SlideShare a Scribd company logo

Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps

Priyanka Aash
Priyanka Aash

This presentation will address all the relevant information about default security postures achieved by using the -aaS model. This session will be a unique opportunity to hear from Murray Goldschmidt, renowned DevSecOps expert, explaining the key items to achieve a secure deployment from build through ongoing continuous deployment, particularly for CI/CD DevOps environments Key Points To Be Discussed: -Learn the no-cost or low-cost measures to put in place immediately to secure their -aaS deployments. -Understand where commercial products provide capability, particularly for container security. -Understand the weaknesses of public cloud PaaS defaults—examples provided for AWS and Azure. Pre-Requisites:AWS and Azure PaaS offerings.

Technology
1 of 74
Download to read offline
t Sydney Head Office – Level 8, 59 Goulburn Street, Sydney NSW 2000 Melbourne Office – Level 15, 401 Docklands Drive, Docklands VIC 3008 ABN 14 098 237 908 1300 922 923 NATIONAL +61 (2) 9290 4444 SYDNEY +61 (3) 8376 9410 MELBOURNE info@senseofsecurity.com.au Presented by Microservices, Containers & CaaS – How Safe Are You? Murray Goldschmidt, Chief Operating Officer 12 June 2019
t Agenda 16/6/19© Sense of Security Pty Ltd 2019 2 1. Serverless, Microservices and Container Security 2. Key Implications for Penetration Testing Programs 3. Key Security features for Container Deployments 4. CI/CD Integration for Automated Security & Vuln Mgt Agenda
t Are Containers As Good as it Gets? The key thing to recognize with cloud containers is that they are designed to virtualize a single application 3 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
t As Good as it Gets? e.g., you have a MySQL container and that's all it does, provide a virtual instance of that application. 4 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
t As Good as it Gets? Containers ***SHOULD*** create an isolation boundary at the application level rather than at the server level. 5 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
t As Good as it Gets? This isolation ***SHOULD*** mean that if anything goes wrong in that single container (e.g., excessive consumption of resources by a process) it only affects that individual container and not the whole VM or whole server. 6 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
t 7© Sense of Security Pty Ltd 2019 16/6/19
t 8 Container Security – Tech Neutral © Sense of Security Pty Ltd 2019 16/6/19
t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 9
t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 10
t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 11
t Monolithic vs Micro Services (API Centric) https://developer.ibm.com/courses/monolithic-architecture-versus-microservices-architecture-dwc024/ © Sense of Security Pty Ltd 2019 16/6/19 12
t Monolithic vs Micro Services (API Centric) https://developer.ibm.com/courses/monolithic-architecture-versus-microservices-architecture-dwc024/ © Sense of Security Pty Ltd 2019 16/6/19 13
t Monolithic vs Micro Services (API Centric) https://developer.ibm.com/courses/monolithic-architecture-versus-microservices-architecture-dwc024/ © Sense of Security Pty Ltd 2019 16/6/19 14
t Example: Microsoft eShop Reference Architecture © Sense of Security Pty Ltd 2019 16/6/19 15
t Example: Microsoft eShop Reference Architecture © Sense of Security Pty Ltd 2019 16/6/19 16
t VM vs. Containers (where the abstraction occurs) VM c o n t . C o n t . C o n t . C o n t . C o n t N c o n t . C o n t . C o n t . C o n t . C o n t N Hardware Hypervisor 1 V M V M V M V M V M Hardware Host OS V M V M V M V M V M Hypervisor 2 Hardware Host OS c o n t 1 C o n t 2 C o n t 3 C o n t 4 C o n t N Container Engine Dep 1 Dep 2 Guest OS Dependencies Application Container App. Deps. Application ABC Virtualisation Containerisation Type1 – Bare Metal Type 2 © Sense of Security Pty Ltd 2019 16/6/19 17
