Securing containers by Breaking In - Liran Tal - DevSecCon Tel Aviv 2019

•

0 likes•126 views

There’s no better way to understand container security than seeing some live hacking! This sessions explains and distinguishes the security concern of each layer in the container stack by actually exploiting each layer. We’ll take on Kubernetes itself, the Kubernetes configuration, the container engine (sandbox escaping), OS dependencies in your images, and of course your application dependencies. Each successful hack will help you better understand the mistakes you can make, their implications, and how you can avoid them.

Software

Securing Containers by Breaking In
@liran_tal
Snyk
DevSecCon Tel Aviv 2019

Node.js Security WG
Liran Tal
OWASP NodeGoat
author of
- Essential Node.js Security
- O’Reilly’s Serverless Security
Developer Advocate
@liran_tal

@liran_tal
1 billion weekly d/l
of container images

@liran_tal
Best Practices
for Docker Image Security

@liran_tal
#1 Prefer Minimal Base Images

@liran_tal
source: https://snyk.io/opensourcesecurity-2019

@liran_tal
how precious are your
container images?

@liran_tal
State of 2FA in the npm registry

@liran_tal
6.89%
of all developers
State of 2FA in the npm registry

@liran_tal
6%
of all packages
State of 2FA in the npm registry

@liran_tal
0%
of all users
State of 2FA in ecosystem

@liran_tal
#5 Find, Fix and Monitor
Open Source Vulnerabilities in the OS

@liran_tal
76.6%
of the top 1,000 Docker containers
have severe known vulnerabilities

@liran_tal
44%
of docker image vulnerabilities can
be ﬁxed with newer base images

@liran_tal
20%
of docker image vulnerabilities can
be ﬁxed just by rebuilding them

@liran_tal
What can possibly go wrong
with vulnerabilities in my container?

@liran_tal
#7 application dependencies impact
container security too

@liran_tal
What can possibly go wrong
with vulnerabilities in my app?

@liran_tal
build image
compile and setup your app
prod image
production artifacts

@liran_tal
Attackers are targeting open source
one vulnerability = many victims

@liran_tal
Re-build images often
Choose the right base image
Scan docker images during devel’
Use a security linter for a Dockerﬁle
Use multi-stage docker builds
https://snyk.io/blog/10-docker-image-security-best-practices
Enable 2FA and use trusted images

Be a Responsible Cool Kid
Containers are Cool
@liran_tal

The document discusses best practices for Docker image security. It covers preferring minimal base images, using least privileged users, enabling two-factor authentication, signing and verifying images, finding and fixing open source vulnerabilities in operating systems, and scanning images during development. Some key statistics provided include that 1 billion container images are downloaded weekly and that 44% of Docker image vulnerabilities could be fixed with newer base images.

Stranger Danger - Finding vulnerabilities before they find you - Liran Tal 2021

Liran Tal

The document discusses finding security vulnerabilities in open source software before attackers can exploit them. It notes that open source packages often have dependencies with vulnerabilities and that vulnerabilities in popular packages can affect many users. It advocates for making security easier and more developer-friendly to integrate into the development process. It also provides best practices for open source maintainers such as having a responsible disclosure policy, scanning for vulnerabilities, and promptly releasing security fixes.

Discovering and Fixing Dependency Vulnerabilities for Kubernetes apps with Sn...

Codefresh

Watch the full webinar here: https://bit.ly/2NsNSVb 83% of organizations use vulnerable dependencies. By bringing Snyk into the CI/CD process we can scan Docker images as they are created and reveal vulnerabilities and fixes to developers as they work. Don’t wait for production to catch vulnerabilities! In this presentation, we use Codefresh to integrate with Snyk for a secure continuous delivery pipeline. Ready to try Codefresh? Sign up for FREE (120 builds/month) at Codefresh.io/codefresh-signup

Continous Delivery and Continous Integration at IKERLAN

Angel Conde Manjon

Concurrent version management(tortoise CVS)

Mirza_Mohtashim

The document discusses concurrent version control systems (CVS) and the CVS client TortoiseCVS. It describes how CVS allows multiple developers to work on the same codebase simultaneously, managing different versions and changes. It outlines the features of CVS, including concurrent access, version tagging, and difference tracking. The document then focuses on TortoiseCVS, an open source Windows shell extension that provides a graphical interface for performing CVS functions like check-ins, check-outs, tagging, and branching. It provides instructions and screenshots for using TortoiseCVS for common version control tasks.

