SlideShare a Scribd company logo

Solving trust issues at scale - AppSec California

Download as PPTX, PDF
Soluto
Soluto

The document discusses building an authorization system for microservices that developers find easy to use. It proposes using Envoy proxies and Open Policy Agent (OPA) to enforce least privilege access policies. OPA policies can be written and managed separately from code. Logging and testing tools are also discussed. The system aims to provide secure defaults, scale to many services, and minimize impact on development speed. An example demonstration of the system enforcing candy access policies is shown.

Technology
1 of 79
Solving Trust Issues At Scale Building an Authorization System that Devs Don’t Hate @omerlh AppSec California January 2020
@omerlh
@omerlh
@omerlh
Incident Response @omerlh
Post-Mortem • Automatic Detection (GitGurdian) • Harden Authorization System • Better audit logs • Who used this token? • Who created it and why? @omerlh
I’m a builder @omerlh
DevSecOps @ @omerlh
@omerlhhttps://www.asurion.com/
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
The Authorization Problem @omerlh
The Fort Approach @omerlh
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
One horse can take down our fort... @omerlh
Let’s talk about blast radius • One vulnerable service affects all the other • Ensuring all services are trust worthy is impossible • We must narrow the blast radius @omerlh
A Zero-Trust Approach @omerlh
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
The Ideal System Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service • Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
@omerlh
Let’s Build it! @omerlh
High Level Overview AppIncoming request Collect decision logs Get bundlesPublish bundle Is Authorized? @omerlh
Zooming In App @omerlh
Envoy Proxy • A CNCF project • Authentication and Authorization filters • Run as side car on the pod • No code changes required @omerlh
@omerlh Envoy Request Filters
@omerlh
@omerlh
@omerlh
@omerlh
Meet Open Policy Agent • An open source policy system • Author policies using Rego DSL • Built-in Envoy integration • A CNCF project @omerlh
Demo Time! @omerlh
The Candies Problem @omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
Done? Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service • Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
Wait, all devs need to learn Rego? @omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh Shared Policies Service Specific Discovery
Mono repo? @omerlh Centralized Distributed Governing Easy Complex Access Request One place Multiple repos Service owner Policies separated from code Policies with code
@omerlh An Example PR
@omerlh Permissions Request PR
Done? Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service • Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
@omerlh Shared Policies Service Specific Discovery
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
What about logging? • OPA log each decision into decision logs • Can be used for debug and audit purposes • Support redacting for sensitive input • Collect with Fluentd/Loki @omerlh
@omerlh
Putting it all together AppIncoming request Collect decision logs Get bundlesPublish bundle Is Authorized? @omerlh
Done? Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
What About Testing? @omerlh
@omerlh
@omerlh
@omerlh An Example PR
A really complex system… AppIncoming request Collect decision logs Get bundlesPublish bundle Is Authorized? @omerlh
Testing in Production • Using Zap Operator • Inspect production traffic • Run passive checks • Waiting for the JWT Fuzzer @omerlh
@omerlh
Done? Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
Not everything is perfect • OPA/Envoy running as side-car • Resource usage costs per pod • A bug in OPA/Envoy has serious implication @omerlh
How can I use it? • Fork the GitHub repo - https://github.com/omerlh/opa-demo • Follow the readme • Reach out with questions  @omerlh
Wrapping Up @omerlh Wrapping Up @omerlh
Post-Mortem • Automatic Detection • Harden Authorization System • Better audit logs @omerlh
Going Forward • Improved Visibility • More Complex Policies • Expend adoption @omerlh
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
Questions? @omerlh
Feedback appreciated @omerlh
@omerlh Enable Devs to Move Faster and Safer
Thank You @omerlh
Resources • OPA-Envoy integration • Envoy JWT authentication • GitHub demo repo • Zap Operator • Solving Trust Issues at Scale @omerlh

Recommended

Solving trust issues at scale
Solving trust issues at scaleSolving trust issues at scale
Solving trust issues at scale
Soluto
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development
3scale
 
Monitoring your API
Monitoring your APIMonitoring your API
Monitoring your API
Andrés F Vargas
 
When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...
When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...
When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...
Karl Ots
 
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Metrics Driven DevOps - Automate Scalability and Performance Into your PipelineMetrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Andreas Grabner
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure MonitoringFAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
Karl Ots
 
I Don't Test Often ...
I Don't Test Often ...I Don't Test Often ...
I Don't Test Often ...
Gareth Bowles
 
Metrics-driven Continuous Delivery
Metrics-driven Continuous DeliveryMetrics-driven Continuous Delivery
Metrics-driven Continuous Delivery
Andrew Phillips
 