t © Sense of Security Pty Ltd 2019 16/6/19 18
t © Sense of Security Pty Ltd 2019 16/6/19 19
t © Sense of Security Pty Ltd 2019 16/6/19 20
t © Sense of Security Pty Ltd 2019 16/6/19 21
t © Sense of Security Pty Ltd 2019 16/6/19 22
t Developers © Sense of Security Pty Ltd 2019 16/6/19 23
t Hackers © Sense of Security Pty Ltd 2019 16/6/19 24
t HookingLowestWins © Sense of Security Pty Ltd 2019 16/6/19 25
t North-South&East-WestAttacks andPivots https://neuvector.com/network-security/securing-east-west-traffic-in-container-based-data-center/ 16/6/19© Sense of Security Pty Ltd 2019 26
t Break-In © Sense of Security Pty Ltd 2019 16/6/19 27
t Entry Point is usually a “Pin Hole” issue Break-In For example a known application issue © Sense of Security Pty Ltd 2019 16/6/19 28
t 14-Sep-18of Security Pty Ltd 2019 16/6/19 29
t Containers – The “Contained” Challenge IFyou can Break- In You then Need to Break-Outhttp://www.marvinfrancismaninacage.com/ © Sense of Security Pty Ltd 2019 16/6/19 30
t Break-Out <goWest goEast> © Sense of Security Pty Ltd 2019 16/6/19 31
t Either Find a Container Vuln & Exploit © Sense of Security Pty Ltd 2019 16/6/19 32
t • https://brauner.github.io/2019/02/12/privileged-containers.html Recent Container Vulnerabilities © Sense of Security Pty Ltd 2019 16/6/19 33
t • https://brauner.github.io/2019/02/12/privileged-containers.html Recent Container Vulnerabilities © Sense of Security Pty Ltd 2019 16/6/19 34
t Recent Container Vulnerabilities © Sense of Security Pty Ltd 2019 16/6/19 35
t Or - Living off the Land Attacker now has to “live off the land” Relying on misconfiguration, ability to use native tools, or download new and execute © Sense of Security Pty Ltd 2019 16/6/19 36
t 14-Sep-18Sense of Security Page 31
t 14-Sep-18Sense of Security Page 32
t e of Security Pty Ltd 2019 16/6/19 39
t © Sense of Security Pty Ltd 2019 16/6/19 40
t Content Slide Layout 16/6/19Sense of Security Page 41
t Content Slide Layout 16/6/19Sense of Security Page 42
t How to Upgrade your Vuln Mgt Program What to expect from a Pen Test Implications for CaaS Supply Chain Risk DevSecOps © Sense of Security Pty Ltd 2019 16/6/19 43
t 14-Sep-18 Page 42 Pen Test – Spray & Hope vs Knowledge & Finesse © Sense of Security Pty Ltd 2019
t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 45
t © Sense of Security Pty Ltd 2019 16/6/19 46
t © Sense of Security Pty Ltd 2019 16/6/19 47
t © Sense of Security Pty Ltd 2019 4816/6/19
t 16/6/19 49 https://neuvector.com/run-time- container-security/ © Sense of Security Pty Ltd 2019
t © Sense of Security Pty Ltd 2019 16/6/19 50
t © Sense of Security Pty Ltd 2019 16/6/19 51
t © Sense of Security Pty Ltd 2019 16/6/19 52
t Load Balancing Perimeter Public Functions © Sense of Security Pty Ltd 2019 16/6/19 53
t 16/6/19 54© Sense of Security Pty Ltd 2019
t 16/6/19 55 Hack Transformation © Sense of Security Pty Ltd 2019
t https://neuvector.com/networ k-security/next-generation- firewall-vs-container-firewall/ © Sense of Security Pty Ltd 2019 16/6/19 56
t Security Testing Needs to Go Down The Stack Process UI (Container, presentation layer) AppServer (IIS, Apache, Nginx) Language (Java, PHP, .NET) Framework (Struts, Spring, .NET) Networking (SDN, SecGroups) Clustering/Orchestration (CaaS, Swarm, Kubernetes) Operating System (Linux, Windows) Process BackEnd (Container, database) Process App (Container, application processing) Core Infrastructure Cloud Platform User Interface (WebApps, forms, logons, API’s) © Sense of Security Pty Ltd 2019