Protecting Applications with Lambda@Edge and OAuth

Allan Denot

Hands on React Native: From Zero to Hero

Dmitry Vinnik

Abstract: So many platforms, so little time. How do we write an app for the web, Android, iOS, and other OS without spending all our time and money? Cross-platform can be your answer! You probably heard about React Native before, a framework that allows you to create native Android and iOS apps using React. But how do you get started with the framework? Whether you are an advanced iOS developer or a beginner React dev, this talk will help you get started with React Native. In this session, we explore React Native and its main concepts. Then, we will build a demo app from scratch for Android and iOS to show the power of cross-platform that the framework brings to the table! Link: https://dvinnik.dev/talks/mobile/hands-on-react-native/

TDD and the Terminator: An Introduction to Test-Driven Development

VMware Tanzu

Over the years, application security (appsec) has made progress, but it has also made some considerable mis-steps. Appsec focuses almost solely on developer awareness and secure development training as remediation. This isn't sustainable and arguably does little good. There is a better way, but we have to separate ourselves from the core assumptions we have made that got us here. Lets journey together to find old truths and better approaches. We will explore ways to make a change for the better across all levels of the development lifecycle, but we will focus on security testing early on in the development process. From this session, you will learn pragmatic approaches and tooling that will affect your development processes and delivery pipelines. You will walk away with code examples and tools that you can put into practice right away for security and rugged testing. http://lascon.org http://lascon2015.sched.org/event/175e3c828095386b2fa0fc660b2502a3

How Components Increase Speed and Risk

CA Technologies

Seamlessly Detect and React to IT-Service Related Problems

Dynatrace

SplunkLive Melbourne Splunk for Developers

Gabrielle Knowles

SplunkLive Brisbane Splunk for Developers

Gabrielle Knowles

This document provides information for developers about using Splunk. It discusses how Splunk can help with development workflows by providing visibility across the development toolchain. It explains what types of data can be analyzed in Splunk, including code review logs, version control logs and APIs, build logs, and task tracking logs. The document then discusses building Splunk apps, noting that anyone can be a Splunk app developer. It outlines the various ways developers can build apps, including using the REST API, SDKs, and XML. The document walks through building a sample app that finds data, gets it into Splunk, searches it, and visualizes it. It concludes by providing resources for developers to learn more about building apps with Splunk

Taking the Ks off your APKs - Rotem Mizrachi-Meidan, Everything.me

DroidConTLV

This document discusses reducing the size of Android app packages (APKs). It begins by noting an app was originally 19MB but needed to be reduced given data constraints faced by global users. Through techniques like ProGuard, splitting code by architecture and density, removing unnecessary native libraries, optimizing images, and metrics tracking, the app size was successfully reduced to 7.5MB. The document encourages measuring optimizations and announces the company is hiring for various developer roles.

Continuous Integration on my work

Mu Chun Wang

The document discusses continuous integration (CI), including what it is, example applications of CI to development work, principles for developers and CI engineers to follow, and a TODO list for setting up CI. It provides an overview of common CI tools and practices like automatically building, testing, and deploying code changes. The presentation also includes a live demo and case studies of using CI to continuously deploy backend programs and publish API documentation.