Recommended

Solving trust issues at scale
Solving trust issues at scaleSolving trust issues at scale
Solving trust issues at scale
Soluto
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development
3scale
 
Monitoring your API
Monitoring your APIMonitoring your API
Monitoring your API
Andrés F Vargas
 
When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...
When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...
When PaaS hits the fan: monitoring advanced Azure PaaS workloads in an enterp...
Karl Ots
 
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Metrics Driven DevOps - Automate Scalability and Performance Into your PipelineMetrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Metrics Driven DevOps - Automate Scalability and Performance Into your Pipeline
Andreas Grabner
 
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure MonitoringFAUG Jyväskylä 28.5.2019 - Azure Monitoring
FAUG Jyväskylä 28.5.2019 - Azure Monitoring
Karl Ots
 
I Don't Test Often ...
I Don't Test Often ...I Don't Test Often ...
I Don't Test Often ...
Gareth Bowles
 
Metrics-driven Continuous Delivery
Metrics-driven Continuous DeliveryMetrics-driven Continuous Delivery
Metrics-driven Continuous Delivery
Andrew Phillips
 
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Karl Ots
 
Android CD
Android CDAndroid CD
Android CD
Eugen Martynov
 
Cloud Platforms for Java
Cloud Platforms for JavaCloud Platforms for Java
Cloud Platforms for Java
3Pillar Global
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPDAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAP
srini0x00
 
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015 Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Ariel Tseitlin
 
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce LabsSimplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
Sauce Labs
 
(SPOT302) Availability: The New Kind of Innovator’s Dilemma
(SPOT302) Availability: The New Kind of Innovator’s Dilemma(SPOT302) Availability: The New Kind of Innovator’s Dilemma
(SPOT302) Availability: The New Kind of Innovator’s Dilemma
Amazon Web Services
 
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Mike Villiger
 
Automated Performance Testing for Desktop Applications by Ciprian Balea
Automated Performance Testing for Desktop Applications by Ciprian BaleaAutomated Performance Testing for Desktop Applications by Ciprian Balea
Automated Performance Testing for Desktop Applications by Ciprian Balea
3Pillar Global
 
Adopting a security attitude in DevOps via DevOpsSec
Adopting a security attitude in DevOps via DevOpsSecAdopting a security attitude in DevOps via DevOpsSec
Adopting a security attitude in DevOps via DevOpsSec
Tapabrata Pal
 
OOP 2016 - Building Software That Eats The World
OOP 2016 - Building Software That Eats The WorldOOP 2016 - Building Software That Eats The World
OOP 2016 - Building Software That Eats The World
Andreas Grabner
 
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code DeploysDevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
Andreas Grabner
 
DevOps Pipelines and Metrics Driven Feedback Loops
DevOps Pipelines and Metrics Driven Feedback LoopsDevOps Pipelines and Metrics Driven Feedback Loops
DevOps Pipelines and Metrics Driven Feedback Loops
Andreas Grabner
 
Continuous Delivery in the Cloud with Bitbucket Pipelines
Continuous Delivery in the Cloud with Bitbucket PipelinesContinuous Delivery in the Cloud with Bitbucket Pipelines
Continuous Delivery in the Cloud with Bitbucket Pipelines
Atlassian
 
Top Java Performance Problems and Metrics To Check in Your Pipeline
Top Java Performance Problems and Metrics To Check in Your PipelineTop Java Performance Problems and Metrics To Check in Your Pipeline
Top Java Performance Problems and Metrics To Check in Your Pipeline
Andreas Grabner
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Nils Meder
 
SevOne - Monitoring Enterprise Wireless
SevOne - Monitoring Enterprise WirelessSevOne - Monitoring Enterprise Wireless
SevOne - Monitoring Enterprise Wireless
SevOne
 
How to explain DevOps to your mom
How to explain DevOps to your momHow to explain DevOps to your mom
How to explain DevOps to your mom
Andreas Grabner
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 
Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%
TechWell
 
Solving trust issues at scale - Omer Levi Hevroni
Solving trust issues at scale - Omer Levi HevroniSolving trust issues at scale - Omer Levi Hevroni
Solving trust issues at scale - Omer Levi Hevroni
DevOpsDays Tel Aviv
 
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxObservability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Magnus Johansson
 

More Related Content

What's hot

Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Karl Ots
 
Android CD
Android CDAndroid CD
Android CD
Eugen Martynov
 
Cloud Platforms for Java
Cloud Platforms for JavaCloud Platforms for Java
Cloud Platforms for Java
3Pillar Global
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPDAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAP
srini0x00
 
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015 Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Ariel Tseitlin
 
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce LabsSimplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
Sauce Labs
 
