SlideShare a Scribd company logo

Solving trust issues at scale

Download as PPTX, PDF
Soluto
Soluto

Micro-services are social beings: they can’t function without talking with other services. Every microservice has its own domain, and it usually relies on other micro-services to function properly. But this also raises an interesting question: do we trust all of our micro-services? The truth is that not all micro-services are the same: some micro-services are more sensitive - for example, services that handle user data. Others are user-facing and therefore riskier. We cannot treat all services as equal. We need a good and robust mechanism to describe who can talk with who. At Soluto, we are dealing with this challenge for a while. In this talk, I’ll share the journey we went through until we found a solution we’re happy with: a simple and declarative system that allows services to define who can access them. Any dev can request access to any service, and the service owner can review it. In talk, I’ll share how we build this solution, using open source tools like Open Policy Agent, so you can easily build something similar.

Technology
1 of 69
Solving Trust Issues At Scale Building an Authorization System that Devs Don’t Hate @omerlh
@omerlh
@omerlh
Incident Response @omerlh
Lesson Learned • Automatic Detection (GitGurdian) • Harden Authorization System • Better audit logs • Who used this token? • Who created it and why? @omerlh
I’m a builder @omerlh
DevSecOps @ @omerlh
@omerlh
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
The Authorization Problem @omerlh
The Fort Approach @omerlh
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
One horse can take down our fort... @omerlh
Let’s talk about blast radius • One vulnerable service affects all the other • Ensuring all services are trust worthy is impossible • We must narrow the blast radius @omerlh
A Zero-Trust Approach @omerlh
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
The Ideal System Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service • Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
@omerlh
Let’s Build it! @omerlh
High Level Overview AppIncoming request Collect decision logs Get bundlesPublish bundle Is Authorized? @omerlh
Zooming In App @omerlh
Envoy Proxy • A CNCF project • Authentication and Authorization filters • Run as side car on the pod • No code changes required @omerlh
@omerlh
@omerlh
@omerlh
@omerlh
Meet Open Policy Agent • An open source policy system • Author policies using Rego DSL • Built-in Envoy integration • A CNCF project @omerlh
Demo Time! @omerlh
The Candies Problem @omerlh
Envoy + OPA = KISS @omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
Done? Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service • Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
Wait, all devs need to learn Rego? @omerlh
Using data for abstraction • Policies can load data from JSON/YAML • Author generic policies • Devs just needs to fill the input @omerlh
@omerlh
@omerlh
@omerlh
Building our policies • A common policy, maintained by the security team • Including unit tests! • Each service has it’s own data file • Permission request is just a PR • Built in audit and review features @omerlh
@omerlh An Example PR
@omerlh Permissions Request PR
Done? Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service • Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
Loading Policies • Bundles are policies archive • Hot bundle loading • Dynamic bundle discovery @omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
@omerlh
What about logging? • OPA log each decision into decision logs • Can be used for debug and audit purposes • Support redacting for sensitive input • Collect with fluentd/Loki @omerlh
@omerlh
Putting it all together AppIncoming request Collect decision logs Get bundlesPublish bundle Is Authorized? @omerlh
Done? Least Privilege • Just the permissions required Secure by Default • Zero permissions by default Self Service Minimize the impact on development speed Scale • Hundred of micro-services to manage @omerlh
Everything come with a price… • OPA/Envoy running as side-car • Resource usage costs per pod • A bug in OPA/Envoy has serious implication @omerlh
How can I build it? • Fork the GitHub repo - https://github.com/omerlh/opa-demo • Follow the readme • Reach out with questions  @omerlh
Wrapping Up @omerlh Wrapping Up @omerlh
Registration Authentication Analytics Messages Content Notifications Users API @omerlh
Going Forward • Improved Visibility • More Complex Policies • Expend adoption @omerlh
Lesson Learned • Automatic Detection (GitGurdian) • Harden Authorization System • Better audit logs • Who used this token? • Who created it and why? @omerlh
Feedback appreciated @omerlh
Questions? @omerlh
@omerlh Enable Devs to Move Faster and Safer
Thank You @omerlh
Resources • OPA-Envoy integration • Envoy JWT authentication • GitHub demo repo @omerlh