t Finesse © Sense of Security Pty Ltd 2019 16/6/19 58
t
t There are Pen Tests & There are Pen Tests! © Sense of Security Pty Ltd 2019 16/6/19 60
t Blue Team: Key Steps to App Container Security 1 End-to-End Vulnerability Management 2 Container Attack Surface Reduction 3 User Access Control 4 Hardening the Host OS & the Container 5 SDLC Automation (DevOps) © Sense of Security Pty Ltd 2019 16/6/19 61
t Solutioning 1 End-to-End Vulnerability Management 62© Sense of Security Pty Ltd 2019 16/6/19
t Automated Vuln Mgt Build • API’s & Plug-ins • Third Party Components • Vuln Mgt Automation Registry • Automated Scan of Pub/Priv Registry Host • Compliance Scanning • OS • CaaS Runtime • Audit logging • Event logging SHIFT LEFT Image adapted from Qualys materials © Sense of Security Pty Ltd 2019 16/6/19 63
t Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Use Trusted Images Sign & Verify Images Reduce Attack Surface Privileged Access & Auth Mgt Ongoing SecOps Advanced Security Controls Vulnerability Management Third Party Components Mgt (SCA) Network Segmentation User Authentication Vulnerability Scanning Harden the OS Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017 © Sense of Security Pty Ltd 2019 16/6/19 64
t 65© Sense of Security Pty Ltd 2019 16/6/19
t Solutioning 2 Container Attack Surface Reduction 66© Sense of Security Pty Ltd 2019 16/6/19
t Solutioning 3 User Access Control 67© Sense of Security Pty Ltd 2019 16/6/19
t Solutioning 4 Hardening the Host OS & the Container See NIST SP 800-190 and various others incl https://www.cisecurity.org/benchmark/docker/ 68© Sense of Security Pty Ltd 2019 16/6/19
t Solutioning 5 SDLC Automation (DevOps) 69© Sense of Security Pty Ltd 2019 16/6/19
t Agenda 16/6/19© Sense of Security Pty Ltd 2019 70 1. Serverless, Microservices and Container Security 2. Key Implications for Penetration Testing Programs 3. Key Security features for Container Deployments 4. CI/CD Integration for Automated Security & Vuln Mgt Agenda Recap
t Apply What You Have Learned Today – Exec/Procurement • Next week you should: - Reset your review criteria for Penetration Testing - Explicitly incorporate testing of Cloud Technologies into your Vuln Mgt Program • In the first three months following this presentation you should: - Review suppliers’ capability to test Cloud Technologies - Develop the Blue Team side of the equation - Have A functional Shift Left feature in your Vuln Mgt Program for Cloud • Within six months you should - Have performed an effective Penetration Test on your Cloud investment - Fine tune your blue team response to cloud technology attacks 71© Sense of Security Pty Ltd 2019 16/6/19
t Apply What You Have Learned Today – Pen Testers • Next week you should: - Shortlist all the relevant cloud technologies in use by your clients - Re-calibrate your approach to test PaaS and Container • In the first three months following this presentation you should: - Demonstrate the ability to breakout of containers - Demonstrate the ability to live off the land • Within six months you should - Perfect methods for persistence in highly dynamic environments - Determine how to integrate Pen Test with client Blue Team (Purple Team) 72© Sense of Security Pty Ltd 2019 16/6/19
t Do you have any questions? 16/6/19 73© Sense of Security Pty Ltd 2019 Murray Goldschmidt COO murrayg@senseofsecurity.com.au
t Sydney Head Office – Level 8, 59 Goulburn Street, Sydney NSW 2000 Melbourne Office – Level 15, 401 Docklands Drive, Docklands VIC 3008 ABN 14 098 237 908 Contact us to discuss how our security solutions can help protect your most vital assets. 1300 922 923 NATIONAL +61 (2) 9290 4444 SYDNEY +61 (3) 8376 9410 MELBOURNE info@senseofsecurity.com.au senseofsecurity.com.au