(SPOT302) Availability: The New Kind of Innovator’s Dilemma
(SPOT302) Availability: The New Kind of Innovator’s Dilemma(SPOT302) Availability: The New Kind of Innovator’s Dilemma
(SPOT302) Availability: The New Kind of Innovator’s Dilemma
Amazon Web Services
 
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Mike Villiger
 
Automated Performance Testing for Desktop Applications by Ciprian Balea
Automated Performance Testing for Desktop Applications by Ciprian BaleaAutomated Performance Testing for Desktop Applications by Ciprian Balea
Automated Performance Testing for Desktop Applications by Ciprian Balea
3Pillar Global
 
Adopting a security attitude in DevOps via DevOpsSec
Adopting a security attitude in DevOps via DevOpsSecAdopting a security attitude in DevOps via DevOpsSec
Adopting a security attitude in DevOps via DevOpsSec
Tapabrata Pal
 
OOP 2016 - Building Software That Eats The World
OOP 2016 - Building Software That Eats The WorldOOP 2016 - Building Software That Eats The World
OOP 2016 - Building Software That Eats The World
Andreas Grabner
 
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code DeploysDevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
Andreas Grabner
 
DevOps Pipelines and Metrics Driven Feedback Loops
DevOps Pipelines and Metrics Driven Feedback LoopsDevOps Pipelines and Metrics Driven Feedback Loops
DevOps Pipelines and Metrics Driven Feedback Loops
Andreas Grabner
 
Continuous Delivery in the Cloud with Bitbucket Pipelines
Continuous Delivery in the Cloud with Bitbucket PipelinesContinuous Delivery in the Cloud with Bitbucket Pipelines
Continuous Delivery in the Cloud with Bitbucket Pipelines
Atlassian
 
Top Java Performance Problems and Metrics To Check in Your Pipeline
Top Java Performance Problems and Metrics To Check in Your PipelineTop Java Performance Problems and Metrics To Check in Your Pipeline
Top Java Performance Problems and Metrics To Check in Your Pipeline
Andreas Grabner
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Nils Meder
 
SevOne - Monitoring Enterprise Wireless
SevOne - Monitoring Enterprise WirelessSevOne - Monitoring Enterprise Wireless
SevOne - Monitoring Enterprise Wireless
SevOne
 
How to explain DevOps to your mom
How to explain DevOps to your momHow to explain DevOps to your mom
How to explain DevOps to your mom
Andreas Grabner
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 
Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%
TechWell
 

What's hot (20)

Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
Monitoring advanced Azure PaaS workloads in the enterprise - Level: 200
 
Android CD
Android CDAndroid CD
Android CD
 
Cloud Platforms for Java
Cloud Platforms for JavaCloud Platforms for Java
Cloud Platforms for Java
 
DAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAPDAST in CI/CD pipelines using Selenium & OWASP ZAP
DAST in CI/CD pipelines using Selenium & OWASP ZAP
 
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015 Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
Accelerating Innovation and Time-to-Market @ Camp Devops Houston 2015
 
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce LabsSimplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
 
(SPOT302) Availability: The New Kind of Innovator’s Dilemma
(SPOT302) Availability: The New Kind of Innovator’s Dilemma(SPOT302) Availability: The New Kind of Innovator’s Dilemma
(SPOT302) Availability: The New Kind of Innovator’s Dilemma
 
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
Performance Metrics Driven CI/CD - Introduction to Continuous Innovation and ...
 
Automated Performance Testing for Desktop Applications by Ciprian Balea
Automated Performance Testing for Desktop Applications by Ciprian BaleaAutomated Performance Testing for Desktop Applications by Ciprian Balea
Automated Performance Testing for Desktop Applications by Ciprian Balea
 
Adopting a security attitude in DevOps via DevOpsSec
Adopting a security attitude in DevOps via DevOpsSecAdopting a security attitude in DevOps via DevOpsSec
Adopting a security attitude in DevOps via DevOpsSec
 
OOP 2016 - Building Software That Eats The World
OOP 2016 - Building Software That Eats The WorldOOP 2016 - Building Software That Eats The World
OOP 2016 - Building Software That Eats The World
 
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code DeploysDevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
DevOps Days Toronto: From 6 Months Waterfall to 1 hour Code Deploys
 
DevOps Pipelines and Metrics Driven Feedback Loops
DevOps Pipelines and Metrics Driven Feedback LoopsDevOps Pipelines and Metrics Driven Feedback Loops
DevOps Pipelines and Metrics Driven Feedback Loops
 
Continuous Delivery in the Cloud with Bitbucket Pipelines
Continuous Delivery in the Cloud with Bitbucket PipelinesContinuous Delivery in the Cloud with Bitbucket Pipelines
Continuous Delivery in the Cloud with Bitbucket Pipelines
 