Perforce Helix Git Swarm: Enterprise Git Ecosystem

Perforce

Helix GitSwarm is where developer preferences meet enterprise needs. Based on the popular GitLab collaboration suite, it gives developers the pure Git-based workflow they love while satisfying enterprise security and scalability needs. With its unique "narrow cloning" capability, developers using Git can focus on their work and easily share components with other team members. Even if you're not using Git, Helix provides unique capabilities for modern DevOps. This session will demonstrate ... Git Repo Management: GitSwarm’s intuitive, web-based UI lets users quickly manage projects and people. You'll see how easy it is to manage users, groups and projects. Natural Git Workflow: GitSwarm includes project management, issue tracking, merge request workflows and much more. All the tools a professional developer needs. Narrow Cloning: Mono repos are key to sharing work and avoiding Git repo sprawl. See how to dice and slice a mono repo to be just the set of files you need in your local repository. Helix Integration: Manage all your assets in one place, lock files that can’t easily be merged and have everything you need for your CI builds in one place. An ideal system for powering continuous delivery.

30+ Nexus Integrations to Accelerate DevOps

Sonatype

This document provides descriptions of 30+ integrations for Nexus Repository that can accelerate DevOps. It lists the integrations alphabetically by name, with a brief 1-2 sentence description of each integration and its author. The integrations cover a wide range of technologies and platforms, including Docker, Maven, npm, VSTS, Jenkins, Puppet, and more. The integrations are meant to extend the capabilities of Nexus Repository and provide connections to other tools in the development pipeline. Users can find these integrations on the Nexus Exchange website.

Drozer - An Android Application Security Tool

nullowaspmumbai

The document discusses the Android application security tool Drozer. It provides an overview of Drozer's capabilities including leaking content providers, attacking broadcast receivers, and abusing application permissions. The document then demonstrates Drozer's usage through several examples analyzing vulnerable Android applications and exploiting issues like content provider leakage, insecure broadcast receivers, and permission abuse.

NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)

Hui (Henry) Chen

Principles of Monitoring Microservices

Michael Ducy

Containers and Microservices have radically changed how you get visibility into your applications. As developers have started to leverage orchestration systems on top of containers, the game is changing yet again. What was a simple application on a host before is now a sophisticated, dynamically orchestrated, multi-container architecture. It’s amazing for development - but introduces a whole new set of challenges for monitoring and visibility. In this talk we’ll lay out five key principles for monitoring microservices and the containers they are based on. These principles take into account the operational difference of containers and microservices when compared to traditional architectures. This talk is for the operator that needs to help development teams understand how visibility of apps has changed, and help teams implement these ideas. You’ll walk away with a good understanding of the challenges of monitoring microservices and how you can set your team up for success.

Android pentesting

Mykhailo Antonishyn

Assessment process of Android application vulnerability such as methods, check-lists, tools and runtime manipulation. Agenda: 1. Methodic's - OWASP TOP 10 2016, MSTG, MASVS 2. Static testing - MobSF, AndroBug Framework, QARG, VCG scanner 3. Dynamic testing - BurpSuite, Inspekage, LogCat, MobSF, Drozer, Frida framework #cybersecurity #mobilepentesting #applicationsecurity #UP2IT #accesssoftek #bytecode

Android pentesting

Mykhailo Antonishyn

This document provides an overview of methodology and tools for testing the security of Android applications. It discusses static testing tools like MobSF, AndroBugs, QARK and VCG scanner that can analyze Android app code without executing the app. It also covers dynamic testing tools like BurpSuite, Inspeckage, LogCat, MobSF and Drozer that allow analyzing an app's behavior while it is executing. The document provides descriptions and links for each tool to help understand their capabilities and how they can be used for Android pentesting.

The DevSecOps Builder’s Guide to the CI/CD Pipeline

James Wickett

All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table. Presented at LASCON 2018, in Austin, TX.

What's hot docker con eu 2015 & what's new on docker 1.9

jgsqware

DockerCon EU 2015 featured breaking news about Docker's growing ecosystem and security focus. Speakers discussed container as a service (CAAS) platforms like Tutum and the universal control plane for on-premise deployments. Docker 1.9 adds production-ready swarm mode for clustering, improved networking and security features like content trust and image scanning. Demos showed multi-host networking overlays, adding persistent volumes, and namespace locking. Upcoming areas of interest include Microsoft Windows Server 2016 native Docker support and unikernel containers.

Cutting-Edge Continuous Delivery: Automated Canary Analysis Through Spring-Ba...

