JAXDevOps - Taking the scissors away - Make your K8S cluster safe for DevOps

The Path of DevOps Enlightenment for InfoSec

LambHack: A Vulnerable Serverless Application

DevSecOps and the New Path Forward

DevOps and the subsequent move bring security in under the umbrella of DevSecOps has created a new ethos for security. This is good, however moving security and devops closer together in many organizations leaves us with questions of how this merge works in practice. What happens to security? To developers? And really, what makes a good DevSecOp? This talk highlights the seven habits that the high-performing DevSecOp of today (and tomorrow) should develop. Topics range from empathy to lean to system safety with the hope to uncover a new playbook for devs, ops, and security to work together.

DevOpsDays Austin: Security in the FaaS Lane

James Wickett and Karthik Gaekwad talk about Serverless Security at DevOps Days Austin. Security in FaaS isn't what we are used to, but this talk shows you how what we learned in appsec still applies. Using LambHack, which is a vulnerable serverless application written in Go on AWS Lambda using Sparta, we will evaluate how to do security in serverless. In this talk, we will talk about security strategies and pitfalls in the serverless world. You'll leave with an understanding of how to approach security conversations about serverel Talk goals: - How to approach the security concerns in a serverless world. - Talk about the 'WIP' methodology for serverless security. - Understand current serverless attacks for things to defend against. - Learn what different cloud providers (AWS/GKE/Azure/Oracle Cloud) do to protect you in a serverless world.

Serverless Security: A pragmatic primer for builders and defenders

Talk given at O'Reilly's 2017 Velocity Conference in San Jose. Serverless is the design pattern for writing applications at scale without the necessity of managing infrastructure. This is done across the continuum of the cloud—from storage as a service to database as a service—but the center of serverless is functions as a service (FaaS). (Current FaaS offerings include AWS Lambda, Azure Functions, and Google Cloud Functions.) Now processes run for milliseconds before being destroyed and then get instantiated for subsequent requests. Serverless adds simplicity and a new economic model to cloud computing, but it creates some unique security challenges. In serverless architectures, technologies like antivirus and intrusion detection become meaningless. James Wickett explores practical security approaches for serverless in four key areas—the software supply chain, the delivery pipeline, data flow, and attack detection—and examines how traditional approaches need to be adapted to serverless. Even if you don’t have any experience with serverless, don’t worry; this session starts with the basics. You’ll learn what serverless is (hint: it’s still being defined) and practical patterns for serverless adoption.

Full Stack Reactive with React and Spring WebFlux - Dublin JUG 2019

Matt Raible

You have streaming data and want to expose it as reactive streams with Spring Boot. Great! Spring WebFlux makes that pretty easy. But what about the UI? Can you stream that data to the UI and have it be reactive and constantly updating too? This session explores techniques for making your app fully reactive with Spring WebFlux and React. Mostly live coding, with plenty of time for Q & A in the midst of it all. * Blog post: https://developer.okta.com/blog/2018/09/25/spring-webflux-websockets-react * Screencast: https://youtu.be/1xpwYe154Ys

JHipster & blueprint 02-07-2019 - casablanca jug

Anthony Viard

Defense-Oriented DevOps for Modern Software Development

Presentation from SpringOne Platform 2017 conference by Pivotal. DevOps is the practice of the entire engineering team participating together through the entire service lifecycle of delivering software. This includes security and out of necessity, security as we have known it has completely changed. Through challenges from the outside and forces from within there is a wholesale conversion taking place across the industry where DevOps and Security are joining forces. This talk is a hybrid of inspiration and pragmatism for dealing with the new landscape. There are four key areas that have changed with the rise of DevOps: Treat all systems and infrastructure as code Change the engineering culture to orient around delivery Favor a fast delivery cadence Create feedback loops across the organization With these shifts the organization has new demands and expectations on security. This talk will cover a pragmatic approach and focus on principles, practices and tooling to meet demands in these four key areas.

Release Your Inner DevSecOp

Mauricio (Salaboy) Salatino

DevSecOps brings security to the DevOps party and it is completely changing the security playbook. This talk will cover 10 practices and patterns we have implemented that bring DevSecOps value to everyone involved. This talk will be loaded with examples that will be usable for developers, security and operations teams and you can take home next week to put into practice. Shannon Lietz, Intuit James WIckett, Signal Sciences RSA Conference 2019

QCon Plus From monoliths to k8s - Workshop

Harnessing the power of cloud for real security

Erkang Zheng

Defining DevSecOps

Uchit Vyas ☁

Today everybody wants to deploy the app and infrastructure faster without any disputes. An Even, Agile framework can help to deploy faster in real-time. But Continuous Innovation may conflict with stability and security. Without security at every stage, DevOps merely introduces vulnerabilities into application quickly. To resolve such conflict, the gap in recursive feedback loops need to be eliminated. Mostly, teams are not effectively working in a collaboration and interacting with each other smoothly. This results in gaps and produce problems with code development and quality, meaning slower delivery plans and serious vulnerabilities that create security risk at most. Fortunately, these shortcomings can be addressed very well, as developers/testers are set to launch off into the DevSecOps world or via adopting rugged DevOps model.