Top Java Performance Problems and Metrics To Check in Your Pipeline
Top Java Performance Problems and Metrics To Check in Your PipelineTop Java Performance Problems and Metrics To Check in Your Pipeline
Top Java Performance Problems and Metrics To Check in Your Pipeline
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering Hamburg
 
SevOne - Monitoring Enterprise Wireless
SevOne - Monitoring Enterprise WirelessSevOne - Monitoring Enterprise Wireless
SevOne - Monitoring Enterprise Wireless
 
How to explain DevOps to your mom
How to explain DevOps to your momHow to explain DevOps to your mom
How to explain DevOps to your mom
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%Reduce Test Automation Execution Time by 80%
Reduce Test Automation Execution Time by 80%
 

Similar to Solving trust issues at scale - AppSec California

Solving trust issues at scale - Omer Levi Hevroni
Solving trust issues at scale - Omer Levi HevroniSolving trust issues at scale - Omer Levi Hevroni
Solving trust issues at scale - Omer Levi Hevroni
DevOpsDays Tel Aviv
 
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxObservability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Magnus Johansson
 
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themIT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid them
Karl Ots
 
Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015
Sumo Logic
 
Automic Support Tips and Tricks
Automic Support Tips and TricksAutomic Support Tips and Tricks
Automic Support Tips and Tricks
CA | Automic Software
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
DianaGray10
 
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Amazon Web Services
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018
Taswar Bhatti
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat Detection
AlienVault
 
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themDevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid them
Karl Ots
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
DockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is DeadDockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is Dead
Kevin Crawley
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
Michael Gough
 
From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)
Chad Green
 
Leandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & RightLeandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & Right
Neotys_Partner
 
I don't always test...but when I do I test in production - Gareth Bowles
I don't always test...but when I do I test in production - Gareth BowlesI don't always test...but when I do I test in production - Gareth Bowles
I don't always test...but when I do I test in production - Gareth Bowles
QA or the Highway
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of Ops
Tyler Treat
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
Taswar Bhatti
 
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Amazon Web Services
 

Similar to Solving trust issues at scale - AppSec California (20)

Solving trust issues at scale - Omer Levi Hevroni
Solving trust issues at scale - Omer Levi HevroniSolving trust issues at scale - Omer Levi Hevroni
Solving trust issues at scale - Omer Levi Hevroni
 
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxObservability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptx
 
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themIT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid them
 
Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015
 
Automic Support Tips and Tricks
Automic Support Tips and TricksAutomic Support Tips and Tricks
Automic Support Tips and Tricks
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
 
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat Detection
 
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themDevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid them
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
 
DockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is DeadDockerCon SF 2019 - TDD is Dead
DockerCon SF 2019 - TDD is Dead
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
 
From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)
 
Leandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & RightLeandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & Right
 
I don't always test...but when I do I test in production - Gareth Bowles
I don't always test...but when I do I test in production - Gareth BowlesI don't always test...but when I do I test in production - Gareth Bowles
I don't always test...but when I do I test in production - Gareth Bowles
 
The Future of Ops
The Future of OpsThe Future of Ops
The Future of Ops
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
 
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
 

More from Soluto

Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi Hevroni
Soluto
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Soluto
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?
Soluto
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of Monitoring
Soluto
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FED
Soluto
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlin
Soluto
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?
Soluto
 
Kamus intro
Kamus introKamus intro
Kamus intro
Soluto
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your Pipeline
Soluto
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to Hooks
Soluto
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018
Soluto
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversim
Soluto
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!
Soluto
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized Applications
Soluto
 
Owasp glue
Owasp glueOwasp glue
Owasp glue
Soluto
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentd
Soluto
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a pro
Soluto
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshare
Soluto
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
Soluto
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetup
Soluto
 

More from Soluto (20)

Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi Hevroni
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of Monitoring
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FED
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlin
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?
 
Kamus intro
Kamus introKamus intro
Kamus intro
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your Pipeline
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to Hooks
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversim
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized Applications
 
Owasp glue
Owasp glueOwasp glue
Owasp glue
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentd
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a pro
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshare
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetup
 

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 

Solving trust issues at scale - AppSec California

Editor's Notes

  1. I’m a builder, this is what I love doing and doing it from a really early age Doing it professionally for the last 8 years I’m from Israel, married etc Who else is a builder? This talk is for you!
  2. Today I’m working at Soluto, our missing is to help people with their technology My job is DevSecOps, or as I see it - helping the entire team to build a more secure software I’m achieving it via many approaches, including education, reviewing and threat modeling – but what I love the most is threat modeling