Recommended

Linux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDLinux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDTiffany Jachja
 
Safety Assurance and Certification: Current Practices, Challenges, and Brains...
Safety Assurance and Certification: Current Practices, Challenges, and Brains...Safety Assurance and Certification: Current Practices, Challenges, and Brains...
Safety Assurance and Certification: Current Practices, Challenges, and Brains...Roberto Natella
 
The key issues for teaching or learning Android and Linux Kernel
The key issues for teaching or learning Android and Linux KernelThe key issues for teaching or learning Android and Linux Kernel
The key issues for teaching or learning Android and Linux KernelWilliam Liang
 
YOUR Defence for the TOP 10 Cyber Threats!
YOUR Defence for the TOP 10 Cyber Threats!YOUR Defence for the TOP 10 Cyber Threats!
YOUR Defence for the TOP 10 Cyber Threats!Dr David Probert
 
Upgrading Industrial CyberSecurity & Security Critical National Infrastructure
Upgrading Industrial CyberSecurity & Security Critical National InfrastructureUpgrading Industrial CyberSecurity & Security Critical National Infrastructure
Upgrading Industrial CyberSecurity & Security Critical National InfrastructureDr David Probert
 
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!Dr David Probert
 
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !Dr David Probert
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 

Recommended

Linux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDLinux Foundation Live Webinar: Applying Governance to CI/CD
Linux Foundation Live Webinar: Applying Governance to CI/CDTiffany Jachja
 
Safety Assurance and Certification: Current Practices, Challenges, and Brains...
Safety Assurance and Certification: Current Practices, Challenges, and Brains...Safety Assurance and Certification: Current Practices, Challenges, and Brains...
Safety Assurance and Certification: Current Practices, Challenges, and Brains...Roberto Natella
 
The key issues for teaching or learning Android and Linux Kernel
The key issues for teaching or learning Android and Linux KernelThe key issues for teaching or learning Android and Linux Kernel
The key issues for teaching or learning Android and Linux KernelWilliam Liang
 
YOUR Defence for the TOP 10 Cyber Threats!
YOUR Defence for the TOP 10 Cyber Threats!YOUR Defence for the TOP 10 Cyber Threats!
YOUR Defence for the TOP 10 Cyber Threats!Dr David Probert
 
Upgrading Industrial CyberSecurity & Security Critical National Infrastructure
Upgrading Industrial CyberSecurity & Security Critical National InfrastructureUpgrading Industrial CyberSecurity & Security Critical National Infrastructure
Upgrading Industrial CyberSecurity & Security Critical National InfrastructureDr David Probert
 
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!
CyberVision: 2020 to 2030 - Your 21stC Cybersecurity Toolkit!Dr David Probert
 
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !
Cyber Tools and Trends - Next 7 Years: 2018 - 2025 !Dr David Probert
 
Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...Introducing the HICLASS Research Programme - Enabling Development of Complex ...
Introducing the HICLASS Research Programme - Enabling Development of Complex ...AdaCore
 
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present..."Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...Edge AI and Vision Alliance
 
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Capgemini
 
TWISummit 2019 - Build Security In
TWISummit 2019 - Build Security InTWISummit 2019 - Build Security In
TWISummit 2019 - Build Security InThoughtworks
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
micro:bit IET - Nov 2019
micro:bit IET - Nov 2019micro:bit IET - Nov 2019
micro:bit IET - Nov 2019Hal Speed
 
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con ConfluentIoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con Confluentmimacom
 
IoT & Data Analytics Sharing Session - Telkomsigma
IoT & Data Analytics Sharing Session - TelkomsigmaIoT & Data Analytics Sharing Session - Telkomsigma
IoT & Data Analytics Sharing Session - TelkomsigmaTogi Nababan
 
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation Machine
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation MachineNETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation Machine
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation MachineNETSCOUT
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
Common Security Misconception
Common Security MisconceptionCommon Security Misconception
Common Security MisconceptionMatthew Ong
 
Why Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik RamasamyWhy Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik RamasamyStreamNative
 
Pulsar summit-keynote-final
Pulsar summit-keynote-finalPulsar summit-keynote-final
Pulsar summit-keynote-finalKarthik Ramasamy
 
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kenta Suzuki
 
Web rtc for iot, edge computing use cases
Web rtc for iot, edge computing use casesWeb rtc for iot, edge computing use cases
Web rtc for iot, edge computing use casesNTT Communications Technology Development
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMoti Sagey מוטי שגיא
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshJamesAnderson599331
 
Integrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformIntegrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformJun Kai Yong
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success storiesWorteks
 
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris.
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris. LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris.
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris. OW2
 