Recommended

Solving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSolving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec California
Soluto
 
Nordstrom Data Lab Recommendo API with Node.js
Nordstrom Data Lab Recommendo API with Node.jsNordstrom Data Lab Recommendo API with Node.js
Nordstrom Data Lab Recommendo API with Node.jsDavid Von Lehman
 
Micro Services - Small is Beautiful
Micro Services - Small is BeautifulMicro Services - Small is Beautiful
Micro Services - Small is Beautiful
Eberhard Wolff
 
AWS Meetup - Nordstrom Data Lab and the AWS Cloud
AWS Meetup - Nordstrom Data Lab and the AWS CloudAWS Meetup - Nordstrom Data Lab and the AWS Cloud
AWS Meetup - Nordstrom Data Lab and the AWS Cloud
NordstromDataLab
 
Microservice - All is Small, All is Well?
Microservice - All is Small, All is Well?Microservice - All is Small, All is Well?
Microservice - All is Small, All is Well?
Eberhard Wolff
 
Continuous Delivery and Micro Services - A Symbiosis
Continuous Delivery and Micro Services - A SymbiosisContinuous Delivery and Micro Services - A Symbiosis
Continuous Delivery and Micro Services - A Symbiosis
Eberhard Wolff
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
 
Micro Service – The New Architecture Paradigm
Micro Service – The New Architecture ParadigmMicro Service – The New Architecture Paradigm
Micro Service – The New Architecture Paradigm
Eberhard Wolff
 

Recommended

Solving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec CaliforniaSolving trust issues at scale - AppSec California
Solving trust issues at scale - AppSec California
Soluto
 
Nordstrom Data Lab Recommendo API with Node.js
Nordstrom Data Lab Recommendo API with Node.jsNordstrom Data Lab Recommendo API with Node.js
Nordstrom Data Lab Recommendo API with Node.jsDavid Von Lehman
 
Micro Services - Small is Beautiful
Micro Services - Small is BeautifulMicro Services - Small is Beautiful
Micro Services - Small is Beautiful
Eberhard Wolff
 
AWS Meetup - Nordstrom Data Lab and the AWS Cloud
AWS Meetup - Nordstrom Data Lab and the AWS CloudAWS Meetup - Nordstrom Data Lab and the AWS Cloud
AWS Meetup - Nordstrom Data Lab and the AWS Cloud
NordstromDataLab
 
Microservice - All is Small, All is Well?
Microservice - All is Small, All is Well?Microservice - All is Small, All is Well?
Microservice - All is Small, All is Well?
Eberhard Wolff
 
Continuous Delivery and Micro Services - A Symbiosis
Continuous Delivery and Micro Services - A SymbiosisContinuous Delivery and Micro Services - A Symbiosis
Continuous Delivery and Micro Services - A Symbiosis
Eberhard Wolff
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
 
Micro Service – The New Architecture Paradigm
Micro Service – The New Architecture ParadigmMicro Service – The New Architecture Paradigm
Micro Service – The New Architecture Paradigm
Eberhard Wolff
 
Serverless Code Deployments in AWS
Serverless Code Deployments in AWSServerless Code Deployments in AWS
Serverless Code Deployments in AWS
Marko Tomic
 
IaC? VSTS to the rescue! Abbreviations explained
IaC? VSTS to the rescue! Abbreviations explainedIaC? VSTS to the rescue! Abbreviations explained
IaC? VSTS to the rescue! Abbreviations explained
Jeroen Niesen
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
Jason Chan
 
Micro Services - Neither Micro Nor Service
Micro Services - Neither Micro Nor ServiceMicro Services - Neither Micro Nor Service
Micro Services - Neither Micro Nor Service
Eberhard Wolff
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Traffic Control with Envoy Proxy
Traffic Control with Envoy ProxyTraffic Control with Envoy Proxy
Traffic Control with Envoy Proxy
Mark McBride
 
Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Lucidworks
 
Spinnaker Microsrvices
Spinnaker MicrosrvicesSpinnaker Microsrvices
Spinnaker Microsrvices
Ambassador Labs
 
Legacy Sins
Legacy SinsLegacy Sins
Legacy Sins
Eberhard Wolff
 
Improving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the CloudImproving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the Cloud
Michalis Zervos
 
Micro Services - Smaller is Better?
Micro Services - Smaller is Better?Micro Services - Smaller is Better?
Micro Services - Smaller is Better?
Eberhard Wolff
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
Chad Green
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
Tom Cappetta
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
Taswar Bhatti
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
 
DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017
James Strong
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Nils Meder
 
Developing Resilient Cloud Native Apps with Spring Cloud
Developing Resilient Cloud Native Apps with Spring CloudDeveloping Resilient Cloud Native Apps with Spring Cloud
Developing Resilient Cloud Native Apps with Spring Cloud
Dustin Ruehle
 
Automic Support Tips and Tricks
Automic Support Tips and TricksAutomic Support Tips and Tricks
Automic Support Tips and Tricks
CA | Automic Software
 
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Amazon Web Services
 

More Related Content

What's hot

Serverless Code Deployments in AWS
Serverless Code Deployments in AWSServerless Code Deployments in AWS
Serverless Code Deployments in AWS
Marko Tomic
 
IaC? VSTS to the rescue! Abbreviations explained
IaC? VSTS to the rescue! Abbreviations explainedIaC? VSTS to the rescue! Abbreviations explained
IaC? VSTS to the rescue! Abbreviations explained
Jeroen Niesen
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
Jason Chan
 
Micro Services - Neither Micro Nor Service
Micro Services - Neither Micro Nor ServiceMicro Services - Neither Micro Nor Service
Micro Services - Neither Micro Nor Service
Eberhard Wolff
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Traffic Control with Envoy Proxy
Traffic Control with Envoy ProxyTraffic Control with Envoy Proxy
Traffic Control with Envoy Proxy
Mark McBride
 
Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Lucidworks
 
Spinnaker Microsrvices
Spinnaker MicrosrvicesSpinnaker Microsrvices
Spinnaker Microsrvices
Ambassador Labs
 
Legacy Sins
Legacy SinsLegacy Sins
Legacy Sins
Eberhard Wolff
 
Improving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the CloudImproving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the Cloud
Michalis Zervos
 
Micro Services - Smaller is Better?
Micro Services - Smaller is Better?Micro Services - Smaller is Better?
Micro Services - Smaller is Better?
Eberhard Wolff
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
Chad Green
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
Tom Cappetta
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
Taswar Bhatti
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
Ed Bellis
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
Jason Chan
 
DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017
James Strong
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Nils Meder
 
Developing Resilient Cloud Native Apps with Spring Cloud
Developing Resilient Cloud Native Apps with Spring CloudDeveloping Resilient Cloud Native Apps with Spring Cloud
Developing Resilient Cloud Native Apps with Spring Cloud
Dustin Ruehle
 

What's hot (20)

Serverless Code Deployments in AWS
Serverless Code Deployments in AWSServerless Code Deployments in AWS
Serverless Code Deployments in AWS
 
IaC? VSTS to the rescue! Abbreviations explained
IaC? VSTS to the rescue! Abbreviations explainedIaC? VSTS to the rescue! Abbreviations explained
IaC? VSTS to the rescue! Abbreviations explained
 
Careers in Security
Careers in SecurityCareers in Security
Careers in Security
 
Micro Services - Neither Micro Nor Service
Micro Services - Neither Micro Nor ServiceMicro Services - Neither Micro Nor Service
Micro Services - Neither Micro Nor Service
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application Security
 
Traffic Control with Envoy Proxy
Traffic Control with Envoy ProxyTraffic Control with Envoy Proxy
Traffic Control with Envoy Proxy
 
Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5 Webinar: Inside Apache Solr 5
Webinar: Inside Apache Solr 5
 
Spinnaker Microsrvices
Spinnaker MicrosrvicesSpinnaker Microsrvices
Spinnaker Microsrvices
 
Legacy Sins
Legacy SinsLegacy Sins
Legacy Sins
 
Improving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the CloudImproving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the Cloud
 
Micro Services - Smaller is Better?
Micro Services - Smaller is Better?Micro Services - Smaller is Better?
Micro Services - Smaller is Better?
 