VMware Tanzu

This document discusses automated canary analysis through Spinnaker for continuous delivery. Spinnaker is an open source tool that allows deploying software changes automatically without fear by using techniques like canary analysis. It supports multiple cloud providers and services. The presentation covers Spinnaker concepts like deployment strategies, canary deployments, chaos engineering, and best practices for canary analysis using Spinnaker like applying fine-grained traffic splits and including business metrics. It demonstrates Spinnaker capabilities using a Rick and Morty example and provides contact details for learning more.

Preventing Supply Chain Attacks on Open Source Software

All Things Open

Supply chain attacks on open source software increased 650% in 2021. Software supply chain attacks occur when adversaries manipulate third-party code to compromise downstream applications. Organizations must map dependencies, monitor for vulnerabilities, and quickly patch issues. A Software Bill of Materials (SBOM) provides visibility into components. OWASP Dependency Track helps generate SBOMs and identify vulnerabilities and license risks in dependencies. Implementing standards like the Supply Levels for Software Artifacts (SLSA) can help secure software supply chains and prevent tampering of artifacts.

Git in the Enterprise: How to succeed at DevOps using Git and a monorepo

Gina Bustos

Join GitLab VP of Product Job van der Voort and Perforce VP of Community Matt Attaway to hear lessons learned from their customers on how to succeed with DevOps using Git and a monorepo. In this webinar we'll discuss: - Approaches for managing teams and projects using Git - Techniques for handling issue tracking across dependent projects - Methods for automating testing and deployment - Strategies for bringing enterprise scale, cross-project visibility and security to teams using Git

Eclipse Hacker's Guide to the Git Universe

msohn

The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal

Liran Tal

Open source security affects everything from software supply chain attacks in package managers to container security which revealed in a recent study that the top ten most popular Docker images contain at least 30 vulnerable system libraries. In this session we will further explore the security posture of open source maintainers and deep characteristics of application dependencies across language ecosystems, with stories from the Node.js and npm ecosystem.

Snyk Intro - Developer Security Essentials 2022

Liran Tal

Overwhelmed with security issues in your Node.js applications? Not entirely sure how to write secure code? Join us in this workshop where you’ll learn how to improve security without being a security professional. We’ll use Snyk Code’s VS Code extension to catch and find security issues while you code, automatically fix security issues in your open source libraries, and see first-hand how to weaponize vulnerabilities to exploit working Node.js applications. You will also learn about the multiple ways of using Snyk to secure your projects, from the CLI, to CI/CD pipelines with GitHub Actions, and extend your know from secure code and secure dependencies to that of building secure containers to your Node.js apps on Docker.

What's hot

New Farming Methods in the Epistemological Wasteland of Application Security

James Wickett

How Components Increase Speed and Risk

CA Technologies

Seamlessly Detect and React to IT-Service Related Problems

Dynatrace

SplunkLive Melbourne Splunk for Developers

Gabrielle Knowles

SplunkLive Brisbane Splunk for Developers

Gabrielle Knowles

Taking the Ks off your APKs - Rotem Mizrachi-Meidan, Everything.me

DroidConTLV

Continuous Integration on my work

Mu Chun Wang

Perforce Helix Git Swarm: Enterprise Git Ecosystem

Perforce

30+ Nexus Integrations to Accelerate DevOps

Sonatype

Drozer - An Android Application Security Tool

nullowaspmumbai

NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)

Hui (Henry) Chen

Principles of Monitoring Microservices

Michael Ducy

Android pentesting

Mykhailo Antonishyn

Android pentesting

Mykhailo Antonishyn

The DevSecOps Builder’s Guide to the CI/CD Pipeline

James Wickett

What's hot docker con eu 2015 & what's new on docker 1.9

jgsqware

Cutting-Edge Continuous Delivery: Automated Canary Analysis Through Spring-Ba...