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud Native Day Tel Aviv
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 

More Related Content

Similar to Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps

"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present..."Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...Edge AI and Vision Alliance
 
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Capgemini
 
TWISummit 2019 - Build Security In
TWISummit 2019 - Build Security InTWISummit 2019 - Build Security In
TWISummit 2019 - Build Security InThoughtworks
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkFelipe Prado
 
micro:bit IET - Nov 2019
micro:bit IET - Nov 2019micro:bit IET - Nov 2019
micro:bit IET - Nov 2019Hal Speed
 
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con ConfluentIoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con Confluentmimacom
 
IoT & Data Analytics Sharing Session - Telkomsigma
IoT & Data Analytics Sharing Session - TelkomsigmaIoT & Data Analytics Sharing Session - Telkomsigma
IoT & Data Analytics Sharing Session - TelkomsigmaTogi Nababan
 
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation Machine
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation MachineNETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation Machine
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation MachineNETSCOUT
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...Marina Krotofil
 
Common Security Misconception
Common Security MisconceptionCommon Security Misconception
Common Security MisconceptionMatthew Ong
 
Why Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik RamasamyWhy Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik RamasamyStreamNative
 
Pulsar summit-keynote-final
Pulsar summit-keynote-finalPulsar summit-keynote-final
Pulsar summit-keynote-finalKarthik Ramasamy
 
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kenta Suzuki
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshJamesAnderson599331
 
Integrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformIntegrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformJun Kai Yong
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success storiesWorteks
 
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris.
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris. LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris.
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris. OW2
 
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud Native Day Tel Aviv
 

Similar to Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps (20)

"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present..."Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
"Addressing Corner Cases in Embedded Computer Vision Applications," a Present...
 
Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...Data Center of the Future: Designing a modernized, high performance computing...
Data Center of the Future: Designing a modernized, high performance computing...
 
TWISummit 2019 - Build Security In
TWISummit 2019 - Build Security InTWISummit 2019 - Build Security In
TWISummit 2019 - Build Security In
 
DEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apkDEF CON 27 - workshop - POLOTO - hacking the android apk
DEF CON 27 - workshop - POLOTO - hacking the android apk
 
micro:bit IET - Nov 2019
micro:bit IET - Nov 2019micro:bit IET - Nov 2019
micro:bit IET - Nov 2019
 
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con ConfluentIoT, arquitectura de solución y cómo enriquecerlo con Confluent
IoT, arquitectura de solución y cómo enriquecerlo con Confluent
 
IoT & Data Analytics Sharing Session - Telkomsigma
IoT & Data Analytics Sharing Session - TelkomsigmaIoT & Data Analytics Sharing Session - Telkomsigma
IoT & Data Analytics Sharing Session - Telkomsigma
 
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation Machine
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation MachineNETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation Machine
NETSCOUT Threat Intelligence Report 1H 2019: Cybercrime’s Innovation Machine
 
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
A Diet of Poisoned Fruit: Designing Implants & OT Payloads for ICS Embedded D...
 
Common Security Misconception
Common Security MisconceptionCommon Security Misconception
Common Security Misconception
 
Why Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik RamasamyWhy Splunk Chose Pulsar_Karthik Ramasamy
Why Splunk Chose Pulsar_Karthik Ramasamy
 
Pulsar summit-keynote-final
Pulsar summit-keynote-finalPulsar summit-keynote-final
Pulsar summit-keynote-final
 
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
Kubernetes based connected vehicle platform #k8sjp_t1 #k8sjp
 
Web rtc for iot, edge computing use cases
Web rtc for iot, edge computing use casesWeb rtc for iot, edge computing use cases
Web rtc for iot, edge computing use cases
 
Mind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_finalMind the gap_cpx2022_moti_sagey_final
Mind the gap_cpx2022_moti_sagey_final
 
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service MeshGDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
GDG Cloud Southlake #10 Christian Posta: Future of Service Mesh
 
Integrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platformIntegrating Service Mesh with Kubernetes-based connected vehicle platform
Integrating Service Mesh with Kubernetes-based connected vehicle platform
 
[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories[OW2con19] LemonLDAP::NG success stories
[OW2con19] LemonLDAP::NG success stories
 
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris.
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris. LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris.
LemonLDAP::NG Success Stories presented at OW2con'19, June 12-13, Paris.
 