From Zero to Serverless
From Zero to ServerlessFrom Zero to Serverless
From Zero to Serverless
 
Embracing the Rise of SecDevOps
Embracing the Rise of SecDevOpsEmbracing the Rise of SecDevOps
Embracing the Rise of SecDevOps
 
Managing your secrets in a cloud environment
Managing your secrets in a cloud environmentManaging your secrets in a cloud environment
Managing your secrets in a cloud environment
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Security as Code: DOES15
Security as Code: DOES15Security as Code: DOES15
Security as Code: DOES15
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
 
DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017DevOps and AWS - Code PaLOUsa 2017
DevOps and AWS - Code PaLOUsa 2017
 
Principles Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering HamburgPrinciples Of Chaos Engineering - Chaos Engineering Hamburg
Principles Of Chaos Engineering - Chaos Engineering Hamburg
 
Developing Resilient Cloud Native Apps with Spring Cloud
Developing Resilient Cloud Native Apps with Spring CloudDeveloping Resilient Cloud Native Apps with Spring Cloud
Developing Resilient Cloud Native Apps with Spring Cloud
 

Similar to Solving trust issues at scale

Automic Support Tips and Tricks
Automic Support Tips and TricksAutomic Support Tips and Tricks
Automic Support Tips and Tricks
CA | Automic Software
 
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Amazon Web Services
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
Karl Ots
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat Detection
AlienVault
 
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themIT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid them
Karl Ots
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
DianaGray10
 
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxObservability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Magnus Johansson
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018
Taswar Bhatti
 
Leandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & RightLeandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & Right
Neotys_Partner
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
Michael Gough
 
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themDevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid them
Karl Ots
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
Karl Ots
 
Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015
Sumo Logic
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Security at Greenhouse
Security at GreenhouseSecurity at Greenhouse
Security at Greenhouse
Michael O'Neil
 
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
Amazon Web Services
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
Taswar Bhatti
 
From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)
Chad Green
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
Amazon Web Services
 

Similar to Solving trust issues at scale (20)

Automic Support Tips and Tricks
Automic Support Tips and TricksAutomic Support Tips and Tricks
Automic Support Tips and Tricks
 
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
Using AWS to Build a Scalable Big Data Management & Processing Service (BDT40...
 
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid themUpdateConf 2018: Top 18 Azure security fails and how to avoid them
UpdateConf 2018: Top 18 Azure security fails and how to avoid them
 
How to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat DetectionHow to Leverage Log Data for Effective Threat Detection
How to Leverage Log Data for Effective Threat Detection
 
IT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid themIT Camp 19: Top Azure security fails and how to avoid them
IT Camp 19: Top Azure security fails and how to avoid them
 
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
Efficiencies in RPA with UiPath and CyberArk Technologies - Session 2
 
Observability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptxObservability - Stockholm Splunk UG Jan 19 2023.pptx
Observability - Stockholm Splunk UG Jan 19 2023.pptx
 
8 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 20188 cloud design patterns you ought to know - Update Conference 2018
8 cloud design patterns you ought to know - Update Conference 2018
 
Leandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & RightLeandro Melendez - Switching Performance Left & Right
Leandro Melendez - Switching Performance Left & Right
 
When Security Tools Fail You
When Security Tools Fail YouWhen Security Tools Fail You
When Security Tools Fail You
 
DevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid themDevSum - Top Azure security fails and how to avoid them
DevSum - Top Azure security fails and how to avoid them
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015Can you process 10 trillion logs per day software architecture conference 2015
Can you process 10 trillion logs per day software architecture conference 2015
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Security at Greenhouse
Security at GreenhouseSecurity at Greenhouse
Security at Greenhouse
 
