In this talk Angel will discuss common obstacles in securing applications, CI/CD pipelines & protecting sensitive access to integration targets. Attendees will learn strategies to secure apps, sensitive data, integration points and improving pipeline security postures.
Until now, you could define seccomp policies in Kubernetes to allow or deny system calls but not much more. The new Seccomp Notify feature in Linux 5.9 will enable more complex policies and the ability to write your own agents to handle new use cases in Kubernetes.
In the ever-changing world of cybersecurity, threats to Kubernetes also remain ever-changing, and one of the biggest challenges of managing security in Kubernetes is being updated to those threats. Often times, the knowledge that we think we have about existing CVEs will surprise us when new ones come along and attack on surfaces that we do not yet expect. In this talk, I will be outlining the latest trends of security practices in Kubernetes pipelines and talk through how we can utilize best practices in order to ensure safer deployments..
There is so much to think about with regard to cluster runtime security and your configuration pipeline. A good recipe helps you reduce the things you need to think about.
You will learn how to use quality OSS ingredients like Flux and Falco to serve a secure platform of gitops goodness the whole team will enjoy! You can rest easy in your gitops kitchen knowing no horrible geese (exploits, vulnerabilities etc) will burn your cookies.
In an industry that is saturated with tools, as security professionals, how do you address all the needs to secure an almost entirely new tech stack? How do you chose the best fit? How do you disrupt a mature or institutionalized traditional security controls program and drive adoption across an organization? How do you avoid confusing everyone when you finally share data coming from “All the things”?
A software supply chain is the series of steps performed when writing, testing, packaging, and distributing software. A typical software supply chain is composed of multiple steps “chained” together that transform (e.g., compilation) or verify the state (e.g., linting) of the project in order to drive it to a final product.
In today’s regulatory environment, organizations must stay on top of compliance requirements while modernizing to cloud-native Kubernetes, mitigates against security breaches through continuous automation. Organizations are using Center for Internet Security's Kubernetes Benchmark for assessments, and that does not need to be a manual process. Building DevSecOps pipelines that assess and remediate is essential for every organization who wants to build security into their DevSecOps CI/CD pipelines.
A talk to show different ways an attacker can gain access to a cluster due to missing security controls and poor app/service security. Will also demo what an "Attacker in a pod" can do, what logical steps does an attacker follows and how K8S security controls come into play during an ongoing attack
In this talk, based on learnings from real-world implementations with customers large and small, we will share common patterns for Kubernetes network policies, compare the extensions to the basic policy API available in Calico and Cilium (and when you would want to use them), and show how, with the help of some simple open source tools, you can automatically create a working set of policies for your application.