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
Cloud and Edge: price, performance and privacy considerations in IOT, by Tsvi...
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Securely Deploying Micro Services, Containers & Serverless PaaS Web Apps

  • 1. t Sydney Head Office – Level 8, 59 Goulburn Street, Sydney NSW 2000 Melbourne Office – Level 15, 401 Docklands Drive, Docklands VIC 3008 ABN 14 098 237 908 1300 922 923 NATIONAL +61 (2) 9290 4444 SYDNEY +61 (3) 8376 9410 MELBOURNE info@senseofsecurity.com.au Presented by Microservices, Containers & CaaS – How Safe Are You? Murray Goldschmidt, Chief Operating Officer 12 June 2019
  • 2. t Agenda 16/6/19© Sense of Security Pty Ltd 2019 2 1. Serverless, Microservices and Container Security 2. Key Implications for Penetration Testing Programs 3. Key Security features for Container Deployments 4. CI/CD Integration for Automated Security & Vuln Mgt Agenda
  • 3. t Are Containers As Good as it Gets? The key thing to recognize with cloud containers is that they are designed to virtualize a single application 3 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
  • 4. t As Good as it Gets? e.g., you have a MySQL container and that's all it does, provide a virtual instance of that application. 4 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
  • 5. t As Good as it Gets? Containers ***SHOULD*** create an isolation boundary at the application level rather than at the server level. 5 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
  • 6. t As Good as it Gets? This isolation ***SHOULD*** mean that if anything goes wrong in that single container (e.g., excessive consumption of resources by a process) it only affects that individual container and not the whole VM or whole server. 6 *** Modified *** https://searchcloudsecurity.techtarget.com/feature/Cloud-containers-what-they-are-and-how- they-work © Sense of Security Pty Ltd 2019 16/6/19
  • 7. t 7© Sense of Security Pty Ltd 2019 16/6/19
  • 8. t 8 Container Security – Tech Neutral © Sense of Security Pty Ltd 2019 16/6/19
  • 9. t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 9
  • 10. t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 10
  • 11. t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 11
  • 12. t Monolithic vs Micro Services (API Centric) https://developer.ibm.com/courses/monolithic-architecture-versus-microservices-architecture-dwc024/ © Sense of Security Pty Ltd 2019 16/6/19 12
  • 13. t Monolithic vs Micro Services (API Centric) https://developer.ibm.com/courses/monolithic-architecture-versus-microservices-architecture-dwc024/ © Sense of Security Pty Ltd 2019 16/6/19 13
  • 14. t Monolithic vs Micro Services (API Centric) https://developer.ibm.com/courses/monolithic-architecture-versus-microservices-architecture-dwc024/ © Sense of Security Pty Ltd 2019 16/6/19 14
  • 15. t Example: Microsoft eShop Reference Architecture © Sense of Security Pty Ltd 2019 16/6/19 15
  • 16. t Example: Microsoft eShop Reference Architecture © Sense of Security Pty Ltd 2019 16/6/19 16
  • 17. t VM vs. Containers (where the abstraction occurs) VM c o n t . C o n t . C o n t . C o n t . C o n t N c o n t . C o n t . C o n t . C o n t . C o n t N Hardware Hypervisor 1 V M V M V M V M V M Hardware Host OS V M V M V M V M V M Hypervisor 2 Hardware Host OS c o n t 1 C o n t 2 C o n t 3 C o n t 4 C o n t N Container Engine Dep 1 Dep 2 Guest OS Dependencies Application Container App. Deps. Application ABC Virtualisation Containerisation Type1 – Bare Metal Type 2 © Sense of Security Pty Ltd 2019 16/6/19 17
  • 18. t © Sense of Security Pty Ltd 2019 16/6/19 18