VMware Tanzu

Preventing Supply Chain Attacks on Open Source Software

All Things Open

Git in the Enterprise: How to succeed at DevOps using Git and a monorepo

Gina Bustos

Eclipse Hacker's Guide to the Git Universe

msohn

What's hot (20)

New Farming Methods in the Epistemological Wasteland of Application Security

How Components Increase Speed and Risk

Seamlessly Detect and React to IT-Service Related Problems

SplunkLive Melbourne Splunk for Developers

SplunkLive Brisbane Splunk for Developers

Taking the Ks off your APKs - Rotem Mizrachi-Meidan, Everything.me

Continuous Integration on my work

Perforce Helix Git Swarm: Enterprise Git Ecosystem

30+ Nexus Integrations to Accelerate DevOps

Drozer - An Android Application Security Tool

NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)

Principles of Monitoring Microservices

Android pentesting

The DevSecOps Builder’s Guide to the CI/CD Pipeline

What's hot docker con eu 2015 & what's new on docker 1.9

Cutting-Edge Continuous Delivery: Automated Canary Analysis Through Spring-Ba...

Preventing Supply Chain Attacks on Open Source Software

Git in the Enterprise: How to succeed at DevOps using Git and a monorepo

Eclipse Hacker's Guide to the Git Universe

Similar to Securing containers by Breaking In - Liran Tal - DevSecCon Tel Aviv 2019

The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal

Liran Tal

Snyk Intro - Developer Security Essentials 2022

Liran Tal

stackconf 2021 | Continuous Security – integrating security into your pipelines

NETWAYS

In the world of continuous delivery and cloud native, the boundaries between what is our application and what constitutes infrastructure is becoming increasing blurred. Our workloads, the containers they ship in, and our platform configuration is now often developed and deployed by the same teams, and development velocity is the key metric to success. This presents us with a challenge which the previous models of security as a final external gatekeeper step cannot keep up with. To ensure our apps and platforms are secure, we need to integrate security at all stages of our pipelines and ensure that our developers and engineering teams have tools and data with enable them to make decisions about security on an ongoing basis. In this session I will talk through the problem space, look at the kinds of security issues we need to consider, and look at where the integration points are to build in security as part of our CI/CD process.

apidays LIVE Singapore 2021 - Securing the Open Source supply chain by Liran ...

apidays

apidays LIVE Singapore 2021 - Digitisation, Connected Services and Embedded Finance April 21 & 22, 2021 Securing the Open Source supply chain Liran Tal, Director of Developer Advocacy at Snyk ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Security in a containerized world - Jessie Frazelle

Paris Container Day

The document discusses security models and techniques for containers. It covers moving from project-level security boundaries to finer-grained namespace and pod-level boundaries. It also discusses runtime security techniques like namespaces, cgroups, AppArmor profiles, and seccomp filters that isolate processes and restrict what they can access. These techniques aim to provide least privilege for nodes, workloads, and processes within the container environment.

Security Patterns for Microservice Architectures - Oktane20

Matt Raible

Matt Raible presented 11 security patterns for microservice architectures: 1) be secure by design, 2) scan dependencies, 3) use HTTPS everywhere, 4) use access and identity tokens, 5) encrypt and protect secrets, 6) verify security with delivery pipelines, 7) slow down attackers, 8) use Docker rootless mode, 9) use time-based security, 10) scan Docker and Kubernetes configurations for vulnerabilities, and 11) know your cloud and cluster security. He discussed each pattern in detail and provided examples and recommendations for implementation.

Security Patterns for Microservice Architectures - London Java Community 2020

Matt Raible

Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures. 1. Be Secure by Design 2. Scan Dependencies 3. Use HTTPS Everywhere 4. Use Access and Identity Tokens 5. Encrypt and Protect Secrets 6. Verify Security with Delivery Pipelines 7. Slow Down Attackers 8. Use Docker Rootless Mode 9. Use Time-Based Security 10. Scan Docker and Kubernetes Configuration for Vulnerabilities 11. Know Your Cloud and Cluster Security Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns

Security Patterns for Microservice Architectures

VMware Tanzu

Security Patterns for Microservice Architectures - SpringOne 2020

Matt Raible

Black Clouds and Silver Linings in Node.js Security - Liran Tal Snyk OWASP Gl...

