile
16. Deploying Kubernetes
Without Scaring Away Your Security Team
• A playbook can be run repeatedly
with the same results
• Ansible can audit a system and show
potential changes before making
them
Ansible is repeatable
21. Deploying Kubernetes
Without Scaring Away Your Security Team
Ansible Tower
● Adds reporting/accountability
● Dashboards
● Scheduled Jobs
● Multi-Playbook Workflows
22. Deploying Kubernetes
Without Scaring Away Your Security Team
• Applies and audits over 180 controls
from the STIG* in a few minutes.
• Supports CentOS/RHEL 7, Debian,
Fedora, OpenSUSE, and Ubuntu 16.04.
• Fully open source and looking for new
contributors/testers
https://github.com/openstack/ansible-hardening
* The Security Technical Implementation Guide (STIG) is a set of hardening
configurations for various systems published by the US Department of Defense.
23. Deploying Kubernetes
Without Scaring Away Your Security Team
• Compliance as Code
• Ruby DSL for testing desired state
• Ansible to install Inspec
• Ansible to deploy Inspec Rules
• Sensu Check / Pagerduty Alert
• Inspec logs to ELK for Audit
https://www.inspec.io
31. Deploying Kubernetes
Without Scaring Away Your Security Team
Cuttle - Bastion
● SSH ( obviously! )
● 2FA ( Google Authenticator or Yubikey )
○ https://github.com/blueboxgroup/yubiauthd
○ Each user has own user + pubkey + second factor.
● SSH Agent Auth Proxy
○ https://github.com/blueboxgroup/sshagentmux
○ Adds keys to user’s Agent based on group membership
● ttyspy
○ https://github.com/ibm/ttyspy
○ emulates `script | curl -XPOST https://log-server`
32. Deploying Kubernetes
Without Scaring Away Your Security Team
• Ansible Playbooks to deploy
Kubernetes
• Official(ish)
• Install K8s on any Infrastructure
• Bare Metal
• private cloud
• public cloud
• VMWare
https://github.com/kubernetes-incubator/kubespray
33. Deploying Kubernetes
Without Scaring Away Your Security Team
Kubespray is production ready!
• Continuous integration
• High availability
• Upgrades!
https://github.com/kubernetes-incubator/kubespray
35. Deploying Kubernetes
Without Scaring Away Your Security Team
Other Considerations:
• Build Pipeline - ConcourseCI, Jenkins, etc
• Registry - Quay.io or vmware/harbor
• extra secure containers - Clear Linux and Kata Containers
• Secret Management - Vault
• k8s auth/acls - openpolicyagent