  • 19. t © Sense of Security Pty Ltd 2019 16/6/19 19
  • 20. t © Sense of Security Pty Ltd 2019 16/6/19 20
  • 21. t © Sense of Security Pty Ltd 2019 16/6/19 21
  • 22. t © Sense of Security Pty Ltd 2019 16/6/19 22
  • 23. t Developers © Sense of Security Pty Ltd 2019 16/6/19 23
  • 24. t Hackers © Sense of Security Pty Ltd 2019 16/6/19 24
  • 25. t HookingLowestWins © Sense of Security Pty Ltd 2019 16/6/19 25
  • 27. t Break-In © Sense of Security Pty Ltd 2019 16/6/19 27
  • 28. t Entry Point is usually a “Pin Hole” issue Break-In For example a known application issue © Sense of Security Pty Ltd 2019 16/6/19 28
  • 29. t 14-Sep-18of Security Pty Ltd 2019 16/6/19 29
  • 30. t Containers – The “Contained” Challenge IFyou can Break- In You then Need to Break-Outhttp://www.marvinfrancismaninacage.com/ © Sense of Security Pty Ltd 2019 16/6/19 30
  • 31. t Break-Out <goWest goEast> © Sense of Security Pty Ltd 2019 16/6/19 31
  • 32. t Either Find a Container Vuln & Exploit © Sense of Security Pty Ltd 2019 16/6/19 32
  • 33. t • https://brauner.github.io/2019/02/12/privileged-containers.html Recent Container Vulnerabilities © Sense of Security Pty Ltd 2019 16/6/19 33
  • 34. t • https://brauner.github.io/2019/02/12/privileged-containers.html Recent Container Vulnerabilities © Sense of Security Pty Ltd 2019 16/6/19 34
  • 35. t Recent Container Vulnerabilities © Sense of Security Pty Ltd 2019 16/6/19 35
  • 36. t Or - Living off the Land Attacker now has to “live off the land” Relying on misconfiguration, ability to use native tools, or download new and execute © Sense of Security Pty Ltd 2019 16/6/19 36
  • 39. t e of Security Pty Ltd 2019 16/6/19 39
  • 40. t © Sense of Security Pty Ltd 2019 16/6/19 40
  • 41. t Content Slide Layout 16/6/19Sense of Security Page 41
  • 42. t Content Slide Layout 16/6/19Sense of Security Page 42
  • 43. t How to Upgrade your Vuln Mgt Program What to expect from a Pen Test Implications for CaaS Supply Chain Risk DevSecOps © Sense of Security Pty Ltd 2019 16/6/19 43
  • 44. t 14-Sep-18 Page 42 Pen Test – Spray & Hope vs Knowledge & Finesse © Sense of Security Pty Ltd 2019
  • 45. t Monolithic vs Microservices Architecture © Sense of Security Pty Ltd 2019 16/6/19 45
  • 46. t © Sense of Security Pty Ltd 2019 16/6/19 46
  • 47. t © Sense of Security Pty Ltd 2019 16/6/19 47
  • 48. t © Sense of Security Pty Ltd 2019 4816/6/19
  • 50. t © Sense of Security Pty Ltd 2019 16/6/19 50
  • 51. t © Sense of Security Pty Ltd 2019 16/6/19 51
  • 52. t © Sense of Security Pty Ltd 2019 16/6/19 52
  • 53. t Load Balancing Perimeter Public Functions © Sense of Security Pty Ltd 2019 16/6/19 53
  • 54. t 16/6/19 54© Sense of Security Pty Ltd 2019
  • 55. t 16/6/19 55 Hack Transformation © Sense of Security Pty Ltd 2019
  • 57. t Security Testing Needs to Go Down The Stack Process UI (Container, presentation layer) AppServer (IIS, Apache, Nginx) Language (Java, PHP, .NET) Framework (Struts, Spring, .NET) Networking (SDN, SecGroups) Clustering/Orchestration (CaaS, Swarm, Kubernetes) Operating System (Linux, Windows) Process BackEnd (Container, database) Process App (Container, application processing) Core Infrastructure Cloud Platform User Interface (WebApps, forms, logons, API’s) © Sense of Security Pty Ltd 2019
  • 58. t Finesse © Sense of Security Pty Ltd 2019 16/6/19 58
  • 59. t
  • 60. t There are Pen Tests & There are Pen Tests! © Sense of Security Pty Ltd 2019 16/6/19 60
  • 61. t Blue Team: Key Steps to App Container Security 1 End-to-End Vulnerability Management 2 Container Attack Surface Reduction 3 User Access Control 4 Hardening the Host OS & the Container 5 SDLC Automation (DevOps) © Sense of Security Pty Ltd 2019 16/6/19 61