Liran Tal

Security Patterns for Microservice Architectures - ADTMag Microservices & API...

Matt Raible

Continuous (Non)-Functional Testing of Microservices on k8s

QAware GmbH

Continuous Lifecycle Online 2021, May 11th 2021, online: Vortrag von Mario-Leander Reimer (@LeanderReimer, Principal Software Architect bei QAware) == Please download slides if blurred! == Abstract: Continuous delivery is everywhere. Well, not quite! Many teams still fail to continuously deliver well tested and stable product increments to production, especially when it comes to its non-functional attributes. Usually with the same old excuse: these high-level tests are too laborious and expensive to implement. But the opposite could be the case! This slides will show how easy it is to implement continuous performance, security and acceptance tests based for microservices on Kubernetes using well-known open source tools.

Cover Your Apps While Still Using npm

Tierney Cyren

This document discusses ways to secure Node.js applications that use npm modules. It recommends setting up an npm registry mirror as a fallback in case of outages, caching modules locally and publishing privately, and monitoring for vulnerabilities using tools like npm audit, Snyk, and CVE databases. For production, it suggests using N|Solid to monitor applications for security vulnerabilities both at the top level and within nested dependencies. The overall message is that while npm is widely used, organizations should take steps to cover their applications and ensure the security of the dependencies and modules they use.

Liran Tal - StrangerDanger - Finding Security Vulnerabilities Before They Fin...

Liran Tal

Open source modules on the NPM ecosystem are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your user’s data. This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we’ll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.

Continuous (Non-)Functional Testing of Microservices on K8s

QAware GmbH

Code Days, February 2021, talk by Mario-Leander Reimer (@LeanderReimer, Chief Software Architect at QAware) == Please download slides if blurred! == Abstract: Continuous delivery is everywhere. Well, not quite! Many teams still fail to continuously deliver well tested and stable product increments to production. Usually with the same old excuse: these high-level tests are too laborious and expensive to implement. But the opposite could be the case! This session will highlight the challenges and importance of early (non-)functional testing for cloud-native applications. Then, we will show how easy it is to implement continuous performance, security and acceptance tests for microservices based on K8s.

Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...

Liran Tal

The document discusses the security risks of open source software and dependencies. It notes that while open source software is great, it can introduce vulnerabilities if dependencies are not properly reviewed since they are written by many strangers and may contain vulnerabilities. It advocates using a tool like Snyk to continuously find and fix vulnerabilities in dependencies before attackers can exploit them.

The 7 characteristics of container native infrastructure, LinuxCon/ContainerC...

Casey Bisson

As presented at LinuxCon/ContainerCon 2015: http://sched.co/3YTd Containers are changing the manner in which applications are run across all data centers. However, it’s time to improve the efficiency of containers by removing VMs altogether and enabling containers to exist as first class citizens in the datacenter. The removal of the VM is just one of the seven characteristics of container-native infrastructure that offers specific performance and operational advantages to Docker in production. From more convenient networking to improved host management and overall better performance, container-native infrastructure is the future of the data center. In this session, Joyent Product Manager Casey Bisson will explore the difference between container-native and legacy infrastructure, including a side-by-side demonstration of clear differences.

Hardening Your CI/CD Pipelines with GitOps and Continuous Security

Weaveworks

Join us for a webinar on how to secure your CI/CD pipeline for Kubernetes with GitOps best practices and continuous runtime protection. As modern developers and DevOps teams are embarking on a quest for speed and reliability through automated CI/CD pipelines for Kubernetes, enterprises still need to ensure security and regulatory compliance. Together with Deepfence, the Weaveworks team will explain and demonstrate how GitOps continuous delivery pipelines, combined with continuous security observability, improves the overall security of your development workflow - from Git to production. In this webinar we will demonstrate: Deepfence container scanning Git-to-Kubernetes using FluxCD Deepfence continuous runtime security