Evolution of GitLab Frontend

Fatih Acet

Building the DevOps Culture Across Siemens

We started in 2013 internally with a GitLab instance for our team, made code.siemens.com out of it on November 5th 2015 and scaled it up to over 30000 users in house. Developers from > 60 countries are collaborating across internal organisational boundaries day by day. Beside of providing a reliable service for all developers, we've established a global community that is helping each other and we kicked of a significant cultural change within Siemens

Frontend DevOps Cycle using GitLab

The wide-spread use of frontend technologies within Siemens requires highly optimized CI/CD cycles. We will live demo a complete DevOps cycle by using an example frontend application based on Angular. This will include all different stages, such as linting, testing, instrumenting the app with Sentry error tracking, integration into the developer environment and container creation and deployment, all based on GitLab-CI. Join our journey to achieve a fully automated frontend deployment cycles with state-of-the-art quality assurance.

Security in the Delivery Pipeline - GOTO Amsterdam 2017

Security testing is often relegated to the end of software delivery to the detriment of quality and safety. Often security gets aligned with compliance timelines or other long-cycle process inside an organization. This session is complete reversal of the status quo and we will cover modern approaches to security in your CI/CD pipelines. You will gain experience with some of the testing tools and processes needed to make this happen. We will also cover some advice for dealing with compliance and security engineers as you make a transition to TDD-style approach to security.

Kubernetes Operability Tooling (GOTO Chicago 2019)

Cloud, Containers, Kubernetes (YOW Melbourne 2018)

Yusuf Hadiwinata Sutandar

DevOps Indonesia #5 - The Future of Containers

DevOps Indonesia

Devops indonesia - The Future Container

The Big Cloud native FaaS Lebowski

QAware GmbH

microXchg 2019, Berlin: Talk by Mario-Leander Reimer (@LeanderReimer, Principal Software Architect at QAware) === Please download slides if blurred! === Abstract: Only a few years ago the move towards microservice architecture was the first big disruption in software engineering: instead of running monoliths, systems were now build, composed and run as autonomous services. But this came at the price of added development and infrastructure complexity. Serverless and FaaS seem to be the next disruption, they are the logical evolution trying to address some of the inherent technology complexity we are currently faced when building cloud native apps. FaaS frameworks are currently popping up like mushrooms: Knative, Kubeless, OpenFn, Fission, OpenFaas or Open Whisk are just a few to name. But which one of these is safe to pick and use in your next project? Let's find out. This session will start off by briefly explaining the essence of Serverless application architecture. We will then define a criteria catalog for FaaS frameworks and continue by comparing and showcasing the most promising ones.

You got database in my cloud!

Liz Frost

What's hot

Serverless Security: A How-to Guide @ SnowFROC 2019

KOSTIANTYN SEVERENCHUK, BAQ, "DevTestSecOps approach in action"

Dakiry

The Seven Habits of the Highly Effective DevSecOp

DevOpsDays Austin: Security in the FaaS Lane

Serverless Security: A pragmatic primer for builders and defenders

Full Stack Reactive with React and Spring WebFlux - Dublin JUG 2019

Matt Raible

JHipster & blueprint 02-07-2019 - casablanca jug

Anthony Viard

Defense-Oriented DevOps for Modern Software Development

Release Your Inner DevSecOp

Mauricio (Salaboy) Salatino

QCon Plus From monoliths to k8s - Workshop

Harnessing the power of cloud for real security

Erkang Zheng

Defining DevSecOps

Uchit Vyas ☁

Evolution of GitLab Frontend

Fatih Acet

Building the DevOps Culture Across Siemens

Frontend DevOps Cycle using GitLab

Security in the Delivery Pipeline - GOTO Amsterdam 2017

What's hot (16)

Serverless Security: A How-to Guide @ SnowFROC 2019

KOSTIANTYN SEVERENCHUK, BAQ, "DevTestSecOps approach in action"

The Seven Habits of the Highly Effective DevSecOp

DevOpsDays Austin: Security in the FaaS Lane

Serverless Security: A pragmatic primer for builders and defenders

Full Stack Reactive with React and Spring WebFlux - Dublin JUG 2019

JHipster & blueprint 02-07-2019 - casablanca jug

Defense-Oriented DevOps for Modern Software Development

Release Your Inner DevSecOp

QCon Plus From monoliths to k8s - Workshop

Harnessing the power of cloud for real security

Defining DevSecOps

Evolution of GitLab Frontend

Building the DevOps Culture Across Siemens

Frontend DevOps Cycle using GitLab

Security in the Delivery Pipeline - GOTO Amsterdam 2017

Similar to JAXDevOps - Taking the scissors away -   Make your K8S cluster safe for DevOps

Kubernetes Operability Tooling (GOTO Chicago 2019)

Cloud, Containers, Kubernetes (YOW Melbourne 2018)