  • 62. t Solutioning 1 End-to-End Vulnerability Management 62© Sense of Security Pty Ltd 2019 16/6/19
  • 63. t Automated Vuln Mgt Build • API’s & Plug-ins • Third Party Components • Vuln Mgt Automation Registry • Automated Scan of Pub/Priv Registry Host • Compliance Scanning • OS • CaaS Runtime • Audit logging • Event logging SHIFT LEFT Image adapted from Qualys materials © Sense of Security Pty Ltd 2019 16/6/19 63
  • 64. t Container Security Lifecycle Management & Compliance Summary Develop / Build Test / Modify Release / Production Use Trusted Images Sign & Verify Images Reduce Attack Surface Privileged Access & Auth Mgt Ongoing SecOps Advanced Security Controls Vulnerability Management Third Party Components Mgt (SCA) Network Segmentation User Authentication Vulnerability Scanning Harden the OS Adapted from: Ten Basic Steps To Secure Software Containers, Instructions For Safely Developing And Deploying Software In Containers, by Amy DeMartine and Dave Bartoletti April 14, 2017 © Sense of Security Pty Ltd 2019 16/6/19 64
  • 65. t 65© Sense of Security Pty Ltd 2019 16/6/19
  • 66. t Solutioning 2 Container Attack Surface Reduction 66© Sense of Security Pty Ltd 2019 16/6/19
  • 67. t Solutioning 3 User Access Control 67© Sense of Security Pty Ltd 2019 16/6/19
  • 68. t Solutioning 4 Hardening the Host OS & the Container See NIST SP 800-190 and various others incl https://www.cisecurity.org/benchmark/docker/ 68© Sense of Security Pty Ltd 2019 16/6/19
  • 69. t Solutioning 5 SDLC Automation (DevOps) 69© Sense of Security Pty Ltd 2019 16/6/19
  • 70. t Agenda 16/6/19© Sense of Security Pty Ltd 2019 70 1. Serverless, Microservices and Container Security 2. Key Implications for Penetration Testing Programs 3. Key Security features for Container Deployments 4. CI/CD Integration for Automated Security & Vuln Mgt Agenda Recap
  • 71. t Apply What You Have Learned Today – Exec/Procurement • Next week you should: - Reset your review criteria for Penetration Testing - Explicitly incorporate testing of Cloud Technologies into your Vuln Mgt Program • In the first three months following this presentation you should: - Review suppliers’ capability to test Cloud Technologies - Develop the Blue Team side of the equation - Have A functional Shift Left feature in your Vuln Mgt Program for Cloud • Within six months you should - Have performed an effective Penetration Test on your Cloud investment - Fine tune your blue team response to cloud technology attacks 71© Sense of Security Pty Ltd 2019 16/6/19
  • 72. t Apply What You Have Learned Today – Pen Testers • Next week you should: - Shortlist all the relevant cloud technologies in use by your clients - Re-calibrate your approach to test PaaS and Container • In the first three months following this presentation you should: - Demonstrate the ability to breakout of containers - Demonstrate the ability to live off the land • Within six months you should - Perfect methods for persistence in highly dynamic environments - Determine how to integrate Pen Test with client Blue Team (Purple Team) 72© Sense of Security Pty Ltd 2019 16/6/19
  • 73. t Do you have any questions? 16/6/19 73© Sense of Security Pty Ltd 2019 Murray Goldschmidt COO murrayg@senseofsecurity.com.au
  • 74. t Sydney Head Office – Level 8, 59 Goulburn Street, Sydney NSW 2000 Melbourne Office – Level 15, 401 Docklands Drive, Docklands VIC 3008 ABN 14 098 237 908 Contact us to discuss how our security solutions can help protect your most vital assets. 1300 922 923 NATIONAL +61 (2) 9290 4444 SYDNEY +61 (3) 8376 9410 MELBOURNE info@senseofsecurity.com.au senseofsecurity.com.au