AWS live hack: Docker + Snyk Container on AWS

Eric Smalling

Next Generation Vulnerability Assessment Using Datadog and Snyk

DevOps.com

Vulnerability assessment for teams can often be overwhelming. The dependency graph could be thousands of packages depending on the application. Triaging vulnerability data and prioritizing actions has historically been a very manual process, until now. With Datadog and Snyk, learn how to trace security and performance issues by leveraging continuous profiling capabilities for actionable insight that help developers remediate problems. Join us on Thursday, January 21 for a unique opportunity to learn more about continuous profiling, vulnerability management, and the benefit to customers from using both of these products. In this webinar, you will: Bust some myths around continuous profiling and learn how Datadog differentiates itself See decorated traces in action for sample Java applications and understand how Snyk + Datadog reduce time to triage supply chain vulnerabilities Learn roadmap information for upcoming public announcements from both partners

Similar to Securing containers by Breaking In - Liran Tal - DevSecCon Tel Aviv 2019 (20)

The State of Open Source Security - Liran Tal - 2019 NodeJS+Interactive Montreal

Snyk Intro - Developer Security Essentials 2022

stackconf 2021 | Continuous Security – integrating security into your pipelines

apidays LIVE Singapore 2021 - Securing the Open Source supply chain by Liran ...

Security in a containerized world - Jessie Frazelle

Security Patterns for Microservice Architectures - Oktane20

Security Patterns for Microservice Architectures - London Java Community 2020

Security Patterns for Microservice Architectures

Security Patterns for Microservice Architectures - SpringOne 2020

Black Clouds and Silver Linings in Node.js Security - Liran Tal Snyk OWASP Gl...

Security Patterns for Microservice Architectures - ADTMag Microservices & API...

Continuous (Non)-Functional Testing of Microservices on k8s

Cover Your Apps While Still Using npm

Liran Tal - StrangerDanger - Finding Security Vulnerabilities Before They Fin...

Continuous (Non-)Functional Testing of Microservices on K8s

Liran tal Stranger Danger Security vulnerabilities - Negev Web Developers mee...

The 7 characteristics of container native infrastructure, LinuxCon/ContainerC...

Hardening Your CI/CD Pipelines with GitOps and Continuous Security

AWS live hack: Docker + Snyk Container on AWS

Next Generation Vulnerability Assessment Using Datadog and Snyk

Recently uploaded

ppt on the brain chip neuralink.pptx

Reetu63

Preparing Non - Technical Founders for Engaging a Tech Agency

ISH Technologies

Preparing non-technical founders before engaging a tech agency is crucial for the success of their projects. It starts with clearly defining their vision and goals, conducting thorough market research, and gaining a basic understanding of relevant technologies. Setting realistic expectations and preparing a detailed project brief are essential steps. Founders should select a tech agency with a proven track record and establish clear communication channels. Additionally, addressing legal and contractual considerations and planning for post-launch support are vital to ensure a smooth and successful collaboration. This preparation empowers non-technical founders to effectively communicate their needs and work seamlessly with their chosen tech agency.Visit our site to get more details about this. Contact us today www.ishtechnologies.com.au