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
How Greenhouse Software Unlocked the Power of Machine Data Analytics with Sum...
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
 
Cloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong CodeaholicsCloud Design Patterns - Hong Kong Codeaholics
Cloud Design Patterns - Hong Kong Codeaholics
 
From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)From Zero to Serverless (CoderCruise 2018)
From Zero to Serverless (CoderCruise 2018)
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 

More from Soluto

Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi Hevroni
Soluto
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Soluto
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?
Soluto
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of Monitoring
Soluto
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FED
Soluto
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlin
Soluto
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?
Soluto
 
Kamus intro
Kamus introKamus intro
Kamus intro
Soluto
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your Pipeline
Soluto
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to Hooks
Soluto
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018
Soluto
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversim
Soluto
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!
Soluto
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized Applications
Soluto
 
Owasp glue
Owasp glueOwasp glue
Owasp glue
Soluto
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentd
Soluto
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a pro
Soluto
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshare
Soluto
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
Soluto
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetup
Soluto
 

More from Soluto (20)

Things I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi HevroniThings I wish someone had told me about Istio, Omer Levi Hevroni
Things I wish someone had told me about Istio, Omer Levi Hevroni
 
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec WebinarCan Kubernetes Keep a Secret? - Women in AppSec Webinar
Can Kubernetes Keep a Secret? - Women in AppSec Webinar
 
FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?FTRD - Can Kubernetes Keep a Secret?
FTRD - Can Kubernetes Keep a Secret?
 
The Dark Side of Monitoring
The Dark Side of MonitoringThe Dark Side of Monitoring
The Dark Side of Monitoring
 
Hacking like a FED
Hacking like a FEDHacking like a FED
Hacking like a FED
 
Monitoria@Icinga camp berlin
Monitoria@Icinga camp berlinMonitoria@Icinga camp berlin
Monitoria@Icinga camp berlin
 
Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?Can Kubernetes Keep a Secret?
Can Kubernetes Keep a Secret?
 
Kamus intro
Kamus introKamus intro
Kamus intro
 
Secure Your Pipeline
Secure Your PipelineSecure Your Pipeline
Secure Your Pipeline
 
React new features and intro to Hooks
React new features and intro to HooksReact new features and intro to Hooks
React new features and intro to Hooks
 
Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018Secure the Pipeline - OWASP Poland Day 2018
Secure the Pipeline - OWASP Poland Day 2018
 
Monitoria@reversim
Monitoria@reversimMonitoria@reversim
Monitoria@reversim
 
Languages don't matter anymore!
Languages don't matter anymore!Languages don't matter anymore!
Languages don't matter anymore!
 
Security Testing for Containerized Applications
Security Testing for Containerized ApplicationsSecurity Testing for Containerized Applications
Security Testing for Containerized Applications
 
Owasp glue
Owasp glueOwasp glue
Owasp glue
 
Unify logz with fluentd
Unify logz with fluentdUnify logz with fluentd
Unify logz with fluentd
 
Storing data in Redis like a pro
Storing data in Redis like a proStoring data in Redis like a pro
Storing data in Redis like a pro
 
Monitor all the thingz slideshare
Monitor all the thingz slideshareMonitor all the thingz slideshare
Monitor all the thingz slideshare
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
 
Authentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetupAuthentication without Authentication - Peerlyst meetup
Authentication without Authentication - Peerlyst meetup
 

Recently uploaded

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 

Recently uploaded (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 

Solving trust issues at scale

Editor's Notes

  1. I’m a builder, this is what I love doing and doing it from a really early age Doing it professionally for the last 8 years I’m from Israel, married etc Who else is a builder? This talk is for you!
  2. Today I’m working at Soluto, our missing is to help people with their technology My job is DevSecOps, or as I see it - helping the entire team to build a more secure software I’m achieving it via many approaches, including education, reviewing and threat modeling – but what I love the most is threat modeling