Using Query Store in Azure PostgreSQL to Understand Query Performance

Grant Fritchey

UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem

Peter Muessig

Malibou Pitch Deck For Its €3M Seed Round

sjcobrien

What’s New in Odoo 17 – A Complete Roadmap

Envertis Software Solutions

Odoo releases a new update every year. The latest version, Odoo 17, came out in October 2023. It brought many improvements to the user interface and user experience, along with new features in modules like accounting, marketing, manufacturing, websites, and more. The Odoo 17 update has been a hot topic among startups, mid-sized businesses, large enterprises, and Odoo developers aiming to grow their businesses. Since it is now already the first quarter of 2024, you must have a clear idea of what Odoo 17 entails and what it can offer your business if you are still not aware of it. This blog covers the features and functionalities. Explore the entire blog and get in touch with expert Odoo ERP consultants to leverage Odoo 17 and its features for your business too. An Overview of Odoo ERP Odoo ERP was first released as OpenERP software in February 2005. It is a suite of business applications used for ERP, CRM, eCommerce, websites, and project management. Ten years ago, the Odoo Enterprise edition was launched to help fund the Odoo Community version. When you compare Odoo Community and Enterprise, the Enterprise edition offers exclusive features like mobile app access, Odoo Studio customisation, Odoo hosting, and unlimited functional support. Today, Odoo is a well-known name used by companies of all sizes across various industries, including manufacturing, retail, accounting, marketing, healthcare, IT consulting, and R&D. The latest version, Odoo 17, has been available since October 2023. Key highlights of this update include: Enhanced user experience with improvements to the command bar, faster backend page loading, and multiple dashboard views. Instant report generation, credit limit alerts for sales and invoices, separate OCR settings for invoice creation, and an auto-complete feature for forms in the accounting module. Improved image handling and global attribute changes for mailing lists in email marketing. A default auto-signature option and a refuse-to-sign option in HR modules. Options to divide and merge manufacturing orders, track the status of manufacturing orders, and more in the MRP module. Dark mode in Odoo 17. Now that the Odoo 17 announcement is official, let’s look at what’s new in Odoo 17! What is Odoo ERP 17? Odoo 17 is the latest version of one of the world’s leading open-source enterprise ERPs. This version has come up with significant improvements explained here in this blog. Also, this new version aims to introduce features that enhance time-saving, efficiency, and productivity for users across various organisations. Odoo 17, released at the Odoo Experience 2023, brought notable improvements to the user interface and added new functionalities with enhancements in performance, accessibility, data analysis, and management, further expanding its reach in the market.

Unveiling the Advantages of Agile Software Development.pdf

brainerhub1

DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS

Tier1 app

Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!

Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf

VALiNTRY360

Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems. For more info visit us https://valintry360.com/solutions/health-life-sciences

8 Best Automated Android App Testing Tool and Framework in 2024.pdf

kalichargn70th171

Quarter 3 SLRP grade 9.. gshajsbhhaheabh

aisafed42

KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD

rodomar2

Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...

Paul Brebner

Closing talk for the Performance Engineering track at Community Over Code EU (Bratislava, Slovakia, June 5 2024) https://eu.communityovercode.org/sessions/2024/why-apache-kafka-clusters-are-like-galaxies-and-other-cosmic-kafka-quandaries-explored/ Instaclustr (now part of NetApp) manages 100s of Apache Kafka clusters of many different sizes, for a variety of use cases and customers. For the last 7 years I’ve been focused outwardly on exploring Kafka application development challenges, but recently I decided to look inward and see what I could discover about the performance, scalability and resource characteristics of the Kafka clusters themselves. Using a suite of Performance Engineering techniques, I will reveal some surprising discoveries about cosmic Kafka mysteries in our data centres, related to: cluster sizes and distribution (using Zipf’s Law), horizontal vs. vertical scalability, and predicting Kafka performance using metrics, modelling and regression techniques. These insights are relevant to Kafka developers and operators.

Oracle Database 19c New Features for DBAs and Developers.pptx

Remote DBA Services

Webinar On-Demand: Using Flutter for Embedded

ICS

Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies

Quickdice ERP

Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx

ervikas4

J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...

Bert Jan Schrijver

Mobile App Development Company In Noida | Drona Infotech

Drona Infotech

Enhanced Screen Flows UI/UX using SLDS with Tom Kitt

Peter Caitens

Recently uploaded (20)

ppt on the brain chip neuralink.pptx

Preparing Non - Technical Founders for Engaging a Tech Agency

Using Query Store in Azure PostgreSQL to Understand Query Performance

UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem

Malibou Pitch Deck For Its €3M Seed Round

What’s New in Odoo 17 – A Complete Roadmap

Unveiling the Advantages of Agile Software Development.pdf

DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS

Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf

8 Best Automated Android App Testing Tool and Framework in 2024.pdf

Quarter 3 SLRP grade 9.. gshajsbhhaheabh

KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD

Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...

Oracle Database 19c New Features for DBAs and Developers.pptx

Webinar On-Demand: Using Flutter for Embedded

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies

Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx

J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...

Mobile App Development Company In Noida | Drona Infotech

Enhanced Screen Flows UI/UX using SLDS with Tom Kitt